How to turn off Java on your browser – and why you should do it now

IMPORTANT: The article below was written in August 2012, in response to a security scare involving Java.

Although that particular scare has now passed for users who have kept their Java installation updated (or disabled Java in their browser), the article below is still relevant as vulnerabilities continue to be found in Java, and exploited by malicious hackers.

Most recently, in January 2013, a new zero-day flaw affecting Java in web browsers was exploited. Apple and Mozilla are doing things to help fight the problem for their users, but you may decide that you still need to take steps yourself.

Below, we explain how to disable Java in your browser – if you decide that is the best course of action for you.

For Windows users looking for an easier method please read about the new control panel option in Java 7 Update 10.

How to turn off Java. Image from ShutterstockDo you still have Java turned on in your web browser?

If your answer is “Yes” or “I’m not sure” then it’s time to take action.

Right now, cybercriminals are aware and exploiting serious security flaws in Java that could lead to your computer becoming infected by malware.

And the worst news is that Oracle (who has known about the zero-day vulnerabilities since April) doesn’t plan to issue a patch for the problem until October. (Update: Oracle has now issued a patch – but you should still consider whether you really want to run Java or not in your browser).

There will be many pointing fingers at Oracle and arguing that it has not taken the security flaws seriously, but the accusations that are bound to fly aren’t actually going to help the millions and millions of vulnerable devices out there.

Those devices need a patch from Oracle – but as it may not be available for some time, the best advice I can give you is to disable Java.

Sign up to our free newsletter.
Security news, advice, and tips.

So, what are you waiting for?

Isn’t this just a storm in a teacoffee cup?

No, it isn’t.

Time and time again we’re seeing examples of cybercriminals exploiting flaws in Java to infect innocent users’ computers.

For instance, earlier this year we saw more than 600,000 Macs infected by the Flashback malware because of a Java security flaw.

In fact, it has become increasingly common to see malware authors exploiting vulnerabilities in Java – as it is so commonly installed, and has been frequently found to be lacking when it comes to security.

Cybercriminals also love Java because it is multi-platform – capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux. As a result it’s not unusual for us to see malicious hackers use Java as an integral part of their attack before serving up an OS-specific payload.

As the following video demonstrates, the bad guys have even created multi-platform Java malware which can hit your computer whether you are running Windows, Mac OS X or Linux.

Seriously though, stop reading this article now and check if you have disabled Java or not. Chances are that if you don’t think that you need Java, you don’t need it.

Even if you absolutely must use websites that require you to have Java installed, why not disable it in your main browser and have an alternative browser just for visiting that website?

What you need to do now is reduce the opportunities for attack. For most people that means disabling Java – and doing it now.

No coffee image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.