Java is a security problem child for computers. Do you need it? Is it running on your PC?
Java running in your browser is a dangerous security problem now. Java on your PC not so much. Unless you really need Java in your browser, disable it. If you don’t need Java on your PC, uninstall it.
Here is how to test if you have Java enabled in your browser – Danger! – and how to turn it off.
Updated January 14, 2013.
Java is on about 70% of computers according to statowl.com. Some web sites require Java according to betanews.com, for example, some games (Minecraft), bank and government logins, IT programs, real time stock quotes, menu systems and OpenOffice.
Most people don’t use or need Java and can disable or uninstall it. If you take away Java and something breaks, you can always add it back.
In the last several months Java has had a series of serious security issues culminating January 10, 2013 with the US-CERT (United States Computer Emergency Response Team) to post “Due to the number and severity of this and prior Java vulnerabilities, it is recommended that Java be disabled temporarily in web browsers.” Java security issues had become epidemic and increasingly exploited in the wild. The security exploits had been added to hacker kits so that anyone could develop their own Java exploit.
Kaspersky Labs said that in 2012 “Java security holes were responsible for 50% of attacks.” Attacks meaning exploits at web sites that allow computer malware (viruses) to be downloaded and installed on computers.
January 13, 2013 Oracle said that the Java 7 Update 11 fixes the problems but US-CERT and security experts say to continue to be wary and continue to recommend to disable/remove Java if you don’t need it. (eweek.com) (technewsworld.com) (abcnews.go.com)
The big problem is vulnerable Java running in browsers that visit infected web sites that will exploit the vulnerable Java to “drive by” download malware.
Malware (viruses) can be used to wreak all kinds of havoc – steal passwords for financial accounts, steal information used in identity theft, create botnets for DDOS attacks, install scare ware (a program that tells you that your computer is infected by viruses and offers to clean the infections for a fee), install ransom ware (a program that locks your data and demands a ransom be paid to unlock it), collect information for phishing and ransom attacks, and so on.
My recommendations are
- Test to see if you have Java enabled in browsers that you use (see next paragraph).
- Uninstall Java if you don’t need it. You can always add it back if you need it.
- If you require Java, enable Java on only one browser and only use that one browser for trusted sites that require Java. Use a Java disabled browser for other sites.
- Avoid using Internet Explorer browser.
- Keep Java and all other computer software up to date. Run anti-malware programs.
- Stay informed about Java and all security issues.
Test to see if Java is enabled in your browser
It is a good idea to test again after disabling Java in your browser (see IE problems below).
Disabling Java in the browser
Disabling Java in Firefox, Chrome and Safari is straightforward and works.
Disabling Java in Internet Explorer fails. Although IE says the Java Add-on is disabled, it really isn’t.
After making changes to browser configurations or Java, restart your browser for the changes to take effect.
Internet Explorer (IE)
For IE, disabling Java in the browser does not work! Even though it says “Disabled” Java is really enabled. A serious error in Oracle’s Java or Microsoft’s IE programming. To really disable Java in IE, you must perform a registry hack, disable Java in all browsers via the Java Control Panel (see below) or uninstall Java completely (see below).
For the registry hacks, see http://nakedsecurity.sophos.com/how-to-disable-java-internet-explorer/
Best just to not use IE.
The steps that should work but don’t (note different versions of IE have differences in menus and windows) –
FAIL. Again, do not rely on disabling Java in IE.
or Orange button
Java Control Panel
You can disable Java add-ons in all browsers with the Java Control Panel with Java 7 Update 10 and above. This update also adds the Security Level slider defaulted at “Medium (recommended)”.
Java 7 Update 11
Java 7 Update 11, released Sunday January 13, 2013 looks like a rushed attempt to fix security. It raises the Security Level to “High (recommended)” and in IE, Firefox and Chrome pops up a Security Warning. This is good. Safari does not pop up the security warning. This is bad.
If you need Java, definitely update and keep updating.
More Java annoyances
Java has a confusing system for numbering their software, for example: 1.6.0_35 is called Java 6 Update 35 and 1.7.0_11 is called Java 7 Update 11.
Installing and updating Java will try to sneak in 3rd party software like the Ask Toolbar or McAfee Security Scan. Really Oracle, ya need the money?
Uninstalling Java – Windows 7, Vista and XP
Be safe out there!