Following the recent bout of security holes discovered by watchdogs, Java is now on the spotlight for providing a patch (meant to fix the bugs) that has its own vulnerabilities.
Being one of the most exploited program, security specialists are agreeing that it is too much of a risk than a benefit and that most of the users do not really need Java anyway.
Because browsers and operating systems themselves are getting difficult to penetrate, crackers are getting creative in their schemes and will focus their attention on the weak links of the chain, which are the end-users and the third-party add-ons of browsers. On the case of the latter, Java appears to be one of the most utilized vehicle for fly-by attacks that can be done through tools that are easily acquired online.
Although Oracle (and Sun) has regularly released updates and patches to address issues on Java, it’s not a certainty that their end-users really update installations on devices and computer units where the program is installed.
Unfortunately, many web services and programs rely on Java to work so you will have to do a workaround for them. It is suggested that you install Java on a virtual machine instead to keep it away from your actual system.
Java does not come bundled with major operating systems today. Letting the old versions of any web-connected program up and running in your computer is a very risky thing.
It doesn’t really translate as a widespread disaster for Java is not as popular on websites as before; a typical web surfer rarely encounters it. So all you have to consider, really, is if you need it that badly and if the benefit you will get from it could outweigh the risks that comes with it.