Java Installation and Security
Do You NEED Java?
Java is necessary only for certain features of LibreOffice, Apache OpenOffice and perhaps to allow other software to run on your computer.
Java, along with Flash and Adobe Reader, has been known to make Windows insecure for some time. Mac and Linux users now share that vulnerability.
Remove Java if you don't need it. If installed, be sure to frequently update it and to uninstall older versions.
Oracle has released a massive Critical Patch Update (CPU) for July , addressing 334 security vulnerabilities covering a vast swathe of its enterprise portfolio. Of the 334 vulnerabilities covered this month, 61 are rated critical, with a CVSS rating between nine and 10. — ThreatPost
Future Browser Support Deprecated
Oracle has deprecated all support for browser plugins starting with version 9 (released in September 2017 and no longer supported).
If installed, I recommend disabling the Java plugin in your web browser — enabling it ONLY for trusted sites. See Java browser plugin recommendations.
Update Java Regularly
Update Java whenever updates are available. These releases fix security flaws in Java.
Version 9 & Later Not Supported in Browsers
Version 9 removed all support for browser plugins, primarily because the major browsers no longer support them, largely a result of the rapidly growing mobile market that never supported Java.
Avoid Third-party Software
Prevent Java Updater from installing third-party software.
- Open the Java Control Panel: Start ⇒ Control Panel ⇒ Java. If you see categories in the Control Panel, look for Java in Programs.
- Click on the Advanced tab.
- Scroll down to the Miscellaneous section at the bottom and place a check mark in “Suppress sponsor offers when installing or updating Java.”
If you uninstall Java, this setting will be removed, but as long as you de-select any optional software when downloading new Java versions and check during installation you shouldn't see third-party software installed on your system.
Uninstall Older Versions
I recommend uninstalling all previous versions of Java when updating. Old and unsupported versions of Java are a serious security risk and can leave your system vulnerable.
Uninstalling older versions of Java from your system ensures that Java applications will run with the latest security and performance improvements on your system. —Oracle
Java Updater May Not Remove Older Versions
Java's updater may not automatically remove all older versions, leaving your system vulnerable.
Oracle provides instructions for uninstalling out-of-date Java versions.
I recommend that you manually verify that older versions have been removed from your system.
Uninstall Option During Update
During installation of a new version, you should see the option to uninstall older versions:
Uninstall Java when Updating
To secure your computer I recommend that you manually uninstall all current versions, cleaning out any remaining Java-related AppData entries before installing the most recent version available so you're running only the most recent version.
Manually Checking for Older Versions
Alternatively, you need to check to see if option to uninstall older versions has removed all older versions.
In either case, I recommend cleaning up the Java folders in AppData.
Cleaning Up AppData Java Folders
You need to be careful when following the instructions in this section. You can seriously harm your Windows installation if critical files are removed.
After running Java's Uninstall Older Versions option, I still found an obsolete Java version in the Sun AppData folder:
This image if for illustrative purposes only. When this image was captured Java 8 Update 51 was the current version but is now obsolete.
Cleaning Up Java Folders in AppData
Be sure you've either uninstalled Java (all versions) or have run the option to uninstall outdated versions before proceeding.
Like most Windows programs, Java keeps data in AppData (in folders labelled Oracle and Sun in the LocalLow folder).
To clean up obsolete Java folders, follow these instructions:
- Navigate to the Java folders by opening the AppData then LocalLow folders.
- Look for the Oracle and Sun folders and delete the appropriate folder(s):
- If you've uninstalled Java completely, you can delete both the Oracle and Sun folders.
- If you've only removed outdated versions, open the Sun folder then delete any folders containing older versions that is present (the jre1.8._45 folder in the above example).
The AppData folder is located in C:\Users\[user]\AppData. Navigate to the C: drive then open the Users folder and look for a folder with your user name. Inside you'll see the AppData folder (if you've made hidden files and folders visible).
Windows 10 users can use File Explorer to view the AppData folder. Windows 7 users can open their User folder (often located on their desktop) to view the AppData folder:
AppData Hidden by Windows
The AppData folder is normally hidden by Windows.
- Windows 7 users can change this in the Folder Options in Control Panel to show hidden files, folders and drives in the View menu.
- Windows 10 users can change this in File Explorer Options (search for “File Folder Settings”). Check “Show hidden files, folders and drives” in the View menu.
Firefox & Java Security
Browsers No Longer Support Java
In current versions of Firefox, NPAPI-based plugins other than Flash are blocked. This includes the removal of support for Java.
Beginning in Firefox version 52 released March 7, 2017, installed NPAPI plugins are no longer supported in Firefox, except for Adobe Flash. Some of the plugins that will no longer load in Firefox, even though they may be installed on your computer, include Java, Microsoft Silverlight and Adobe Acrobat. — Mozilla Support
Oracle Stops Support for Browser Plugins
Most current browsers no longer support Java plugins and Oracle has responded by deprecated all support for browser plugins starting with version 9 (released in September 2017 but already obsolete).
Java 8 continues to be available, but will now be the last remaining version of Java available to consumers that will support browser plugins.
The functions these plugins provided is now primarily provided within the browser itself using HTML5 technologies but sites requiring Java or similar discontinued technologies will no longer work.
How to Use Java if it is Blocked
Mozilla support provides instructions on how to allow Java on trusted sites (e.g. for Pogo.com).
- This workaround will not allow you to run Java in Firefox version 52 or later.
- Opera is recommended if you need to run Java on sites like Pogo. Opera links to Java 9 which is no longer supported (download version 8 from Oracle instead).
- Internet Explorer 11 is the only other browser that may continue to support Java, but should not be used for regular surfing because it is both vulnerable and deeply tied into Windows.
I found Pogo's documentation for running Java was not current and didn't help with Firefox.
Update to the Most Recent Version
This the area most consumers should choose to download the latest version of Java specific for their operating system:
- Oracle's consumer Java site.
- Get the latest Java version.
- The Java downloads for all operating systems page has offline installers for various installations.
- You can test your Java installation on the Java verification page if your browser supports Java plugins.
Download More Recent Java Versions
The more recent versions of Java (currently Java 10) are available from Oracle and include JDK, Server JRE and JRE. Consumers should choose the JRE.
Note that these versions will no longer support browser integration.
Java for Windows
Windows system requirements are relatively minor: a Pentium 2 266 MHz or faster processor with at least 128 MB of physical RAM is recommended. You will also need a minimum of 124 MB of free disk space.
32- or 64-Bit?
Java support in browsers is fast disappearing even as the use of 64-bit browsers is gaining strength. Most browsers already block Java even if it is installed. Current Java versions (except version 8) will no longer support Java plugins within browsers.
However, Java is also used by programs like LibreOffice and OpenOffice for certain functions.
It is recommended that you install 64-bit Java on 64-bit systems; 32-bit otherwise. If you have both versions installed, you'll have to update both for security reasons.
It is safer to uninstall Java if you no longer require it.
Java for Linux
- How to install Java for Linux.
- See Java downloads for all operating systems for offline installers for Linux.
Java for Mac
Installing Java on the Mac has changed with the release of the newer versions (Oracle's Java version 7u25 and below have been disabled by Apple in OS X).
- Java 8 requires an Intel-based Mac running Mac OS X 10.7.3 (Lion) or later and administrator privileges for installation.
- See Oracle's Java downloads for all operating systems for offline installers for the Mac and the Mac download FAQ.
- Legacy Java 6 is available from Apple, but is not supported.