A bit off topic, but if you care about security DO NOT INSTALL JAVA to your computer. I'm JAVA free for the last ~5 years and I never really needed it.
Java's security track is horrible and it's quite popular target.
I think that is a bit extreme. I'd suggest rather than not installing Java at all just to not install/disable the browser addons that allow java applets to execute. This way the only way you are going to be executing anything Java is by downloading the .jar (or a executable wrapper) and running it.
To me if you have to download the .jar and run it then that is no different to downloading an executable and running it and should take the appropriate precautions as you would with executables.
There are plenty of legitimate Java applications out there that are used by a wide spectrum of people from gamers (minecraft) to enterprise developers (JavaEE, java application servers, etc.).
How is it extreme? The only time I've needed java is for minecraft. Luckily I'm not rocking windows so the chance of being hit by a 0-day is a bit lower (correct me if I'm wrong.)
But stopping the chance of having everything in your digital (and in the case of money, personal) life stolen because you clicked on a link FAR outweighs the benefit of playing minecraft imo.
Linux theoretically can get these problems, but because every Linux machine is different, the malware would have to be written to be cross-distribution. (ie: One may work in Debian, but not in Fedora / Red Hat... depending on how things work out).
It won't work on Red Hat, but the x86-specific 64-bit Debian was an attractive enough target for whoever wrote that one... I'm sure I can find a Red Hat Virus, Fedora Virus, Ubuntu virus, etc. etc. But they become increasingly rarer and rarer the fewer people use that specific distribution / OS.
I think you need to go back and read what you replied to.
Having Java installed but with Java disabled in your browser, like I suggested, means Java applets won't run in your browser at all. You'd need to download and execute the .jar or wrapper (which would be a executable anyway) which is no different from downloading any normal executable and running it.
Eclipse, Netbeans, IDEA, SoapUI, HermesJMS, Notes, SQLDeveloper, DB2 viewer. Chances are, if you're developing software you're going to use Java at some point
Oh of course. But the majority of virus' I've seen target windows specifically. So it is a bit lower when you're using something like Linux. But I just don't enable it :-)
This is a bit too much. Virus typically runs in EXE, why don't you get rid of all the executables in your computer?
Java's security track has been pretty good. In this case it's a signed applet that asked the user for permission to run. It's a classic case of social engineering.
It would be the same if an executable is directly downloaded and prompted for running. If you haven't got rid of all your executables on you computer, you probably will fall into the same trap.
To me if you have to download the .jar and run it then that is no different to downloading an executable and running it and should take the appropriate precautions as you would with executables.
There are plenty of legitimate Java applications out there that are used by a wide spectrum of people from gamers (minecraft) to enterprise developers (JavaEE, java application servers, etc.).