The Java Runtime Environment has become one of the most exploited components of any operating system. Even the US Department of Homeland Security warns users to disable java unless they have a really good reason to use it. For most of us the days of Web sites requiring you to run Java applets has long passed. However, there still are a good number of desktop applications written in Java so simply uninstalling it is not practical. Instead, a good way to minimize your risk is to disable the Java browser plugins. That is the primary attack vector, meaning how Java is exploited, in most cases and closing that door will significantly improve the security of your device.
The plugin can be disabled in most modern browsers. Below are the instructions for how to disable the Java plugin for the popular Internet browsers.
Internet Explorer
- Open Internet Explorer and click on the gear icon on the far right side of the window.
- Select Manage Add-ons.
- While the Toolbars and Extensions section is selected, change the Show box to All add-ons.
- Scroll down through the add-on list until you get to the Oracle America, Inc. section.
- Right click on each Oracle add-on and select Disable.
- Click close when you are finished and then close and restart Internet Explorer.
It is important to understand that this will disable applications from running in the browser but be very careful of any applications that launch as a download since those bypass IE completely.
Chrome
- Open Google Chrome and navigate to chrome://plugins/
- Locate the Java plug-in and click Disable.
- Restart Chrome.
Firefox
- Open Firefox and hit Ctrl + Shift + A to bring up the Add-ons Manager.
- Select the Plugins category.
- Locate all java related plugins and click the Disable Button.
- Restart Firefox.