Disabling Java Plug-ins
In recent years, the Java development platform has become a favored target for hackers, leading to a growing list of Java-specific vulnerabilities being discovered and exploited by various malware.
As such, many security researchers and national computer security organizations caution users to limit their usage of the Java Runtime Environment (JRE), unless required for business reasons, or to remove it entirely, including disabling Java plug-ins in web browsers.
Listed below are instructions for disabling Java plug-ins or add-ons in common web browsers ( based on the advice given by the US-CERT Vulnerability Note VU#636312).
Note: on systems with multiple user accounts, you may need to disable the plug-ins in each individual user account.
Also included below are links to resources that provide additional removal information.
- From the main menu bar, select 'Tools' > 'Add-ons' (or just click 'Ctrl+Shift+A').
- Look for plugins containing the term 'Java' and click the 'Disable' button next to them.
- Restart the browser.
- Type 'about:plugins' into the Omnibar.
- Look for the 'Java' plugin and click the 'Disable' link next to it.
- Click 'Preferences', then 'Security tab'.
- Uncheck 'Enable Java'.
- Click 'Tools' > ' Manage add-ons'.
- Select any add-ons with the term 'Java', then under the 'Settings' box below, check the 'Disable' radio button.
- Click 'OK'.
- Restart the browser.
In addition, you can disable Java from the Windows' Control Panel:
- In Window's Control Panel, click on 'Java'; a Java Control Panel will appear.
- In the Java Control Panel, select the 'Java' tab and click the 'View' button. For any JRE versions listed, uncheck the 'Enabled' box. Click 'OK'.
- In the Java Control Panel, click 'Apply' or 'OK'.
For additional information, check out the following resources:
- Java; Verify Java Version; http://www.java.com/en/download/installed.jsp
- United States Computer Emergency Readiness Team (US-CERT); Vulnerability Note VU#636312: Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged cod; http://www.kb.cert.org/vuls/id/636312
- CERT-FI (CERT Finland);Tietoturva nyt!; http://www.cert.fi/tietoturvanyt/2012/08/ttn201208281337.html (Finnish language)
- CERT-FI (CERT Finland); Restricting browser add-ons to protect against Java vulnerabilities; https://www.facebook.com/notes/cert-fi/selaimen-lis%C3%A4osien-rajoittaminen-suojaa-my%C3%B6s-java-haavoittuvuudelta/10152117863205145