Security alert: Remove Java from your browsers

Woody Leonhard

With nearly every news outlet — along with the U.S. Department of Homeland Security — calling for its removal from PCs, who wouldn’t worry about running Java on their computer?

Fortunately, there are steps every Windows user can take to lessen the chances of being bitten by a Java exploit.

Why everyone should be concerned about Java

In the computing world, Java is very nearly ubiquitous. As noted on Oracle’s Java FAQ site, it runs on lots of PCs, but it also runs on “billions of devices worldwide, including mobile and TV devices.” Java is not JavaScript, as Susan Bradley notes in her companion piece, “Java: More than the usual cup of coding coffee,” about what Java is and isn’t.

In this article, I focus on one task — disabling Java in your Web browser(s). It’s the most effective way to protect yourself from most Java-based threats. Yes, some PC users still need Java in their browsers to work with specific websites. But most of us have little to lose and much security to gain by keeping our browsers Java-free. (And yes, Mac users should block Java, too.) Java in browsers has been a malware magnet for years — it’s unlikely that fact will change anytime soon.

I’m not going to review the most recent round of Java exploits, their patches, or new exploits built onto the backs of Java fixes. Java updates are routinely covered in the twice-monthly Patch Watch column. Brian Krebs has an interesting Krebs on Security post detailing the latest war between Java security and hackers.

Scorched earth: Remove Java from all browsers

These days, it’s common for PC users to use multiple browsers. Most versions of Windows have Internet Explorer installed, and many — if not most — PC users are running Firefox or Chrome — or both. On any PC with multiple browsers, the most effective security policy is to disable Java in all browsers; then see what, if anything, breaks. Most likely, you’ll never miss it.

Websites requiring Java are on the decline, but if you hit one, you can just move on to a different site. On the other hand, if your bank, brokerage company, or some other critical site requires Java, then you need to limit your Java exposure. (I’ve been running Java-free for about six months now, and I haven’t missed it one bit.)



This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.



= Paid content

All Windows Secrets articles posted on 2013-01-24:

Woody Leonhard

About Woody Leonhard

Woody Leonhard is a Windows Secrets senior editor and a senior contributing editor at InfoWorld. His latest book, the comprehensive 1,080-page Windows 8 All-In-One For Dummies, delves into all the Win8 nooks and crannies. His many writings tell it like it is — whether Microsoft likes it or not.