Sorry, I haven't read all of what is above. Still, I have some comments on the Java security issue raised by Homeland Security. Please understand that I am in no way a Java expert, but I have spend a little time trying to piece things together. Please help if you can clarify/correct anything I have said.
First, I am running the latest version of Chrome on Win8--which does not have the Java plugin. I don't think you have a Java problem if you are not running the plugin in your browser. I am not sure which versions of Chrome don't have the plugin. For most surfing, site access tasks, etc., not having the plugin is of no consequence to me. Note that you often can simply disable (or uninstall) the plugin in at least some of the popular browsers. For Chrome, type in the browser address bar "chrome://plugins" and look for the plugin.
Next, apparently there is no Java problem in regard to the metro area of Win8. Per several reads.
Per Oracle/Java specifically: "
Microsoft Windows 8 does not support plug-ins in the Start screen and therefore Java will not run in the Start screen. You will have to switch to the Desktop screen to run Java." This quote does not confirm that a Java problem can occur only from the Win8 desktop, but that's true.
Edited to add info: Third, FWIW, there is no Java control panel in Win8 unless Java is installed by the individual (or, less likely, by the OEM)--i.e., Java is not installed when Win8 is installed. Some reads talk about controlling Java via this often non-existent panel
. If installed,Java, of course, should appear in Control Panel > Programs and Features. If installed, then it may not be enabled. See this link to see if you have Java installed, but not enabled. If not enabled, then the Java plugin will not run--which is what you may want to happen (i.e., not run, that is). The last link implies, for Win8, the the Java control panel may be hard to find if installed. Go figure.
Fourth,
IE 10 is not subject to the Java problem (also applies apparently to IE 9--many can upgrade to IE 9). But, this read says one should still do "the" Java update for IE 9 and IE 10, but I am not sure why and didn't care enough to try to figure out why. Earlier versions of IE are subject to the problem until patched. But, note that
Homeland Security says there still is a problem even given patching.
Next, doing Java working/not working test looks like a really bad idea since you have to have the plugin to do it. See snip.
Sixth,
The Java Runtime Environment should be a problem only if the plugin is installed. But, if you can disable the Java Runtime Environment, then plugin will not run. It's easier to disable the plugin. Some
Last, maybe,
Homeland Security identifies the problem being with "Java 7 Update 10 and earlier ...." But, the problem is with the plugin. The reference to "Java 7 Update 10 and earlier" pertains, I think, to the Java Runtime Environment as shown in this link I posted above. Homeland doesn't think that Java7 Update 11 has solved the problem.