Due to a recent security hole in Java, we recommend you take a moment now to uninstall Java from your PC. This issue is serious enough that your computer can be invisibly infected just by visiting a site and many people are getting infected as a result.
The Computer Emergency Readiness Team, part of the US Department of Homeland Security, first took the unusual step last week of issuing an alert, warning users to disable Java, saying the program could be manipulated by criminals to trick users into visiting malicious websites that could infect their computers with malware, or allow criminals to steal personal financial data on users’ PCs.
“This is like open hunting season on consumers,” said HD Moore, chief security officer with Rapid7, a company that helps businesses identify critical security vulnerabilities in their networks.
Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.
Oracle, the maker of Java, said on Sunday that it had released a security update fixing two vulnerabilities as well as switching Java’s security settings to “high” by default. This should make it harder for sites to infect your computer without your knowledge, but despite this security experts warn that several security critical security flaws remain. The recommendation for removal is based on a history of problems, and is probably good common sense given the issues over the last few years.
Java is used when you visit some specific web pages and is not required for normal web use. Very few pages actually require Java these days.
If you do need to use Java, we suggest you install it in Firefox and use the Firefox “Click to Play” popup to explicitly confirm you want to run any Java applet that page might contain.