Due to numerous complaints from security providers and experts around the world, based on the vulnerabilities presented by the service, Oracle puts a bullet in the head of its Java plugin. Even if this will be taken into effect in future installments of the Java Developer Kit, starting with JDK9, this news made experts rejoice nonetheless.
This decision will effectively force corporations using JDK to update their software security protocols, making the jobs of security providers much easier in the process. This updated version will be included in Oracle’s future releases of the Java SE.
But the company somewhat circumvented the announcement, claiming instead that this decision stemmed from the fact that more and more companies are adopting new technologies regarding web plugins. Google, Microsoft and Firefox have already announced dropping support for Flash and Silverlight due to security reasons. With some of them already prohibiting their use.
From now on, plugin developers that relied on Java Applets, which were based on web-browser integration, to switch to more updated methods of development. One of the tools proposed by Oracle was the Java Web Start that is completely plugin-free, leading to a much more secure environment.
The old Java plugin was considered to be a major hindrance to both security experts and computer users. In some cases, following a day 0 attack, a plethora of devices were left undefended in the face of various hacking attempts and attacks.
For instance, in the year of 2013, a new type of attack that took advantage of Java’s low-security levels. This hack was named ransomware and it was based on blocking the user’s access to his hard drive entirely, asking for monetary funds in order to allow one to access their files once again. This event led Apple to eliminate Java plugin support from its Safari browser, eventually removing from all services.
The same move was made by Firefox as well, blocking plugin access and utilization altogether for more or less the same security reasons. True, the browser still allowed users to enable plugin access from an option setting if they wished to do so, but the move towards Java dismissal became much more cemented in reality. Even the Department of Homeland Security strongly advised against the use of Java plugins, warning the general public to immediately disable the plugin in order to quell any hacking attempt.
The fact that Oracle puts a bullet in the head of its Java plugin will not impact normal everyday consumers by any significant margin because most browsers have already eliminated this plugin’s support. Just a couple of websites still require plugin support in order for users to access them.