How to disable the Java web plug-in in all browsers

We have written about Java and its regular vulnerabilities, two (here and here) of which were zero-day vulnerabilities. Java is a very strong tool because it is cross platform and if a vulnerability is being found on one platform, it can easily be found on all others.

If used used properly, Java can provide an enhanced usability and functionality at a low cost. Any browser has a Java plugin these days and they all have something in common: they all use the system wide Java installation. This means that if something is happening with the local Java installation, all browsers are affected.

In order to start mitigating these risks, one has to ask himself if Java is really needed on his computer.

If the answer is No, then simply uninstall Java and you’re done.

If the answer is Yes, then read on.

 

I have advised to have two browsers installed, one with the Java plugin activated, one without. The one with Java should be exclusively used with those applications/applets which require Java to be present. The browser without the Java plugin should be used for normal browsing. Here counts “what you don’t know can’t affect you” – no Java plugin, no applet can be started even if Java is present on the system.

All browsers come with the Java plugin installed – it is a usability issues which is understandable. In order to deactivate the plugin for a browser, follow the link which applies to your browser or deactivate it for all browsers.

 

Deactivate Java for all browsers

Starting with Java v7 Update 10 there is a new security feature added to Java. You can disable Java through the Java Control Panel in all browsers. Here is a detailed how-to from Java.com.

Obviously, if you don’t need Java at all, you can uninstall it completely.

Deactivate the Java plugin for a browser

Click on the browser name to jump directly to this area:

 

 

Deactivating the Java plugin in Firefox

  1. At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
  2. In the Add-ons Manager tab, select the Plugins panel.
  3. Click on the Java (TM) Platform plugin to select it.
  4. Click on the Disable button (if the button says Enable, Java is already disabled).

 

 

Deactivating the Java plugin in Chrome

1. Visit chrome://plugins/
2. Find the Java plugin and uncheck it.

 

 

Deactivating the Java plugin in Safari

  1. In Safari, choose Safari > Preferences or press Command-comma (⌘,)
  2. Click “Security”.
  3. Uncheck  ”Enable Java”.
  4. Close the Safari preferences window.

 

 

Deactivating the Java plugin in Opera

  1. Open Opera and type opera:plugins into the location bar.
  2. Click on the Disable button.

 

 

Deactivating the Java plugin in Internet Explorer

Java can be disabled by setting kill bits for the Java CLSIDs and by setting the URL action to Disable. Unfortunately getting rid of Java, it is not as easy as it is for the other browsers.

WARNING: this operation requires some registry tweaks. Please perform a registry backup before applying the changes here. We can’t be held responsible for any damage you might produce by applying these steps.

1. Download the following file: disable_java_ie.txt

2. Rename the .TXT file to .REG

3. Execute it as Administrator

4. Restart IE

Note: additional information about disabling Java in IE can be found in the original article here.

Sorin Mustaca

IT Security Expert