It’s an interesting story because it is only the second time the DHS has asked people to remove/disable software. The previous time being a version of Microsoft Internet Explorer (big surprise, right?), until it was fixed. Java has a long storied history which I went over a little in my post Why So Many Programming Languages?. It seems most people who use Java aren’t aware they are using it.
It’s relatively rare to come across a website that requires Java. I’ve run into it the most when a video wanted to play and Chrome asked me if I wanted to give it permission. I don’t know why anyone is using Java for this purpose when there are so many lighter alternatives available. For the time being, if you run across one of these the prudent thing to do would be to deny the website permission because even though you may trust the website you are visiting, you can’t know if they have been compromised.
What I’m interested in with this mess is, what it will do to the Java brand? Until today, many people were unaware they were using Java at all, so now they are being hit with this message of the Department of Homeland Security says your computer may be vulnerable because of a piece of software called Java that you didn’t even know you were running, and we don’t have a fix for it yet.
Despite once being on the brink of extinction when it failed to take hold in the browser, Java is still important. If you have an Android or a Blackberry phone, you use it everyday- all of your apps are built on it. But as far as I can tell from what I am reading, you’re probably pretty safe. I don’t know the technical details on this particular vulnerability, but Android apps run in a very tightly secured environment (each runs as it’s own linux “user” under the Android operating system), so it’s likely they would be stopped before doing anything too destructive.