Plug Finally Pulled On Oracle’s Java Plug In
The worst kept secret of plug in history has finally been announced.
Oracle, responsible for the increasingly vulnerable and obsolete, Java plug-in, announced they are ceasing to include the plug in, in the next Java update, JDK 9, expected this coming September.
Once integral to the running of computing systems, the Java plug-in is now seen as a huge weakness and is regularly targeted by hackers, Oracle it seemed, were eventually forced into hammering the final nail into the Java plug-in after many of the top browsers (Google, Firefox, Internet Explorer etc) each withdrew their support for the ailing plug in.
In a white paper released to developers at the end of January, Oracle announced that 20 years after being created plug ins have become obsolete as a result of the tech world’s evolution and web usage is now increasingly mobile orientated.
The Oracle statement read “The rise of web usage on mobile device browsers, typically without support for plugins, increasingly led browser makers to want to restrict and remove standards based plugin support from their products, as they tried to unify the set of features available across desktops and mobile versions.”
The statement also explained that plug ins were the industry standard before browser access adapted to become the norm, but as soon as browsers began to evolve and their usage became more user friendly, the death knell had been sounded for the plug ins.
Without widespread industry support, the Java plug in was effectively dead in the water, mobile phones don’t need java updates and as programmers (and hackers) become more sophisticated, Java plug ins rather than being beneficial to the running of computers become a hindrance. A beacon to all hackers to attack of their own free will.
Not everybody is happy with the drastic decision though, developers of applications reliant on the plug in system have been offered this advice on the same white sheet. “Oracle does not plan to provide additional browser-specific applets for each browser they wish to support. Moreover, without a cross-browser API, oracle would only be able to offer a subset of the required functionality, different from one browser to the next, impacting both application developers and users.
Plug ins have always been at risk of cyber attack and any opportunity to remove unnecessary plug ins can only be seen as beneficial to the future security of computing systems Craig Williams senior technical leader at Cisco’s Talos Security and Research Group Speaking to Tech World News explained “By removing plug ins from browsers, we remove this attack surface, making all users more safe from both known and unknown zero-day vulnerabilities.”