A new, in-the-wild Java exploit caused a few anxious days while we waited for an update.
Although the update is now available, the real decision is whether you really need to have Java installed!
A quick test checks whether Java is current
The most recent Java exploit is already in use by malicious hackers, according to a recent FireEye post. I strongly recommend you take a few minutes right now to run the official Verify Java version test (site) to ensure you have the latest release. If you’re not current, the test ends with a download link for the newest version — Java 7 Update 7. (During the update process, make sure that you uncheck any tool bars or add-ins that try to tag along. The same goes for the most recent Flash update.)
If you don’t have Java installed, the test displays the same download-Java offer. Ignore it — you can most likely live without it.
An Aug. 30 Microsoft Malware Protection Center blog suggests disabling Java plug-ins for browsers. But Java reminds me of a Canadian-based home show where the two hosts battle to see whether homeowners will keep their house or decide to sell it. Java is like the house: if you’re not actually using it, you’re better off dumping it. (Fortunately, it’s quite a bit easier to walk away from Java than from a house.)
I suggest going into Windows’ application removal tool (Programs and Features in Win7) and removing all Java installs you find. (Sort by application name.) Also remove or disable Java plugins in all installed browsers.
In IE and Firefox, plugin management is in Tools. For IE, it’s Manage add-ons; in Firefox, it’s simply Add-ons. For Chrome, it’s easiest to enter chrome://plugins/ into the Web address/search box. (Chrome’s plugin manager notes whether critical plugins are current, and its advanced setting lets you block/allow plugins for specific sites.)