If your plug-in is out of date, updates are free to download and install.Knowing if your computer actively uses Java for other applications, however, is a little tougher.Second, if software that an organization depends on was written using older versions of Java, upgrading Java may cripple or altogether disable that software.Third, many users aren't aware that Web browsers are configured with Java plug-ins enabled, which makes them susceptible to drive-by malware attacks targeting older versions of Java. (Java shouldn't be confused with Java Script, an unrelated language used for enabling features on web pages.) At one time, Java was absolutely necessary if you wanted to be able to use your computer for, well, just about everything. A growing number of security experts recommend not installing Java if you don't already have it, and perhaps even getting rid of it if you do."This makes Java exploitation as simple as it gets, even if the attacker has no technical skills at all." The big problem is that Java installations aren't being patched, Carey said, which is a problem that can be traced back to three main issues.First of all, organizations are often unaware of the security implications of not patching their software.I hope you don't find my question naive, but do I even need it?If I choose not to update it, will it leave my system crippled somewhere or possibly vulnerable to anything? Occasionally I get a prompt to update Oracle Java on my computer with Windows 7 and since this has been a regular routine for my system to update like Adobe Flash player or Adobe Reader, I have always without a thought just followed the prompt and updated it, never questioning it as to whether I even need this at all.
If you're still concerned about security and Java, the easiest way to see if you are susceptible to Java drive-by attacks is to visit Rapid7's It'll tell you right away if your Java's up to date.
"There have been some pretty interesting applications developed in Java," Baumgartner said.