Java is a plugin for web browsers that is installed on approximately 66% of all computers. However there are very few websites that still rely on the features that it provides, leaving those 66% of computers vulnerable to attack when the dated technology is exploited. This has unfortunately happened several times in the past few months.
Leaving Java enabled on your computer could allow hackers to take control of your computer and install and run programs without your permission. (Jump to some of the news about these exploits.)
As fewer and fewer sites actually rely on client side Java to power their online applications, and it now seems the risks of using Java greatly outweigh the benefits. The primary issue being that one critical level bug can exploit every operating system and every browser.
The only sure solution to eliminate this risk is to disable Java entirely in the browser, then selectively [and temporarily] enable it when necessary. White-listing functionality exists for most major browsers, which ensures that Java will operate only on websites that you truly trust.
Run your browser(s) without Java for the next 90 days.
Count how many times you miss it. (So far we’re up to zero.)
Continue to move on with your life, knowing you’re safer on the web.
Frequently Thought Questions
Do I have java enabled? How can I know?
Java is enabled. You should really consider our proposal..
On the other hand, Java is maintained and distributed by a single corporation according to a single implementation. When exploits are found they often affect all web browsers on all operating systems at once. Patches for highly critical bugs take multiple days, and often times weeks to be released. Furthermore, the auto-update process that Java uses is considered annoying and visually intrusive. Many people, therefore, disable the auto-updater to remove the notifications, thus leaving these users open to attack from that point forward.
My site uses Java that contains no exploits, are you attacking me?
It is not our intention to attack any person, company, or cute puppy. We simply see an issue that poses a threat to internet users who may have no knowledge of Java, or even know what it is. If the user is not benefiting from the Java platform, there is no reason for their privacy and security to be put at risk when malicious developers decide to attack.
(My browser isn’t listed / Your instructions don’t seem quite right) What do I do?
New Java vulnerability is being exploited in the wild, disabling Java is currently your only option
Super-critical Java zero-day exploits TWO bugs
New Java exploit puts 1 billion Macs and PCs at risk
Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code
How to Disable Java?
Chrome will notify you before it downloads or runs Java content. We are reasonably sure this will prevent security issues. If you know otherwise, please email us at firstname.lastname@example.org immediately.
For further protection users can enter about:plugins in the address bar to enable and/or disable Java and other plugins. There is a single entry for Java identified as "Java TM" that can be disabled for complete protection in Chrome.
Firefox plugin options can be located in Tools -> Add-ons -> Plugins. There will be one or more Java entries: Examples include "Java Deployment Toolkit" and "Java Platform". We suggest disabling all Java related plugins to ensure your computer’s safety.
For more about Java on Firefox see Firefox’s support website.
If you are running versions 8, 9, or 10 you can use this method:
Open your Internet Explorer
Click the gear icon in the top right of the browser to open the settings menu
Click on Manage add-ons
In the left sidebar of the Manage Add-ons window that appears use the drop down box at the bottom to change to All add-ons
Select each add-on that begins with "Java(tm)" and use the disable button that appears at the bottom of the window above the close button
Alternatively Microsoft provides this knowledgebase article that is said to work for all Internet Explorer versions on all versions of Windows. Care should be taken when using this method since it involves editing the Windows registry.
To disable Java under Opera:
Open your web browser
Type opera:plugins in the address bar and press the Enter key
Locate Java(TM) within the liste (there may be several listed items)
Visit http://support.apple.com/kb/HT5241 for more information.
Android & iOS
Your device does not natively support Java in the web browser.