Internet plugins are a wonderful way to add additional functionality to your web browsing experience.  For example, many sites depend upon Adobe Flash for video or Acrobat Reader for viewing a PDF within your web browser.  There are also plugins for audio, remote connectivity, Microsoft Office, and more.

But the side-effect of having all these plugins installed is that, in addition to getting security updates for our web browsers from Microsoft, Google, Mozilla, and others, users must also depend upon the creators of the plugins they use on a daily basis to keep those plugins up to date and secure.

And while companies like Adobe have been making strides to improve the frequency and ease by which updates are made available to their users, I’ve been watching the state of security for the popular Internet web browser plugin, “Java” from Oracle Corporation, for a couple weeks now with increasing concern.

Oracle’s release schedule for patches simply doesn’t mesh up with the frequency of new attacks appearing for this browser plugin, and those frequency of attacks means greater risk for you and your small business the longer this plugin is installed and enabled within your web browsers.

So I’m now making the strong recommendation that you take action ASAP to disable the Java plugin within all the web browsers you have installed on the computer in front of you (IE, Chrome, Firefox, and Safari) as well as all the other computers in your office and at home.

(please note: I’m not referring to JavaScript. Despite the similar name, JavaScript is different technology and okay to leave enabled.)

The good news is the steps to disable Oracle’s Java plugin for both Windows and Mac users are simple and quick and should not affect any Windows or OS X applications that require Java to operate properly.

Also note that while most users will never notice anything different in their web browsing activity by disabling the Java plugin, if you have a specific need for using a Java plugin on the Internet, there are safe ways to leave Java enabled on your computer in a limited capacity, and I’ll discuss how you can do that in a future post.

In the mean time, please continue to practice safe computing by applying security and other updates as they’re made available to you, pay attention to the links you click, and don’t any open unexpected attachments!

How to Disable Java in your Web Browser

(please do this for every browser you have installed on your PCs or Macs)

Windows Internet Explorer

If you’re running a current version of Internet Explorer on Vista or Windows 7:

1)    Click the “gear” icon in the top-right of the IE window and select Manage Add-ons
2)    When the Manage Add-Ons window appears, make sure Toolbars and Extensions is selected on the left and then look for Java listed on the right.
3)    Select and click Disable for all instances of Java you find.
4)    Restart Internet Explorer

If you’re still using Windows XP and older versions of IE:

1)    Click Tools > Internet Options
2)    Click the Advanced tab
3)    Scroll down and locate the section called “Java”
4)    Uncheck the box for Use JRE (followed by some numbers. i.e. 1.6.0_35)

Mozilla Firefox (Windows and OS X)

1)    Click Tools > Add-ons

Note: Some Windows installs require you to click Firefox > Add-ons

2)    In the Add-ons Manager, click Plugins
3)    Locate and Select the Java plugin(s).

Note: They may be named Java Applet Plugin or Java Platform SE 6.
 You may also see a Java Deployment Toolkit.

4)    Click Disable for each “Java” plugin found
5)    Restart Firefox

Google Chrome (Windows and OS X)

1)    Type about:plugins in the address bar and press Enter (Return)
2)    When the list of plugins appears, locate Java, then click Disable
3)    Restart Chrome

Apple Safari (Windows and OS X)

1)    On Windows, Click the Gear in the top-right then select Preferences
OR
On the Mac, click Safari > Preferences
2)    Click the Security tab
3)    Uncheck the box labeled Enable Java
4)    Restart Safari