Java users may be familiar with the application's security issues, and recent government actions have highlighted them even more. A final order from the Federal Trade Commission that addresses potential problems. On March 29, the organization published a press release describing the gaps in Oracle's Java SE update plan. According to the statement, Oracle's updates didn't fully replace the older versions of Java on user systems, with consumers left unaware and at risk because of this.
In the new order itself, the Commission requires Oracle to take greater action in informing its customers that they may have older versions of Java installed without knowing it. This includes "Clear and Conspicuous" messages that make the gap clear, with targeted messages and further announcements on official social media channels.
Over the next three years, the company must also make the tools to uninstall available. The order itself doesn't terminate until 20 years after the most recent FTC complaint.
"This action follows a previous FTC statement from December 21."
This action follows a previous FTC statement from December 21, in which the Commission alleged Oracle was aware of the problem with its updates and did not take proper action on its own.
In that statement, Bureau of Consumer Protection Director Jessica Rich described the necessity of the company's improvements.
"When a company's software is on hundreds of millions of computers, it is vital that its statements are true and its security updates actually provide security for the software," Rich said. "The FTC's settlement requires Oracle to give Java users the tools and information they need to protect their computers."
All of this points to the inherent security issues that come with relying too much on Java. Moving away from Java reliance altogether by taking up a Javascript-friendly browser based terminal emulator is another way enterprises can find better security, as well as a less complex experience.