Gov Says Turn Off JAVA? What?

In Weird News…

So yes, the government (or more specifically the U.S. Department of Homeland Security) has put out a nationwide warning that hackers have found a big flaw in JAVA and they want you to turn it off. What? really?

So this is very weird, Smokey’s tracking this nation wide government initiated warning to turn OFF JAVA on all PC’s. I spent the last few hours trying to toss this into the silly fraud category but it seems to be real.  With over 20 years in the computer space I’m going to call this weird though.

The funny thing is I would never consider the government a good source for computer advise but considering the range and scope of the warning we’re not sure if we should call the warning silly or tell you to run for the hills.

Here’s the government’s warning;

“Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.”

By the way, if you are running Apple never mind.

Apple has already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed. Apple has achieved this by updating its “Xprotect.plist” blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.

Granted JAVA is not the most secure program in the world and is normally one of the first places a hacker will look to invade a computer system but again the strange thing is the scope of the warning and the fact that the initiator is the government.

If you want to see the scope of the warning for yourself and/or how the general media has embraced it, just go to Google news and search for JAVA.

Smokey is going to recommend that you first do a little research yourself out on the network or your favorite news site (Wait that’s Smokey) LOL and decide for yourself.    If the reports concern you then follow the instructions below to turn off JAVA.

What did Smokey do; you ask? Though I will probably hate myself in the morning, we turned it off..

You will be surprised how many sites will work fine without it.

Here’s the instructions: Pretty easy..

Disable Java in All Browsers
Last month Oracle released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers in the Java Control Panel. Open Control Panel and launch the Java applet. If you don’t see it, switch to Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab. In previous versions this tab just allowed advanced users to manage Java-related certificates. It now displays a security-level slider and, more important, a single checkbox titled “Enable Java content in the browser.” Un-check this box, click OK, and you’re done.

Disable Java in One Browser
For security’s sake you really should be using the very latest Java version. If you’re not, or if you need to enable Java in some browsers but disable it in others, you can do that too.
Using Chrome? Enter chrome://plugins in the browser’s address bar. Scroll down to Java and click the link to disable it. That was easy, and a bit simpler than Oracle’s recommended steps. The process is similar in Opera, which Oracle’s page doesn’t mention. First, enter about:config in the address bar. Click the Java heading to expand that section, un-check the checkbox, and click the Save button. In Safari, choose Preferences, choose Security, and deselect Enable Java.

The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.
Firefox users can click the Firefox button at the top and choose Add-ons from the resulting menu. On the Plugins tab, click the Disable button next to “Java(TM) Platform.” You can also disable Java for all Mozilla family browsers by un-checking the Mozilla family box in the Java control panel.

Stay Updated
When writing this article, I had a hard time viewing the new feature that Oracle added in Update 10. Why? Because I had disabled Java and figured I didn’t need to update it. That was lazy thinking; I’ve reformed. At any time you might find you need Java, perhaps for a Web meeting, or a remote-control tech support session. If you don’t want to let Java update automatically, you can check for updates from the Java Control Panel at any time.

Whichever method you choose, visit the Java test page at to confirm that Java is disabled. Yes, you’ll occasionally run across a website that relies on Java. If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.



Jim Ball reporting January 12, 2013