How to disable Java and why you should do it

Java has a long history of being besieged with vulnerabilities.

Back in 2010, Microsoft’s Malware Protection Center released a Security Intelligence Report unveiling what the team called an “unprecedented wave of Java exploitation”.

Furthermore, Omaha based security firm Solutionary, reported several Java vulnerabilities over the past two years.  In fact, according to research by Solutionary analyst, Robert Jeffries, there have been a palpable uptick in Java related vulnerabilities over the last 17 years.

Java Vulnerabilities 17 years in review

I personally, think the recent surge in Java exploits is partially a function of its popularity.

Just last month, in September 2013, F-Secure published a whitepaper that showed Java is the second most targeted program.  You can read the F-Secure exploitation report starting on page 36 of 69.

Java is everywhere and as more people depend on the Java platform it will become increasingly alluring to pernicious hackers.

You might spar with me by saying, “Vonnie, I see your point but as Java vulnerabilities climb, Oracle will patch them faster because it needs to protect its reputation of security.  After all, wasn’t Oracle touting a marketing slogan with the phrase ‘Unbreakable‘ in 2002?”

Yes, Oracle did have a “Can’t break it, can’t break in” philosophy and undoubtedly it will strive to preserve it ; however, I don’t think the preponderance of Java vulnerabilities is enough to galvanize any substantive changes in Java’s implementation.

I think monolithic companies have a propensity to move slowly even amid clear and present danger.  Oracle is currently the second largest software maker by revenue – Microsoft is first- and as such, it can’t move with the speed and dexterity of smaller shops.

To Oracle’s credit, it has been responding to to these threats by disseminating security updates and changing the default Java security setting to High but these actions often feel reactive not proactive – and that’s my concern.

What this means

Prudent users will disable Java and only enable it when they absolutely need it.

If you don’t depend on Java applications for your daily work then you should expunge the framework from your system.  If you have non-web applications that need Java then you can retain the Java framework but should disable the browser plug-ins.

Let me show you how to do this.

To uninstall Java in Windows 8 type Programs and Features from the Start Screen and press enter.

Uninstall Java from Windows 8

In Windows 7, just click Start and type Programs and Features to open the list of programs to uninstall.

How to Uninstall Java in Windows 7

If for some reason you need to re-install the latest security patched version of Java you can always grab it directly from Oracle.

Disable Java in the Browser

If you prefer to leave the Java application on your computer then please, at the very least, disable the browser plugin.  You can do this from the Java Control Panel.

From the Start Menu in Windows 7 or Start Screen in Windows 8/8.1, type java and hit enter.

The Java Control Panel should jump onto the screen.

Java Control Panel

Click the Security Tab, deselect “Enable Java content in the browser” and click OK.

Windows 8 Disable Java Content in Browser

The User Access Control dialog box abruptly pops on the screen admonishing your actions.  Click Yes

Windows 8 Disabling Java

Finally click OK on the confirmation box to finish up.

Windows 8 Java Plug-in settings changed

After restarting your browser Java will be disabled in Internet Explorer.  This should also disable it in all your other browsers too – but I don’t like the word “should” here’s how to double check the Java plugin is really disabled.

Disabling Java in Chrome

Open Chrome and type this in the location bar:

chrome://plugins

If Java is really disabled then you shouldn’t see any entries here.  If you do, just scroll down and click the blue Disable link.

Disabling Java in Chrome

Disabling Java in Firefox

Open Firefox, click the orange Firefox button in the upper left corner of the browser and choose Add-ons in the left pane (you can press Ctrl + Shift + a instead if you love keyboard shorties).

In the Add-ons Manager click the blue Lego block looking thing in the left pane to view all your plugins.  If you see Java here, click the combo box to Never Activate.

Disable Java in Firefox

Disabling Java in Safari

In Mac OS X, open Safari press command + , (comma) choose the Security tab and uncheck Allow Java.

Disable Java on Mac Safari

In Windows, press Ctrl + , (comma) instead.

Disable Java on Windows 8 in Safari

Java is different than Javascript

One thing I wanted to clarify is that Javascript and Java are two distinct things.  Sometimes people think the two are related since they both have the word java in the name; however, there is no releation.  Javascript and Java are two disparate programming languages developed by two different companies (Netscape created Javascript).

Javascript is the technology usually used in form validation or for interactive animations using frameworks like jQuery or YUI.  Conversely, Java application need to run in a virtual machine that typically manifest as browser Applets.

Bottom Line

I will be as unequivocal as I can when I say this:

If you don’t need Java get rid of it.

Java has been beset with vulnerabilities for years and although Oracle chronically patches these issues, the platform is still innately insecure partially because of its ubiquity.

I’m convinced that disabling Java is one of the best ways to secure your computer.  Of course it isn’t the only way, but it should be part of a defense-in-depth strategy that protects your system in layers.

About

Connect with Vonnie on Twitter

Posted in Google Chrome, How To, Internet Explorer 10, Internet Explorer 9, Mozilla Firefox, Opera, Safari, Web Browsers, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: