Time To Disable Java

From Dave McClure's Bleeding Edge blog.

This is late January, that awkward period when tax season looms but is not quite here that is very similar to watching the afternoon sky as a snowstorm approaches. And much like the approach of a winter storm, the approach of tax season calls for some last minute preparations to make life easier in the days ahead.

In terms of computing technology, this means disabling or removing Java from all of your office computers, both PC and Mac.

Java is an interesting and effective programming platform developed by Sun Microsystems and now owned by Oracle. It gained early prominence as a web platform because it could so easily be used for multiple computing platforms (Mac, PC, Unix, etc.) and was elegantly designed to memory management and a small operating kernel, making it suitable for devices of every size. There is a good chance that not only your PC but your smartphone makes use of Java.

On the desktop, it is most often associated with animation and other features, such as its use to illustrate upload and download speeds in most tests of Internet connections.

Last year, however, major security flaws were found in the latest three versions of Java. These flaws enable a hacker to set up a phony web site (that looks real) and exploit the flaws in Java to penetrate your machine and/or network. Oracle responded with an upgrade patch that was supposed to fix the problems, but as is often the case only opened up new flaws.

Now, to make it worse, there is a phishing scam circulating that claims to be yet another Java upgrade but is in reality a piece of malware. Discovered by Trend Micro, the malware doesn't exploit any Java vulnerabilities -- it infects a computer and takes control of it.

All of which is interesting to network engineers and geeks like me, but carries an altogether different connotation for an accounting or tax firm about to head into the busiest season of the year. Security headaches and malware are the last thing needed in a mission-critical computer system at the office.

The solution is to simply uninstall Java, which should not be needed to run any accounting-centric software. By the time tax season is over, Oracle should have the mess straightened out.

One note: while I am not aware of the use of Java in any tax or accounting software, it is possible given the program's popularity over the past two decades. Before uninstalling or removing Java, you may want to make a quick call to tech support to confirm that your software will work.

Removal is relatively easy. On a PC, click on the start button, click on Control Panel, click on Programs and Features, and remove anything that says "Java." Under Windows 8, this is a little more complicated in that you will need to click or swipe the right side of the screen, then click on Settings, Control Panel and Programs and Features.

On the Mac, Click on the Finder icon located in the dock, then on the Applications Tab on the sidebar. In the search box, enter JavaAppletPlugin.plugin to find the file, and select Move to Trash. Note that you must have administrator privileges on the machine to do this.

The last thing a firm needs going into tax season is to lose control of the office computers or have client data compromised. Spending thirty seconds uninstalling Java is a prudent step for today.