Disabling Java

java

“Java is a plugin for web browsers that is installed on approximately 66% of all computers. However there are very few websites that still rely on the features that it provides, leaving those 66% of computers vulnerable to attack when the dated technology is exploited. This has unfortunately happened several times in the past few months.”  — Examples of why you should disable Java

All currently-supported versions of Java, including Java 5, Java 6 and Java 7, contain a bug letting attackers install malware on the system. 

Windows PCs and Macs are equally at risk.  The JDK7 version of the software is affected but it does not affect Java applications directly installed and running on servers, desktops, laptops and other devices.

Please note that this exploit refers to is regarding the Java browser plug-in. Stand alone programs written in Java (such as those packaged as .jar files) are okay, of course, considering you get them from trustworthy sources.

If you have the Java browser plugin and use any of these browsers, Chrome, Firefox, Internet Explorer, Opera and Safari then your computer is vulnerable.  Oracle says fix will be available shortly but in the meantime  here are is the answer to the question-  How to disable Java in my web browser?

Instructions for disabling Java in the major browsers were first found on the US-CERT (United States Computer Emergency Readiness Team) website.

Related articles

36 thoughts on “Disabling Java

      1. Thank you, TT. If I disable Java from the browser, say, Chrome, does one need to do anything else? I think I disabled from Chrome but the Java update is still asking to be updated. When I went into my the computer Java page, as directed, the disable check box, the disable box was not there. I hope this is making sense. Thank you again.

        1. That’s all you need to do ie. disable java browser add-ons. I’m being prompted as well but I just click the “x” and ignore the prompt. Until the security holes are patched I won’t click to update.

    1. Hi Mark,
      Oracle released Java 7 Update 11 in January as an emergency security update in order to block a zero-day exploit used by cybercriminals to infect computers with malware. However, researchers say it contains new holes. http://www.pcworld.com/article/2025797/oracles-java-patch-contains-new-holes-researchers-warn.html
      On February 1, Oracle pulled the trigger early on the February release, which had originally been scheduled for February 19, due to a serious vulnerability that affected Java at the browser level. Oracle isn’t done releasing patches for Java SE this month, as another batch will arrive February 19, according to a company blog post. https://blogs.oracle.com/security/entry/updates_to_february_2013_critical
      http://www.pcworld.com/article/2027766/more-java-patches-due-soon.html

      1. I’ve been reading a lot of stories/articles like these– it’s discouraging. I have to nix my earlier statement, in that it is still yet possible for hackers to force unsigned certificates to run automatically (i.e., to foist their malware on users). Oracle Java 7 is still exploitable for the time being.

        It may be best to leave browser plug-ins disabled. But I should note that OpenJDK has been available for Mac (you’re a Mac user, yeah Mark?) for some time and may be a viable solution if it is truly needed.

  1. It should be noted that Oracle has claimed to have patched the problem with update 11 (7u11): see here and here. A more non-tech friendly article is here at TheNextWeb (TNW).

    In short, update 11 will NOT allow unsigned certificates to run automatically but will prompt you first.

    However, I think the advice of disabling the browser plugin (for the Java applet) is sound, simple, and probably the best practice for most users.

  2. TT thank you! even I understood and contacted my computerman before disabling the Java browser plug-in. I wanted to delete Java completely from my system but he told me not to because some functions in OpenOffice need it (if I remember correctly). So I just disabled the browser plug-in. Easy to do. Thanks again!

  3. I’ve seen your cogent comments on the WordPress forums, but this is the first time I’ve ‘found’ your site. I will be back. I admit I am severely lacking in the tech-knowledge-y department, and frankly almost break out in hives at the mere mention of the word. Your writing is clear, concise, and understandable. All of these are mandatory for someone like me when it comes to this realm. Thank you for this information. Am headed over to handle this right now.

  4. Thanks for pointing this out, I always detested java web browser plugins, as they aways need constant updates for whatever reason. Glad that I can finally get rid of it

    1. I contacted my computer techy and here is what he said:
      “If you have Java installed and you visit a site that is employing this exploit, you will be prompted to run a Java applet; if you run the applet, you will be infected. Once infected, your computer is open for lowlife to remotely install malware, such as keyloggers.”

      Oops! he also said: “Don’t mess with it. Immediately contact a security expert (ie. him) to remove it.”

    1. Yes. Didn’t you read that in the post? I provided the link to US-CERT (United States Computer Emergency Readiness Team) website in it and it’s dated : 27 Aug 2012. That’s when I disabled the Java plugins on my browsers.

  5. Thanks for the complete and easy-to-understand summary, Timethief. I got my first hint of this through a Canadian security guru I follow on Twitter and who seems always to be on top of these things. Now, I’ll pass your post on to some folks who just want to know what to do. ;)

      1. Please note that this exploit is focused on the Java browser plug-in. Stand alone programs written in Java (such as those packaged as .jar files) are okay, of course, considering you get them from trustworthy sources.

        P.S. I beefed up the bold lettering above and added a paragraph in red lettering.

Comments are closed.