We have written about Java and its regular vulnerabilities, two (here and here) of which were zero-day vulnerabilities. Java is a very strong tool because it is cross platform and if a vulnerability is being found on one platform, it can easily be found on all others.
If used used properly, Java can provide an enhanced usability and functionality at a low cost. Any browser has a Java plugin these days and they all have something in common: they all use the system wide Java installation. This means that if something is happening with the local Java installation, all browsers are affected.
In order to start mitigating these risks, one has to ask himself if Java is really needed on his computer.
If the answer is No, then simply uninstall Java and you’re done.
If the answer is Yes, then read on.
I have advised to have two browsers installed, one with the Java plugin activated, one without. The one with Java should be exclusively used with those applications/applets which require Java to be present. The browser without the Java plugin should be used for normal browsing. Here counts “what you don’t know can’t affect you” – no Java plugin, no applet can be started even if Java is present on the system.
All browsers come with the Java plugin installed – it is a usability issues which is understandable. In order to deactivate the plugin for a browser, follow the link which applies to your browser or deactivate it for all browsers.
Deactivate Java for all browsers
Starting with Java v7 Update 10 there is a new security feature added to Java. You can disable Java through the Java Control Panel in all browsers. Here is a detailed how-to from Java.com.
Obviously, if you don’t need Java at all, you can uninstall it completely.
Deactivate the Java plugin for a browser
Click on the browser name to jump directly to this area:
- At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
- In the Add-ons Manager tab, select the Plugins panel.
- Click on the Java (TM) Platform plugin to select it.
- Click on the Disable button (if the button says Enable, Java is already disabled).
1. Visit chrome://plugins/
2. Find the Java plugin and uncheck it.
- In Safari, choose Safari > Preferences or press Command-comma (⌘,)
- Click “Security”.
- Uncheck “Enable Java”.
- Close the Safari preferences window.
- Open Opera and type opera:plugins into the location bar.
- Click on the Disable button.
Java can be disabled by setting kill bits for the Java CLSIDs and by setting the URL action to Disable. Unfortunately getting rid of Java, it is not as easy as it is for the other browsers.
WARNING: this operation requires some registry tweaks. Please perform a registry backup before applying the changes here. We can’t be held responsible for any damage you might produce by applying these steps.
1. Download the following file: disable_java_ie.txt
2. Rename the .TXT file to .REG
3. Execute it as Administrator
4. Restart IE
Note: additional information about disabling Java in IE can be found in the original article here.