Disable Java not Bob’s Java Jive (or JavaScript)

This is not Java

It is a common misconception that there is a strong relationship between Java and JavaScript, many people even use the two words interchangeably. In fact this similarity is based entirely on a technology name change from LiveScript to JavaScript by Netscape,who developed the technology back in 1995. This name change was widely seen as a marketing ploy at the time. In the long term it has been responsible for much confusion.
Java is not JavaScript is not Java. It’s not even the World Famous Bob’s Java Jive. With the recent zero-day vulnerability in Java that has come to light this week, understanding that this distinction exists has become crucial to your online security.
A vulnerability in the most recent version of Java means that attackers can fool you into visiting a malicious or compromised web site and, without any interaction use the vulnerability to install malicious code onto your computer. It has already been used to install a well known backdoor, giving criminals remote control over the infected machine and been incorporated into several attack tool-kits, both professional and criminal.
The fact that Java is a cross-platform environment means that it is relatively simple to create attack code for most major operating systems.
You are vulnerable to these attacks if you have Java 1.7.anything installed. This version is the most current and default version for Microsoft Windows computers. If you are using MacOS, the latest version of Java available through Apple’s Software Update is and is not vulnerable. However, if you have been keen to keep yourself patched against past vulnerabilities by staying up-to-date (normally very good advice), then you may have visited java.com where Oracle is serving up the latest, vulnerable, version to MacOS users as well.


In the absence of a patch for this widespread and already abused vulnerability, the best advice is simply to disable Java in your web browser and this is where the distinction between Java and JavaScript becomes key, otherwise you may very well end up disabling the wrong thing and remaining at risk.


To disable Java in Internet Explorer:
In the Tools menu of Internet Explorer, select Manage Add-Ons and disable Java™ Plug-in SSV Helper and Java 2™  Plug-in 2 SSV Helper

To disable Java in Firefox (MacOS & Windows):
In the Tools menu select Add-ons and disable the Java Deployment Toolkit, Java™ Platform and/or Java Applet Plug-in


To disable Java in Google Chrome:
Select the Wrench icon in the top right of the Chrome browser window, choose Settings and right at the bottom choose Show advanced settings. Find the Privacy section and click the Content Settings button. Find the Plug-ins section and click the Disable individual plug-ins, look for Java and hit the Disable link. That one is well-buried!


To disable Java in Safari for MacOS:
In the Safari menu, open the Preferences dialogue box and select Security. untick the box Enable Java
To disable Java in Safari for Windows:
Click the Gear wheel in the top right of the browser window and choose Preferences, select Security and untick the box Enable Java.
JavaScript is a whole different security conversation, but for the purposes of this current vulnerability it is irrelevant.
Image credit: Homini:)’s Flickr Photostream under creative commons.

7 thoughts on “Disable Java not Bob’s Java Jive (or JavaScript)

  1. Pingback: How to Use Java – If You Must | Virus / malware / hacking / security news

  2. Pingback: How to Use Java – If You Must

  3. Pingback: Java Zero Day: What you need to know | fearlessweb

  4. Pingback: Java Zero Day: What you need to know | fearlessweb

  5. Pingback: 關閉Java而非JavaScript(含停用 Java 指南) | 雲端防毒是趨勢

  6. Pingback: Disable Java not Bob’s Java Jive (or JavaScript) » CounterMeasures | ICT Security-Sécurité PC et Internet | Scoop.it

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.