The U.S. Department of Homeland Security urged computer users to disable Oracle Corp’s Java software, amplifying security experts’ prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.
Hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of computers that can be used to attack websites.
“We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s Computer Emergency Readiness Team said in a posting on its website late on Thursday.
Experts believe hackers have found a flaw in Java’s coding that creates an opening for criminal activity and other high-tech mischief.
Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer’s operating system.
Oracle Corp. bought Java as part of a $7.3 billion acquisition of the software’s creator, Sun Microsystems, in 2010.
Oracle, which is based in Redwood Shores, Calif., had no immediate comment late Friday.
“For versions of Java older than Java 7 (which you shouldn’t be running anyway), the de-Javafication process for Internet Explorer involves editing the Windows Registry,” he notes. ”If you don’t know what that is, don’t do it. Instead, stop using Internet Explorer entirely.”
Wagenseil says that ”Unless you use Java professionally such as by developing Web or Android apps, updating a Website or using Adobe’s Creative Suite software package you don’t really need it.”