Java: More than the usual cup of coding coffee

Susan Bradley

In this week’s Top Story, “Security alert: Remove Java from your browsers,” Woody Leonhard discusses why and how you should remove Java from your browsers.

PC users conflate Java with JavaScript, and while both are vulnerable to malware attacks, Java is the more vulnerable of the two. Here’s a quick tutorial on Java.

Java and JavaScript: Shared name, different code

What’s the difference between Java and JavaScript? In a recent webcast (which talks about a JavaScript threat in IE), Microsoft MSRC Program Manager Dustin Childs stated, “Java is to JavaScript as Ham is to Hamster.” More specifically: though both are programming languages, Java is used to create applications; JavaScript is used primarily as a scripting language within programs and webpages. As noted in the Wikipedia JavaScript page, JavaScript adopts “many names and naming conventions from Java, but the two languages are otherwise unrelated and have very different semantics.”

From a malware-prevention perspective, the distinction between the two languages is important. It’s Java that we’re regularly updating on our PCs (if we have it installed). But even with the most up-to-date version of Java, we’re still vulnerable to malware attacks, as reported in an ISC Diary blog post.

JavaScript is still frequently used for creating dynamic, interactive webpages. Java, on the other hand, is used by fewer and fewer applications. I use only two applications that rely on Java: one is a Dell DRAC card, used to remotely access servers; the other is software used to adjust and configure some D-Link webcams. Neither application is critical to my day-to-day computing.

The ultimate cross-platform application language

Many developers love Java because they can code an application once and run it on a wide variety of platforms. You’ll find Java on Windows, OS X, Linux, and Android devices. According to Oracle, it’s also found on many dedicated devices such as cable boxes, DVD players, and routers — even ATMs and parking meters. (It’s not natively supported in iOS.)

“Code once” doesn’t mean never update. As with browsers and other apps, staying as secure as possible means always updating to the latest Java. If you have a bank or other financial institution that demands a version prior to Java 6, you really need to question that firm’s security stance — as well as its concern for your financial assets. Contact the firm and ask someone why they’re not protecting you as well as they should. Even a Java help page recommends:

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2013-01-24:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.