The Java browser plugin is notorious for being wildly popular among malware authors. The ubiquity of Java is not the only reason for this. Rather, the problem seems to lie more in the fact that a sizable chunk of its installed base consists of outdated versions, something that is often attributed to low awareness among users about Java itself and the threat posed by Java vulnerabilities. But according to F-Secure’s Mikko Hypponen, the only thing users need to know about Java is that they don’t need it.
Read more at:
Maximum PC | It's Time to Get Rid of Java, Feels F-Secure