The Problem
For those who aren’t aware, Java is a programming language that requires installing a piece of software called the Java Runtime Environment on machines that run Java code. Many people use Java to create applications that run in browsers however to do this, browsers need to have a plugin installed.
Unfortunately, over recent months there have been numerous security problems discovered in Java, some of which will allow malicious third parties to infect machines running Java with malware via the browser.
Java’s owners, Oracle, have been slow to issue patches to fix the security vulnerabilities, and researchers are discovering new zero-day exploits with alarming frequency.
In response, many security experts and the Department of Homeland Security have advised that web users deactivate Java if running Java applets in their browsers is not essential, which it isn’t for the vast majority of people.
Uninstalling Java from your computer is one way to solve the problem. However, for many people, especially in businesses that run bespoke Java applications, this isn’t an option. Since most of Java’s security vulnerabilities only become a problem when Java has access to the Internet through a browser, we will, therefore, concentrate on cutting that link rather than removing Java completely.
Clearing Up Confusions
The first thing to note is that Java is not the same as JavaScript, which is a dialect of ECMAScript. They are different languages, and the code runs in different ways. JavaScript does not require the Java Runtime; the browser itself runs it. Security flaws in Java do not affect pages running JavaScript.This means that disabling Java will not affect a browser’s ability to run JavaScript, and more importantly, installing a browser plugin that prevents JavaScript from running will not solve the problem with Java.
Removing Java’s Internet Privileges
We’re going to assume you’re using the most recent version of the browsers. If you aren’t, you should upgrade, as it’s quite likely that the older browsers will have security issues of their own.
Google Chrome
Type the following into the address bar of your Google Chrome browser, which is where you typically enter the names of websites.
chrome://plugins
Press enter and you’ll see a list of plugins; scroll down to find Java, and click the link beneath where it says ‘disable’. You don’t need to click ‘save’ or ‘ok’. You might want to restart Chrome to be sure. Otherwise, you’re done.
Firefox
Click the Firefox button — the big menu button — and choose ‘addons’; then choose the ‘plugins’ tab. Find Java and click the button that says ‘disable’.
Opera
Type the following into Opera’s address bar and press enter.
opera:plugins
You might find several Java related entries in the list that appears. Disable each of them by clicking on the ‘disable’ link.
Safari
Choose ‘Preferences’ from the Safari menu, then click the Security tab, and uncheck the box next to ‘Enable Java’.
Internet Explorer
As usual, IE likes to make things a bit more challenging. Take a look at this guide from Oracle for full instructions for deactivating Java in Internet Explorer.
