Do I need Java or not? How do I know?
Dear Control Engineering: You’ve been talking about security vulnerabilities with Java, so I checked my system. I have an older version which is apparently full of holes. How do I know if I have any applications that depend on Java before I get rid of it?
That’s certainly a practical question, and one with a potentially complex answer.
The simple approach is to disable or uninstall Java and just see what happens. The number of applications that depend on Java has gone down, so that isn’t a far-fetched suggestion. If nothing changes, you’re done.
But, if you have an application that needs it, how will you know? When you run that application, it may send you an error message saying it needs that utility. Hopefully it has that degree of sophistication. On the other hand, it may not or the error message won’t be so clear. You might need to have a chat with the software vendor to sort it out. If you need to re-install Java, at least install the latest version provided it will work with your application.
If that approach is too scary, you can look at the list of all programs on your computer. If you’re methodical, go down the list and check item by item. You may have to contact the original vendor.
This brings up the most critical aspect of the discussion. One of the points that cyber security practitioners stress again and again is the importance of knowing what software is running or resident on your computer or larger control system. This recent Java controversy is only one example of a vulnerability buried in some kind of software platform. There have been countless others and there will be more. When a vulnerability is exposed, do you know if it affects you? Is there an old program still there that nobody uses and you’ve forgotten about it? You will know these things if you know what is installed on your machines down to the latest version number. If you don’t, you might not realize what holes are in your system until it’s too late.
Peter Welander, email@example.com
Also read: Cyber Security Vulnerability Assessment