Java is used by 90% of the Fortune 500 companies, is the second most popular programming language on the planet. So why does Java prompt users to uninstall it?
All software contains bugs and vulnerabilities, so one method to limit the number of ways your computer can be attacked is to reduce the amount of software running on it. This is reducing the ‘attack surface’ of the device.
For systems with Java installed, when the periodic updater runs to look for security patches and new versions of Java it will not only recommend old versions are uninstalled but if Java has not been used for 6 months, it will recommend to the user that they uninstall Java completely from the device.
Old and obsolete software left dormant on systems represent a security debt that enterprise security managers ignore at their peril. Software that is not used should be removed in order to protect the network from any vulnerabilities present in that software. This is especially important for third party tools which are not included in the operating system monthly patch cycle and in-house developed applications.
You can manually list the software installed on a Windows PC, for example, using a tool like WMIC or employ a network software inventory tool to scan the network and identify all installed software on each endpoint.