Java has been annoying me lately by frequently popping up saying I need to update but when I do it says I've already got the latest version. Also I've been having problems with "conduit". I think I finally got rid of the conduit nagging popups yesterday but this morning Java popped up again. I tried to read and understand the details of how it worked but being computer illiterate I don't really understand it. I googled "is Java safe" and saw a lot of older posts about it causing a lot of problems in 2013. That it's targeted by producers of viruses to enter our computers. From my perspective it takes a computer genius to keep a computer safe and even then there are other geniuses from the dark side that can overwhelm them.
So update or turn it off, that is the question?? I have windows 8 if it matters.
It usually has a virus program pre-checked, which it will load if you don't uncheck it.
In general, I think the recommendation is still to keep it turned off in the browser as Java had a bunch of security holes that were actively exploited. Oracle pushed out a bunch of releases to fix those issue so it may or may not be safe to enable it again. That said, I'm not sure I'd trust any website that is still using Java plugins in 2014, there really isn't much need for them anymore.
There are some websites that have a virus popup telling you that you need to update your java. One I know of is a misspelling of facebook. Any other sites? Stay off the pron. 
Java, the runtime engine/jdk and programs written in it that you have to initiate yourself are as safe as any executable that runs on your computer.
The issue is java enabled in your browser - like Boxhead said. So... turn it off in your browser. If you get to content you trust that complains that it needs it - decide then if you want to turn it on to view/interact. FWIW, this isn't just limited to java - these same problems exist with any plugin that can escape from the browser container to execute. Java just made a big splash because Oracle was involved (we do love to trash those shiny happy people when they berkeley up!) and didn't act as quickly as they should have.
If you don't need it, uninstall it. It's a top infection vector as you found out.
If you do need it, by all means keep it updated. Uninstall any Java versions you have on your computer first (for v6 and earlier, older versions aren't automatically removed) and then install the latest.
I use the NoScript extension for FireFox to disabel Java scripts on all websites by default and then I can selectively turn on the necessary scripts to let the site function without annoying ads or worse, malware.
The Ad-Block extension is also pretty nice to block ads (though I whitelist sites I like and want to support, like GRM).
turboswede wrote:
I use the NoScript extension for FireFox to disabel Java scripts on all websites by default and then I can selectively turn on the necessary scripts to let the site function without annoying ads or worse, malware.
The Ad-Block extension is also pretty nice to block ads (though I whitelist sites I like and want to support, like GRM).
Java is not the same as JavaScript. It is an unfortunate similarity in two completely different execution/runtime environments.
NoScript can block both - but from the way you typed "Java scripts" it seemed like I ought to post the distinction. Disabling Java and JavaScript is two different actions - and JavaScript is by far and away more prevalent in legitimate use on the web.
True. I should have been more clear about that. FireFox automatically blocks the Java plugin and sets the Java SDK plugin to always ask before running. You need to go into Add-ons to change that if you need to run Java applets via a website.
Also if you update Java, you should remove the previous versions (unless you need them as some corporate web apps are very version specific, which makes my job challenging at times.) since Java won't automatically remove the previous versions.
Yes, the program Java is safe. ActiveX is a dirty little whore who lets anyone in.
Java is a sandbox program, similar to Apple/Mac operating systems. Where ActiveX is more open to the world and is an easy back door into your PC. So yes, if Java asks to update (like after you boot your PC not from a web browser) then update it as it's going to apply the latest security and runtime updates.
