The Blog

Java Is A Security Risk: Here’s How To Deactivate It

(image:flickr/StudioRedChile)

The Problem

For those who aren’t aware, Java is a programming language that requires a piece of software called the Java Runtime Environment to be installed on machines that run Java code. Many people use Java to create applications that run in browsers, and to do so browsers need to have a plugin installed.

Unfortunately, over recent months there have been numerous security problems discovered in Java, some of which will allow malicious third parties to infect machines running Java with malware via the browser.

Java’s owners, Oracle, have been slow to issue patches that will fix the security vulnerabilities, and new zero-day exploits are being discovered with alarming frequency.

In response, many security experts and the Department of Homeland Security have advised that web users deactivate Java if running Java applets in their browsers is not essential, which it isn’t for the vast majority of people.

Uninstalling Java from your computer is one way to solve the problem, but for many people, especially in businesses that run bespoke Java applications, this isn’t an option. Because most of Java’s security vulnerabilities are only a problem when Java has access to the Internet through a browser, we’re going to concentrate on cutting that link, rather that removing Java completely.

Clearing Up Confusions

The first thing to note is that Java is not the same as JavaScript, which is a dialect of ECMAScript. They are different languages and the code is run in different ways. JavaScript does not require the Java Runtime — it is run by the browser itself — and security flaws in Java do not affect pages running JavaScript. This means that disabling Java will not affect a browser’s ability to run JavaScript, and more importantly, installing a browser plugin that prevents JavaScript from running will not solve the problem with Java.

Removing Java’s Internet Privileges

We’re going to assume you’re using the most recent version of the browsers. If you aren’t, you should upgrade, because it’s quite likely that the older browsers will have security issues of their own.

Google Chrome

Type the following into the address bar of your Google Chrome Browser (where you type the names of websites).

    chrome://plugins

Press enter and you’ll see a list of plugins; scroll down to find Java, and click the link beneath where it says ‘disable’. You don’t need to click ‘save’ or ‘ok’. You might want to restart Chrome to make sure, but otherwise, you’re done.

Firefox

Click the Firefox button — the big menu button — and choose ‘addons’; then choose the ‘plugins’ tab. Find Java and click the button that says ‘disable’.

Opera

Type the following into Opera’s address bar and press enter.

    opera:plugins

You might find several Java related entries in the list that appears. Disable each of them by clicking on the ‘disable’ link.

Safari

Choose ‘Preferences’ from the Safari menu, then click the Security tab, and uncheck the box next to ‘Enable Java’.

Internet Explorer

As usual, IE likes to make things a bit more challenging. Take a look at this guide from Oracle for full instructions for deactivating Java in Internet Explorer.

Last updated by at .