Installing Java on a Linux desktop is not hard, but the situation is needlessly confusing. Here’s how I do it, and why I do it that way.
Java was originally developed by Sun Microsystems (now Oracle), and their version continues to be the de facto standard. It is, nonetheless, a poor choice for the average user. Oracle prohibits distributions from carrying it in their package managers, so it cannot be automatically kept up to date — a dangerous situation given that Java is a popular attack vector. Nor does Oracle provide an RSS feed, mailing list, or any other means to be informed of new updates.
Additionally, Oracle’s Java bundles browser plugins with the main runtime environment, and enables them by default. This is dangerous: Java is a frequent source of vulnerabilities, and the web is full of compromised websites with malicious Java code. Visit just one of those sites with a Java plugin in your browser, and consider yourself compromised.
These problems are addressed by OpenJDK, a fully open source Java. The current version, 7, is considered by Oracle to be the reference implementation of Java. OpenJDK is carried in most distributions’ package managers, and offers browser plugins as a separate option.
As of this writing, some distributions still carry the older version 6 of OpenJDK as well as the current version 7. Unless you have reason to do otherwise, use version 7.
INSTALLING THE RUNTIME ENVIRONMENT
In your package manager, search for “OpenJDK”. You will probably see several packages; select the one described as the runtime environment. Different distributions will call this by different names, so read the descriptions. For reference, on Mageia 2 it is called “java-1.7.0-openjdk”.
OPTION: INSTALLING THE BROWSER PLUGINS (not recommended)
If you need browser plugins, most distributions package them separately under the name “icedtea-web”. Before doing so, consider very carefully the security implications of having a Java plugin in your browser. Most users are better off without it.
Close and reopen your browser. Then test the plugin at javatester.org. Plugins must be enabled for that site, naturally. Repeat this test in each browser you use. Be aware that both testers assume you are using Oracle Java, so Iced Tea users should ignore spurious messages that their release is out of date.
FILES, DIRECTORIES, AND BACKUP CONSIDERATIONS
The directory ~/.java/ is created upon the first use of Java, and can be excluded from your backup routine.
If you use the icedtea browser plugin, the directory ~/.icedtea/ is created upon the first use of the plugin, and can be excluded from your backup routine. By default errors are logged to ~/hs_err_pid*.log; these logs can also be excluded.
Installing a Java application on your Linux box is easy.
As I hope I have already made clear above, Java is a frequent source of security vulnerabilities. Only install it if you have need for it, and remove it promptly if that need ends. This is doubly so for the browser plugin. Unless you have an unusual, mission critical need for the browser plugin, you will almost certainly be better off finding alternative web services that do not require it.
Java on Linux is dated but provides good background information
Oracle Java users will want to follow Michael Horowitz, who announces Oracle Java updates and security news on his blog, RSS feed, and Twitter account.
How to be as safe as possible with Java