Java was once touted as the "write once, run anywhere" language. In theory, a single Java program could run on any Java-supporting platform. That dream never quite came to full fruition, though, and these days Java is a favourite attack vector for hackers. The Flashback trojan breached Macintosh computers via a Java vulnerability last year, for example. In August, researchers at FireEye reported another zero-day vulnerability in Java. And another serious vulnerability has just cropped up, so unless you absolutely need Java, from a security standpoint it’s something you should certainly consider disabling.
Fortunately, Oracle offers a web page with straightforward instructions on how to turn off Java.
Disable Java in all browsers
Since Oracle’s release of Java update 10 last month, there’s a simple one-stop option for disabling Java in all browsers in the Java Control Panel. Open Control Panel and launch the Java applet. If you don't see it, switch to Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab. In previous versions this tab just allowed advanced users to manage Java-related certificates. It now displays a security-level slider and, more important, a single checkbox labelled "Enable Java content in the browser." Un-check this box, click Okay, and you're done. Simple as that.
Disable Java in one browser
For security's sake you really should be using the very latest Java version. However, if you aren’t, or if you need to enable Java in some browsers but disable it in others, you can do that too.
Using Chrome? Enter chrome://plugins in the browser's address bar. Scroll down to Java and click the link to disable it. That was easy, and a bit simpler than Oracle's recommended steps. The process is similar in Opera, which Oracle's page doesn't mention. First, type about:config in the address bar. Click the Java heading to expand that section, un-check the checkbox, and click the Save button. In Safari, choose Preferences, choose Security, and deselect Enable Java.
The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press the spacebar in order to clear the checkmarks.
Firefox users can click the Firefox button at the top and choose Add-ons from the resulting menu. On the Plugins tab, click the Disable button next to "Java(TM) Platform." You can also disable Java for all Mozilla family browsers by un-checking the Mozilla family box in the Java control panel.
When writing this article, I had a hard time viewing the new feature that Oracle added in Update 10. Why? Because I had disabled Java some time back and figured I didn't need to update it. That was lazy thinking – and I've reformed. At any time you might find you need Java, perhaps for a web meeting, or a remote control tech support session. If you don't want to let Java update automatically, you can check for updates from the Java Control Panel at any time.
Whichever method you choose, visit the Java test page to confirm that Java is disabled. Yes, you'll occasionally run across a website that relies on Java. If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.