Yet again there is a ZERO-DAY [or 0day] threat in Java. Oracle has been mired in problems since they acquired Java from Sun, but it seems like the bad guys know about the flaws before anyone else. Thank God for the researchers who make them known to the rest of without hacking our computers to do it.
It has been almost a year since the FBI and everyone else told you to remove Java from your computer, so here is how you do it:
Disable Java in All Browsers
Last month Oracle released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers in the Java Control Panel. Open Control Panel and launch the Java applet. If you don’t see it, switch to Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab. In previous versions this tab just allowed advanced users to manage Java-related certificates. It now displays a security-level slider and, more important, a single checkbox titled “Enable Java content in the browser.” Un-check this box, click OK, and you’re done.
Disable Java in One Browser
For security’s sake you really should be using the very latest Java version. If you’re not, or if you need to enable Java in some browsers but disable it in others, you can do that too.
Using Chrome? Enter chrome://plugins in the browser’s address bar. Scroll down to Java and click the link to disable it. That was easy, and a bit simpler than Oracle’s recommended steps. The process is similar in Opera, which Oracle’s page doesn’t mention. First, enter about:config in the address bar. Click the Java heading to expand that section, un-check the checkbox, and click the Save button. In Safari, choose Preferences, choose Security, and deselect Enable Java.
The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.
Firefox users can click the Firefox button at the top and choose Add-ons from the resulting menu. On the Plugins tab, click the Disable button next to “Java(TM) Platform.” You can also disable Java for all Mozilla family browsers by un-checking the Mozilla family box in the Java control panel.
When writing this article, I had a hard time viewing the new feature that Oracle added in Update 10. Why? Because I had disabled Java and figured I didn’t need to update it. That was lazy thinking; I’ve reformed. At any time you might find you need Java, perhaps for a Web meeting, or a remote-control tech support session. If you don’t want to let Java update automatically, you can check for updates from the Java Control Panel at any time.
Whichever method you choose, visit the Java test page at http://java.com/en/download/testjava.jsp to confirm that Java is disabled. Yes, you’ll occasionally run across a website that relies on Java. If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.