How do I disable Java in my web browser?

How do I disable Java in my web browser?


This article applies to:

  • Platform(s): Solaris SPARC, Solaris x86, Red Hat Linux, SUSE Linux, Oracle Enterprise Linux, Windows 8, Windows 7, Vista, Windows 2008 Server, Macintosh OS X
  • Browser(s): Internet Explorer, Firefox, Chrome, Safari
  • Java version(s): 7.0, 7u10+

Starting with Java Version 7 Update 10, a new security feature has been added to Java. Some web pages may include content or apps that use the Java plug-in, and these can now be disabled using a single option in the Java Control Panel.

alert iconDisabling Java through the Java Control Panel will disable Java in all browsers.

Find the Java Control Panel

Windows XP

  • Click on the Start button and then click on the Control Panel option.
  • Double click on the Java icon to open the Java Control Panel.

Windows 7, Vista

  • Click on the Start button and then click on the Control Panel option.
  • In the Control Panel Search enter Java Control Panel.
  • Click on the Java icon to open the Java Control Panel.

Windows 8
Use search to find the Control Panel

  • Press Windows logo key + W to open the Search charm to search settings
    OR
    Drag the Mouse pointer to the bottom-right corner of the screen, then click on the Searchicon.
  • In the search box enter Java Control Panel
  • Click on Java icon to open the Java Control Panel.

    Java Control Panel

Disable Java through the Java Control Panel

Enable Java

  1. In the Java Control Panel, click on the Security tab.
  2. Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
  3. Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
  4. Click OK in the Java Plug-in confirmation window.
  5. Restart the browser for changes to take effect.

RELATED INFORMATION

Disable the Java content in the particular browser
Internet Explorer

The only way to completely disable Java in Internet Explorer (IE) is to disable Java through the Java Control Panel as noted above.

Chrome
  1. Click on the Chrome menu, and then select Settings.
  2. At the bottom of Settings window, click Show advanced settings
  3. Scroll down to the Privacy section and click on Content Settings.
  4. In the Content Settings panel, scroll down to the Plug-ins section.
  5. Under the Plug-ins section, click Disable individual plug-ins.
  6. In the Plugins panel, scroll to the Java section. Click Disable to disable the Java Plug-in.
  7. Close and restart the browser to enable the changes.

Note: Alternatively, you can access the Plug-ins settings by typing about:plugins in the browser address bar.

Firefox
  1. Click on the Firefox tab and then select Add-ons
  2. In the Add-ons Manager window, select Plugins
  3. Click Java (TM) Platform plugin to select it
  4. Click Disable (if the button displays Enable then Java is already disabled)
Safari
  1. Choose Safari Preferences
  2. Choose the Security option
  3. Deselect Enable Java
  4. Close Safari Preferences window

 

http://www.java.com/en/download/help/disable_browser.xml

New Java vulnerability is being exploited in the wild, disabling Java is currently your only option

A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer.

Update on December 11Oracle’s Java vulnerability left open since October 2012 ‘fix’, now being used to push ransomware

The US Computer Emergency Readiness Team (US-CERT), which falls under the National Cyber Security Division of the Department of Homeland Security, has issued the following vulnerability note:

Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.
Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.

It appears this flaw was first stumbled upon by a French researcher who goes by the name Kafeine. In a post on his Malware Don’t Need Coffee website, the researcher claimed that the latest version, Java 7 Update 10, was being exploited on a site that receives “hundreds of thousands of hits daily” and concluded that “this could be mayhem.”

More importantly, Kafeine noted the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit, already have this latest Java exploit. BitDefenderconfirmed the alleged addition of the exploit into Cool while security expert Brian Krebs confirmed the BlackHole part, as well as noted its addition into Nuclear Pack:

The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.

This actual vulnerability was later confirmed by security firm AlienVault Labs. With Kafeine’s help, the company reproduced the exploit on a new, fully-patched installation of Java, and used a malicious Java applet to remotely execute the Calculator application on Windows XP:

java calc 730x565 New Java vulnerability is being exploited in the wild, disabling Java is currently your only option

We recommend that regardless of what browser and operating system you’re using, you should uninstall Java if you don’t need it. If you do need it, use a separate browser when Java is required, and make sure to disable Java in your default browser.

We have contacted Oracle about this issue. We will update you if we hear back.

Update on December 11Oracle’s Java vulnerability left open since October 2012 ‘fix’, now being used to push ransomware

See also – Security companies are recommending you disable Java, or just uninstall it and Mozilla joins the chorus, tells Firefox users to disable Java due to security hole

Is Your Mac Infected By The Flashback Trojan Affecting 600,000 Macs?

The Reto Sad Mac
Sad Mac

A Mac infected by a virus used to be something of a rarity, and it was the best argument you could bring to a Mac versus PC debate. But with Mac adoption surging in recent years, it was inevitable that Apple’s operating system would become a target for hackers.

Variations of one Flashback trojan, which first surfaced back in 2007, are now affecting more than 600,000 Macs around the world. Here’s how to find out whether your machine’s affected and kill the malware.

The Russian antivirus company Dr. Web announced yesterday that the Flashback trojan is now installed on over 550,000 Macs. Hours later, Dr. Web malware analyst Sorokin Ivan announced on Twitter that figure had risen to 600,000 Macs, 274 of which were infected in Apple’s hometown of Cupertino, California.

The most recent variant of the Flashback trojan targets Macs that have an older version of Java Runtime installed. Thankfully, Apple issues an update earlier this week patching the vulnerability, but for some machines it was just too late.

Ars Technica explains how the hack works:

Like older versions of the malware, the latest Flashback variant searches an infected Mac for a number of antivirus applications before generating a list of botnet control servers and beginning the process of checking in with them. Now that the fix for the Java vulnerability is out, however, there’s no excuse not to update—the malware installs itself after you visit a compromised or malicious webpage, so if you’re on the Internet, you’re potentially at risk.

You can find out whether your machine is affected by opening up the Terminal application and typing:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If you get the message “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”, you must then enter:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get the message ”The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”, then your Mac is safe. Basically, the “does not exist” message means you’re clean.

If you see anything other than those messages, you can check out F-Secure’s guide to removing the Flashback trojan.

[via Ars Technica]

via Is Your Mac Infected By The Flashback Trojan Affecting 600,000 Macs? | Cult of Mac.

How to Install Missing Java Plug-in With Mac OS X Lion (OS 10.7.x)

How to Install Missing Java Plug-in With Mac OS X Lion (OS 10.7.x)
If you are running OS X Lion (OS 10.7.x) on your Mac, you may need to install the latest Java Plug-in.  To do so, please follow the fast and easy steps below:

1.  When you encounter a Java applet, you may see “Missing Plug-in” display.

2.  Click the down arrow to download the missing Java Plug-in.  In the dialog that displays, click the “Install” button to start the Software Update.

3.  The Java Plug-in will download to your Mac.

4.  The Java Plug-in will install on your Mac.

5.  Once the Java Plug-in has downloaded and installed successfully, click OK.

You can also download Java for OS X Lion here

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑