Oracle Java: Just say no?

Java. I do not like it, and I never have. Originally, back when Sun Microsystems owned it, I disliked it because the user interface of applications written in it did not match the "look and feel" of native applications, making for a rather visual jarring experience. Then there was the performance issue of the Java based application having to run through an interpreter in order to run.

Now that Oracle owns it, my problems with Java are security related. I would have assumed that Oracle has some of the most talented and qualified software developers there are, but apparently not. Every single version of Java that they eventually release has major security flaws, and to make matters worse, Oracle intentionally lets them stay that way for months on end because they apparently cannot be bothered to

  • validate their product for such issues
  • interrupt their glacially slow development cycle to issue critical security updates
  • care

There was a serious flaw discovered last November - three months ago - (I no longer remember what it is) and Oracle did two things: They acknowledged the flaw and then stated that they had no plans to fix it until their next release, in February. By contrast, Microsoft issues security patches at least once a month (on Tuesdays) via Windows Update, but if the issue is severe enough they'll issue it immediately, out of sequence.

Today, I saw a notice of another one (or maybe it's really the same one, the articles I've seen on it do not specify). But apparently it's so bad that the US Department of Homeland Security has gotten into it, advising computer users everywhere to disable Java in their web browsers.

Mozilla, makers of the Firefox browser, has activated a remote security feature in Firefox to automatically disable the Java plugin (when Firefox checks for updates to itself or installed plugins, this will get activated). Apple reportedly is doing the same thing with their Safari web browser.

Me, I've gone beyond merely disabling it in my browser, I've already uninstalled it, and unless this breaks my ability to use things I have no plans on ever reinstalling it.

My source information for this opinion article consists of these articles:

Experts urge PC users to disable Java, cite security flaw

U.S. warns on Java software as security concerns escalate

Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B


Oracle has stated that they will fix this, but declined to say when.