In the wake of popular Internet browsers Chrome, Firefox, Edge, and Safari ceasing NPAPI web plug-in support, Oracle has finally accepted that its troublesome Java plug-in is dead and gone, announcing the end of its Java browser plug-in. This is a cause for celebration—a Cisco report from 2014 concluded that 91% of all malicious attacks we targeted at Java, due its huge security vulnerabilities.
In other words, that periodic pop-up that obnoxiously reminded you to update Java will be gone for good.
Improvements have been made since then, with a recent 2015 mid-year report suggesting that Oracle has successfully reduced its vulnerabilities and improved overall security even if Java remains a major inconvenience. Ironically, while attacks against Java declined, those against Flash rose steeply.
Oracle announced in a recent whitepaper that it will deprecate the Java plug-in when the next version launches on September 22, before altogether removing it in a later update. The company stated that the decision to ditch Java was triggered by the “rise of web usage on mobile devices,” and consolidating efforts undergone by the likes of Google, Mozilla, Microsoft, and Apple to offer the similar feature support for desktop and mobile browsers.
Chrome has already phased out Java support, with Mozilla following suit. Internet Explorer 11 still supports it from within.
“With modern browser vendors working to restrict and reduce plugin support in their products, developers of applications that rely on the Java browser plugin need to consider alternative options such as migrating from Java Applets (which rely on a browser plugin) to the plugin-free Java Web Start technology.”
Partially responsible for Java’s poor security was the lack of explanation of an automatic security update process and a broken sandbox model that wasn’t working as intended. Interestingly, the company did not touch upon this in the address.
If you don’t explicitly need Java, you may as well uninstall it. If you’re unsure whether you need Java, you probably don’t need Java. Oracle advizes services that rely on the Java browser plug-in to investigate “plug-in free alternatives.”
Alas, the Internet can rest assured that it’ll temporarily remain safe until hackers find a new avenue to exploit.
Source: ExtremeTech
Advertisement
Learn more about Electronic Products Magazine
