Java vs Javascript

Many thanks must go to Mark Hodgkinson over at Aspire IT Services for giving us permission to use their excellent article on Java vs Javascript for our clients.

Java vs Javascript

As you are probably aware, lots of people, are advising you to turn off Java in your browser for security reasons.

Some people are worried that turning off Java also turns off JavaScript.

Most modern websites make heavy use of JavaScript, so these people are worried that sites such as Facebook, Twitter, etc, will be pretty much useless if they follow our “turn Java off” advice.

So, let us clarify:

Java and JavaScript are completely different Turning off Java will not turn off JavaScript

They’re configured separately.

The converse is true, too. If your aim was to improve security by turning off Java, turning off JavaScript instead will not have the desired effect.

Apologies if you already know this. But the names are a bit confusing.

I’ll keep this article short and simple by not going into too much detail about the differences here.

JavaScript

Suffice it to say that JavaScript is generally built in to your browser, and is used to control the look, feel and function of web pages displayed inside your browser. So you can think of it as part of your browser.

That doesn’t mean there aren’t security risks from JavaScript. There are, but they’re different to the ones posed by Java, and they’re generally fixed or patched directly by your browser vendor.

JavaScript is very commonly used in modern websites. In fact, you won’t get very far without it on many of the popular sites out there.

So we are not recommending that you turn JavaScript off in your browser.

Java

On the other hand, Java, made by Oracle, is a software package installed separately from your browser.

It can be used for creating and running all sorts of regular-style software: web servers, code editors, word processors and much more. These are called applications, just like any other application such as Microsoft Word.

Java also provides a plugin system that allows stripped-down Java programs called applets to run inside your browser. They aren’t integrated with your browser like JavaScript programs, and their security generally depends on the Java system itself, not on your browser.

Java applets used to be fairly common, but (mainly through the rise of JavaScript) they are now are used rarely, or not at all, on most of the popular websites out there. In fact, you probably won’t miss much without applet support. For example, Facebook games don’t make use of Java.

Nevertheless, there have been several recent and widely-abused bugs in the applet part of Java that make your browser insecure.

So we are recommending that you turn off Java in your browser.

And that’s it.

A warning

By all means, turn off JavaScript if it suits you.

But let me reiterate: we aren’t recommending that. And if you do, you won’t get rid of Java, which is probably what you want.

So – do you still have Java turned on in your web browser?

If your answer is “Yes” or “I’m not sure” then it’s time to take action.

Right now, cybercriminals are aware and exploiting serious security flaws in Java that could lead to your computer becoming infected by malware.

Here then are some simple instructions on how to disable Java in your particular browser.

So, what are you waiting for?

Isn’t this just a storm in a coffee cup?

No, it isn’t.

Time and time again we’re seeing examples of cybercriminals exploiting flaws in Java to infect innocent users’ computers.

For instance, earlier this year we saw more than 600,000 Macs infected by the Flashback malware because of a Java security flaw.

In fact, it has become increasingly common to see malware authors exploiting vulnerabilities in Java – as it is so commonly installed, and has been frequently found to be lacking when it comes to security.

Cybercriminals also love Java because it is multi-platform – capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux.As a result it’s not unusual for us to see malicious hackers use Java as an integral part of their attack before serving up an OS-specific payload.

Again many thanks to Mark of Aspire IT Services for his permission to publish such an important article.