Menu

Security

94 percent of Java users vulnerable to exploits

java-logo-130110

 Oracle

Java is such a ubiquitous system that it's almost impossible to be active online and avoid it. It's a shame, then, that it's also one of the most easily exploitable applications on the Web. If you use Java, then statistically speaking, there is a 94 percent chance that you are open to a particularly nasty hack of one kind or another.

Websense, a company that provides online security solutions, analyzed common security vulnerabilities in different versions of Java. The findings were troubling for those who want to keep their systems safe: Between 60 and 94 percent of Java users are vulnerable to the Cool, Gong Da, MiniDuke, Blackhole 2.0, RedKit and CritXPack exploit kits, bundles of malware that attack Web browsers.

While these hacking tools vary in scope, they all play havoc with the user's computer. Cool (by far the most common kit) sends fraudulent requests to steal credit card information. MiniDuke can copy or delete files from private directories. Others can monitor online activities, share information without permission or further compromise security by downloading additional exploits.

If you have the latest version of Java, you have little to worry about, as only about 5 percent of exploits target it. Most users, however, are stuck on older versions, which are far more open to attack. In fact, more than half of Java users have not updated in the last two years. Oracle, the company that produces Java, offers no support for these archaic versions of the program, making their users into easy prey.

Aside from updating to the most recent version, there are a few ways to stay on top of Java vulnerabilities. While the program is absolutely necessary for a variety of applications from the Adobe Suite to "Minecraft," relatively few websites rely on it.

You can disable Java entirely without losing out on too many online applications. Accessing the "Options," "Preferences" or "Settings" menu section in your browser of choice, then looking for "Plug-ins" or "Extensions" (sometimes located in "Advanced Options") will allow you to turn off Java. [See also: 8 Security Basics the Experts Want You to Know]

More advanced users can micromanage Java applications as well. In addition to disabling Java, most browsers allow users to create exceptions for safe sites that require it. Even though Java is a relatively vulnerable program, most unsafe exploits come from unsafe sites, not Web pages in an average user's everyday routine.

The unfortunate truth is that you can't access everything on the Internet without Java, and you can't be completely safe with it. Nevertheless, you can minimize your risk with a few simple steps, and that will set you apart from 94 percent of more easily exploited users.