Hackers are using Java more and more, according to the U.S. Department of Homeland Security. As a result, officials are desperately urging computer users to disable Oracle Corp's Java software immediately.
"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's Computer Emergency Readiness Team said in a statement on its website on Thursday.
"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," the agency said. "To defend against this and future Java vulnerabilities, disable Java in Web browsers."
Hackers have become extremely proficient in installing malicious software through Java. Once the hackers install the software, they are able to commit serious crimes including identify theft
Java was once considered a great solution for computers users on-the-go. Oracle promised computer users the ability to run a Java program on any Java-supporting platform. But that never came to fruition. And, even worse, Java became a popular tool for hackers, the government says. "The most recent Java vulnerability affects all versions of Java 7, including the most current version. Unless you absolutely need it, you should disable Java now," PC Magazine advises.
Disable Java in All Browsers
Oracle recently released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers in the Java Control Panel. Open Control Panel and launch the Java applet. If you don't see it, switch to Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab. In previous versions this tab just allowed advanced users to manage Java-related certificates. It now displays a security-level slider and, more important, a single checkbox titled "Enable Java content in the browser." Un-check this box, click OK, and you're done.
Disable Java in One Browser
For security's sake you really should be using the very latest Java version. If you're not, or if you need to enable Java in some browsers but disable it in others, you can do that too.
Using Chrome? Enter chrome://plugins in the browser's address bar. Scroll down to Java and click the link to disable it. That was easy, and a bit simpler than Oracle's recommended steps. The process is similar in Opera, which Oracle's page doesn't mention. First, enter about:config in the address bar. Click the Java heading to expand that section, un-check the checkbox, and click the Save button. In Safari, choose Preferences, choose Security, and deselect Enable Java.
The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.
Firefox users can click the Firefox button at the top and choose Add-ons from the resulting menu. On the Plugins tab, click the Disable button next to "Java(TM) Platform." You can also disable Java for all Mozilla family browsers by un-checking the Mozilla family box in the Java control panel.
When writing this article, I had a hard time viewing the new feature that Oracle added in Update 10. Why? Because I had disabled Java and figured I didn't need to update it. That was lazy thinking; I've reformed. At any time you might find you need Java, perhaps for a Web meeting, or a remote-control tech support session. If you don't want to let Java update automatically, you can check for updates from the Java Control Panel at any time.
Whichever method you choose, visit the Java test page at http://java.com/en/download/testjava.jsp to confirm that Java is disabled. Yes, you'll occasionally run across a website that relies on Java. If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.