Thursday, February 28, 2013

Disable Java in your browser



Java is a plugin for web browsers that is installed on approximately 66% of all computers. However there are very few websites that still rely on the features that it provides, leaving those 66% of computers vulnerable to attack when the dated technology is exploited. This has unfortunately happened several times in the past few months.
Leaving Java enabled on your computer could allow hackers to take control of your computer and install and run programs without your permission. (Jump to some of the news about these exploits.)
As fewer and fewer sites actually rely on client side Java to power their online applications, and it now seems the risks of using Java greatly outweigh the benefits. The primary issue being that one critical level bug can exploit every operating system and every browser.
The only sure solution to eliminate this risk is to disable Java entirely in the browser, then selectively [and temporarily] enable it when necessary. White-listing functionality exists for most major browsers, which ensures that Java will operate only on websites that you truly trust.


Our proposal:
            • Run your browser(s) without Java for the next 90 days.
      • Count how many times you miss it. (So far we’re up to zero.)
      • Continue to move on with your life, knowing you’re safer on the web.



Frequently Thought Questions

Do I have java enabled? How can I know?

Java is enabled. You should really consider our proposal..

Are java and javascript the same thing?

Not in the slightest. All of your favorite websites rely on Javascript to provide you with the features you love. Each browser implements and secures Javascript, minimizing the chance that an exploit will affect such a huge number of people at once. Also, most browser developers operate on a rapid development cycle so critical bugs are often patched within the first day.
On the other hand, Java is maintained and distributed by a single corporation according to a single implementation. When exploits are found they often affect all web browsers on all operating systems at once. Patches for highly critical bugs take multiple days, and often times weeks to be released. Furthermore, the auto-update process that Java uses is considered annoying and visually intrusive. Many people, therefore, disable the auto-updater to remove the notifications, thus leaving these users open to attack from that point forward.

My site uses Java that contains no exploits, are you attacking me?

It is not our intention to attack any person, company, or cute puppy. We simply see an issue that poses a threat to internet users who may have no knowledge of Java, or even know what it is. If the user is not benefiting from the Java platform, there is no reason for their privacy and security to be put at risk when malicious developers decide to attack.

(My browser isn’t listed / Your instructions don’t seem quite right) What do I do?

Please email feedback@disablejava.com.

I think you have incorrect information on your site:

Please email feedback@disablejava.com or complain on twitter,#LeaveJavaAlone
Examples of why you should disable Java
  • New vulnerabilities found in latest Java update
  • New Java vulnerability is being exploited in the wild, disabling Java is currently your only option
  • Super-critical Java zero-day exploits TWO bugs
  • New Java exploit puts 1 billion Macs and PCs at risk
  • Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code
How to Disable Java?

Chrome

Chrome will notify you before it downloads or runs Java content. We are reasonably sure this will prevent security issues. If you know otherwise, please email us at feedback@disablejava.com immediately.
For further protection users can enter about:plugins in the address bar to enable and/or disable Java and other plugins. There is a single entry for Java identified as "Java TM" that can be disabled for complete protection in Chrome.

FireFox

Firefox plugin options can be located in Tools -> Add-ons -> Plugins. There will be one or more Java entries: Examples include "Java Deployment Toolkit" and "Java Platform". We suggest disabling all Java related plugins to ensure your computer’s safety.
For more about Java on Firefox see Firefox’s support website.

Internet Explorer

If you are running versions 8, 9, or 10 you can use this method:
  • Open your Internet Explorer
  • Click the gear icon in the top right of the browser to open the settings menu
  • Click on Manage add-ons
  • In the left sidebar of the Manage Add-ons window that appears use the drop down box at the bottom to change to All add-ons
  • Select each add-on that begins with "Java(tm)" and use the disable button that appears at the bottom of the window above the close button
Alternatively Microsoft provides this knowledgebase article that is said to work for all Internet Explorer versions on all versions of Windows. Care should be taken when using this method since it involves editing the Windows registry.

Opera

To disable Java under Opera:
  • Open your web browser
  • Type opera:plugins in the address bar and press the Enter key
  • Locate Java(TM) within the liste (there may be several listed items)
  • Click "Disable"

Safari

Visit http://support.apple.com/kb/HT5241 for more information.

Android & iOS

Your device does not natively support Java in the web browser.

Lynx

You’re probably good to go already.

No comments:

Post a Comment