Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

How to disable Java and why you should do it - fixedByVonnie

How to disable Java and why you should do it

Java has a long history of being besieged with vulnerabilities.

Back in 2010, Microsoft’s Malware Protection Center released a Security Intelligence Report unveiling what the team called an “unprecedented wave of Java exploitation”.

Furthermore, Omaha based security firm Solutionary, reported several Java vulnerabilities over the past two years.  In fact, according to research by Solutionary analyst, Robert Jeffries, there have been a palpable uptick in Java related vulnerabilities over the last 17 years.

Java Vulnerabilities 17 years in review

I personally, think the recent surge in Java exploits is partially a function of its popularity.

Just last month, in September 2013, F-Secure published a whitepaper that showed Java is the second most targeted program.  You can read the F-Secure exploitation report starting on page 36 of 69.

Java is everywhere and as more people depend on the Java platform it will become increasingly alluring to pernicious hackers.

You might spar with me by saying, “Vonnie, I see your point but as Java vulnerabilities climb, Oracle will patch them faster because it needs to protect its reputation of security.  After all, wasn’t Oracle touting a marketing slogan with the phrase ‘Unbreakable‘ in 2002?”

Yes, Oracle did have a “Can’t break it, can’t break in” philosophy and undoubtedly it will strive to preserve it ; however, I don’t think the preponderance of Java vulnerabilities is enough to galvanize any substantive changes in Java’s implementation.

I think monolithic companies have a propensity to move slowly even amid clear and present danger.  Oracle is currently the second largest software maker by revenue – Microsoft is first- and as such, it can’t move with the speed and dexterity of smaller shops.

To Oracle’s credit, it has been responding to to these threats by disseminating security updates and changing the default Java security setting to High but these actions often feel reactive not proactive – and that’s my concern.

What this means

Prudent users will disable Java and only enable it when they absolutely need it.

If you don’t depend on Java applications for your daily work then you should expunge the framework from your system.  If you have non-web applications that need Java then you can retain the Java framework but should disable the browser plug-ins.

Let me show you how to do this.

To uninstall Java in Windows 8 type Programs and Features from the Start Screen and press enter.

Uninstall Java from Windows 8

In Windows 7, just click Start and type Programs and Features to open the list of programs to uninstall.

How to Uninstall Java in Windows 7

If for some reason you need to re-install the latest security patched version of Java you can always grab it directly from Oracle.

Disable Java in the Browser

If you prefer to leave the Java application on your computer then please, at the very least, disable the browser plugin.  You can do this from the Java Control Panel.

From the Start Menu in Windows 7 or Start Screen in Windows 8/8.1, type java and hit enter.

The Java Control Panel should jump onto the screen.

Java Control Panel

Click the Security Tab, deselect “Enable Java content in the browser” and click OK.

Windows 8 Disable Java Content in Browser

The User Access Control dialog box abruptly pops on the screen admonishing your actions.  Click Yes

Windows 8 Disabling Java

Finally click OK on the confirmation box to finish up.

Windows 8 Java Plug-in settings changed

After restarting your browser Java will be disabled in Internet Explorer.  This should also disable it in all your other browsers too – but I don’t like the word “should” here’s how to double check the Java plugin is really disabled.

Disabling Java in Chrome

Open Chrome and type this in the location bar:

chrome://plugins

If Java is really disabled then you shouldn’t see any entries here.  If you do, just scroll down and click the blue Disable link.

Disabling Java in Chrome

Disabling Java in Firefox

Open Firefox, click the orange Firefox button in the upper left corner of the browser and choose Add-ons in the left pane (you can press Ctrl + Shift + a instead if you love keyboard shorties).

In the Add-ons Manager click the blue Lego block looking thing in the left pane to view all your plugins.  If you see Java here, click the combo box to Never Activate.

Disable Java in Firefox

Disabling Java in Safari

In Mac OS X, open Safari press command + , (comma) choose the Security tab and uncheck Allow Java.

Disable Java on Mac Safari

In Windows, press Ctrl + , (comma) instead.

Disable Java on Windows 8 in Safari

Java is different than Javascript

One thing I wanted to clarify is that Javascript and Java are two distinct things.  Sometimes people think the two are related since they both have the word java in the name; however, there is no releation.  Javascript and Java are two disparate programming languages developed by two different companies (Netscape created Javascript).

Javascript is the technology usually used in form validation or for interactive animations using frameworks like jQuery or YUI.  Conversely, Java application need to run in a virtual machine that typically manifest as browser Applets.

Bottom Line

I will be as unequivocal as I can when I say this:

If you don’t need Java get rid of it.

Java has been beset with vulnerabilities for years and although Oracle chronically patches these issues, the platform is still innately insecure partially because of its ubiquity.

I’m convinced that disabling Java is one of the best ways to secure your computer.  Of course it isn’t the only way, but it should be part of a defense-in-depth strategy that protects your system in layers.

About

Connect with Vonnie on Twitter

Posted in Google Chrome, How To, Internet Explorer 10, Internet Explorer 9, Mozilla Firefox, Opera, Safari, Web Browsers, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: