Disable Java? Here's how, after US agency warns of software 'vulnerability.'
To prevent cyber crime, the Department of Homeland Security advises Americans to temporarily disable Java 7 software, commonly used in Web-browser programs.
(Page 2 of 2)
Mr. Krebs suggests that Internet users visit a Java Web page where they can confirm whether the software is running on their machines, and which version. Click the “Do I have Java” link, which is below a big red “download” button.Skip to next paragraph
Subscribe Today to the Monitor
Now, if you have a version of Java you want to disable, here’s what US-CERT said Thursday: “Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet.”
Citing a document from Oracle (Java’s corporate owner), CERT describes the following steps:
1) Make sure you have Java 7 Update 10. If not, you can upgrade. (A quick reminder: As this story just noted, if you have version 6 or prior, you may not want to upgrade or disable Java for now.)
2) Go to the Java control panel.
3) In the Security tab, de-select “Enable Java content in the browser.”
If you can’t upgrade to Update 10, CERT says to see a different "vulnerability note" it wrote for browser-specific instructions on disabling Java.
Beneath the “solution” heading in that note, you can search for the name of the browser program you use.
The note says the process of disabling Java is “significantly more complicated” if Microsoft’s Internet Explorer is your browser. An expedient answer may be to temporarily use a different browser. Computer experts generally advise the less sophisticated among us not to try adjusting your computer’s registry, which is called for to implement some of CERT’s Explorer-related options.
CERT's security warning also includes some added advice and context that's helpful to keep in mind.
"An effective way of mitigating risk of web browsing is to use separate browsers for different activities online. For example, if you do online banking, choose a browser to use for banking and nothing else," the note says. "This can help minimize the risk of a malicious web page being able to interfere with the banking activity."
CERT says the same concept can be applied to Java. If you have a must-use website that requires Java for its functioning, then configure one browser to be Java-enabled, and only use that browser for accessing that trusted site.