Last week's notice by researchers at Security Explorations of an unpatched hole in the Java runtime environment may have left you wondering whether to disable Java until Oracle releases a patch. CNET's Topher Kessler noted in his that no malware exploiting the vulnerability has yet been documented.
Which leads to the question, "Do I need Java?"
The best way to find out is to disable Java in your browser and re-enable it only if you encounter a site that prompts you to download Java before it will open. Then you can activate the Java plug-in by following the steps below in reverse, and perhaps disable the plug-in again after you leave the site.
(While researching this topic I discovered that one of my test PCs has been browsing flawlessly for more than a year without the Java runtime environment installed.)
These steps will disable Java in Internet Explorer 9, Firefox 15.0.1, Google Chrome 22, and Safari 6.0.1. If you're using an older version of these browsers, update to the latest release. (More information on software updaters is found at the end of this post.)
Disable Java in IE 9 via the 'Manage add-ons' option
Click IE 9's gear icon in the top-right corner of the window and choose "Manage add-ons." Select Toolbars and Extensions in the left pane under Add-on Types and scroll to the entry for the Java plug-in under "Sun Microsystems Inc." Choose the Java entry and click Disable in the bottom-right corner.
The next time you start IE, a notice will appear at the bottom of the window informing you that the Java plug-in is ready to use. Click the "Don't enable" button or the x on the right of the pop-up to continue browsing Java-free.
Firefox's Java plug-in can be disabled in a jiffy
To prevent the Java plug-in from running in Firefox, click Tools > Add-ons to open the browser's add-on manager. (If you don't see the menu at the top of the Firefox window, press the Alt key.) Choose Plugins in the left pane, scroll to the entry for the Java plug-in, and click its Disable button.
(When I checked this Firefox setting on one of the PCs in my home office the Java SE 6 plug-in had been disabled automatically because Firefox identified it as vulnerable. Updating to Java SE 7 re-enabled the plug-in in Firefox automatically.)
Turn off Java in Google Chrome
You can disable Java in Chrome by entering "chrome://plugins" in the address bar and pressing Enter to display a list of the browser's plug-ins. Scroll to the entry for Java and click Disable.
Put Java on the shelf in Safari
To shut down Java in Safari, click Safari > Preferences (or press Command-,), select the Security tab at the top of the window, and uncheck Enable Java.
A word about drive-by downloads
Every time I write about Java or Adobe's Flash Player, I begin my making sure I have the most recent versions of the plug-ins. And every time I update the two programs manually I'm prompted to download a free security scanner: McAfee Security Scanner for Java and Norton Security Scan for Flash.
It's bad enough that the scans aren't directly related to Java or Flash, but in both instances the option to scan your system is selected by default. People in a hurry will click OK to install the update without realizing they're getting more software than they expect. Unless you want to prolong the update process by adding a malware scan you may not need, be sure to uncheck the scan options whenever you update either plug-in.