Why You Should Probably Disable Java on Your Browser Right Now

The Citizen's Guide to the Future
Aug. 29 2012 10:01 AM

Why You Should Probably Disable Java on Your Browser Right Now

Java founder James Gosling at Oracle conference
Sun Microsystems chairman and co-founder Scott McNealy (left) shakes hands with Java founder James Gosling at the 2009 Oracle Open World conference in San Francisco.

Photo by Justin Sullivan/Getty Images

UPDATE, Thursday, Aug. 30, 4:16 p.m.: Oracle has issued a new version of Java that it says fixes the vulnerabilities described below. For more, see my new post here.

Will Oremus Will Oremus

Will Oremus is Slate's senior technology writer.

Original post: Hackers have found a flaw in Oracle's Java software that allows them to break into users' computers and install nasty malware, security experts report. The attack, first spotted on Sunday by researchers at the security firm FireEye, is what security types call a "zero-day" threat, exploiting a previously unknown vulnerability for which there is currently no fix available.

Advertisement

The loophole appears to affect Java Version 7 (also known as 1.7) on all browsers. So far the attacks have been against PCs, but Mac users are vulnerable as well. Businesses should be especially concerned about targeted attacks, but just about anyone who uses Java on the Internet is at risk, especially since the attack has been added to the Internet's most popular hacking kit, BlackHole.

Given the potential seriousness and pervasiveness of the attacks—and Oracle's reputation for being slow on the draw in response to Java vulnerabilities—experts say that everyday Internet users should probably just disable Java entirely. Like, right now.

"Java has been the most exploited program for well over a year now and it simply isn't worth the risk," Chet Wisniewski of the security firm Sophos told me in an email. "I would recommend removing Java entirely, if you can."

That's not as problematic as it might sound. Java is not as popular on websites as it once was, and the average browser will rarely run across it, Wisniewski says. Sadly, it does mean that my old favorite Java game, Voodoo Bowl, is out of the question.

UPDATE, Wednesday, Aug. 29, 11:12 a.m.: Several readers have asked how exactly one goes about disabling Java. In most cases, you don't actually have to uninstall it from your operating system—you can just disable it in the main browsers that you use. The procedure is slightly different for each browser, but it's actually pretty simple for all of them except Internet Explorer. (One important note: Java should not be confused with Javascript. Disabling Javascript will result in a bunch of websites not working properly, and it won't do anything to address this threat.) Here are the basics for disabling Java:

  • In Firefox, select "Tools" from the main menu, then "Add-ons," then click the "Disable" button next to any Java plug-ins.
  • In Safari, click "Safari" in the main menu bar, then "Preferences," then select the "Security" tab and uncheck the button next to "Enable Java."
  • In Google Chrome, type "Chrome://Plugins" in your browser's address bar, then click the "Disable" button below any Java plug-ins.

If you're an Internet Explorer user, the process is a bit more complex. The blog Krebs on Security summarizes a procedure that "may or may not work." Alternatively, you could uninstall Java from your system, provided you don't need it for some particular application or website that's important to you.

My brief instructions above may not work for everyone, so for more specifics and for links to pages that detail Java-disabling procedures for various browsers, see this post from the United States Computer Emergency Readiness Team. For those who can't live without Java, Wisniewski's blog post at Naked Security offers a few other suggestions.

One final point: This flaw does not appear to affect the previous version of Java (Version 6, a.k.a. 1.6), which is the default on most Macs. So while Mac users are theoretically as vulnerable as Windows users, only those who have specifically installed Java 1.7 should be at risk.

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

Medical Examiner

The Most Terrifying Thing About Ebola 

The disease threatens humanity by preying on humanity.

I Bought the Huge iPhone. I’m Already Thinking of Returning It.

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Students Aren’t Going to College Football Games as Much Anymore

And schools are getting worried.

Two Damn Good, Very Different Movies About Soldiers Returning From War

The XX Factor

Lifetime Didn’t Think the Steubenville Rape Case Was Dramatic Enough

So they added a little self-immolation.

Politics

Blacks Don’t Have a Corporal Punishment Problem

Americans do. But when blacks exhibit the same behaviors as others, it becomes part of a greater black pathology. 

Why a Sketch of Chelsea Manning Is Stirring Up Controversy

How Worried Should Poland, the Baltic States, and Georgia Be About a Russian Invasion?

Trending News Channel
Sept. 19 2014 1:11 PM Watch Flashes of Lightning Created in a Lab  
  News & Politics
Weigel
Sept. 20 2014 11:13 AM -30-
  Business
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
  Life
Quora
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Slate Picks
Sept. 19 2014 12:00 PM What Happened at Slate This Week? The Slatest editor tells us to read well-informed skepticism, media criticism, and more.
  Arts
Brow Beat
Sept. 20 2014 3:21 PM “The More You Know (About Black People)” Uses Very Funny PSAs to Condemn Black Stereotypes
  Technology
Future Tense
Sept. 19 2014 6:31 PM The One Big Problem With the Enormous New iPhone
  Health & Science
Bad Astronomy
Sept. 21 2014 8:00 AM An Astronaut’s Guided Video Tour of Earth
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.