You’re running what you’d consider to be a secure browser, and you always watch what you do with it in the belief that these actions ensure security. But what you didn’t know is that the Java plugin you added recently actually opens you up to a number of potentially dangerous exploits. How bad is it? Bad enough to where Sun Java is the most vulnerable plugin to use with your Web browser. Do I have your attention yet?
Two browsers, both with problems
It seems that the two biggest browser concerns are with Microsoft’s IE8 and Mozilla’s Firefox 3.6. These two browsers are the likely ones to be taken advantage of simply because of their numbers. Even better, all the person doing the exploit really needs to do is set up the hack to hit the right “useragent.” That’s it. The big gaping holes inside of Java will take care of the rest.
As things sit now, IE remains the major browser player here in the States while Firefox reigns supreme within the borders of Europe. Unfortunately, both regions are collectively at risk due to the nature of people being completely unaware of the importance of keeping their plugins updated and if not being used, disabled. The really sad part of all of this is that no one really needs to use Java in a Web browser anymore. Flash or Ajax provides most of the Web’s advanced functionality these days.
Leave Java on the desktop
I take no issue with Java at all. Despite the fact that Oracle has done squat to keep it as safe as it could be, I believe that Java has a firm place on the desktops for those who’d like to use it for locally installed applications. Again, no concerns there at all. But when you run something like Java in a Web browser, which acts as a portal to the world while trusting that Java is secure enough to fend off potential attack, well, it’s best to assume that sad story isn’t going to end well for anyone.