Java 7 Update 10 Adds Ability To Disable Java In All Browsers

The new Java 7 Update 10 allows the user to easily disable Java in all web browsers. We have long been critical of Java security and advised uninstalling it where possible as it is so often targeted by malware infected websites.

However, many users require Java for offline applications e.g. LibreOffice and business apps so can’t just uninstall it – until now it has been difficult and time consuming to disable Java on a per-browser basis. That has changed today as Java 7 Update 10 includes a new Security Panel – it is now easy to disable Java content in all web browsers via the Java Control Panel.

This prevents any Java application from running in web browsers but does not affect standalone (non-browser) Java applications such as that used by LibreOffice – the best of both worlds, security whilst browsing but still able to use Java offline. The main features of Java 7 Update 10 include:

  • Now certified for Windows 8 and Mac OS X 10.8.
  • New Security Panel as noted above – also adds the ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported.
  • New dialogs to warn you when the JRE is insecure (e.g. expired or out of date).
  • Other bug fixes

Download Java 7 Update 10 – Download it from the official Java download page.

To Disable Java In ALL Web Browsers: First, close all web browsers then click ‘Start’ then ‘Control Panel’. The next steps are slightly different depending on your version of Windows:

XP – Double click ‘Java’ (switch to ‘Classic View’ if you can only see Categories View in Control Panel) to open the Java Control Panel.
Vista/Windows 7 – click Programs (if not in Classic View) then double click ‘Java’ to open the Java Control Panel.

Now select the ‘Security’ tab of the Java Control Panel and untick ‘Enable Java content in the browser’ (as shown below) then press ‘OK’ to finish – this will disable Java in all browsers:

Java7u10

Disabled Java content in all browsers

If you want to check that Java is disabled, visit the Java test page here from each browser – if Java is disabled you should see a message ‘No working Java was detected on your system’ followed by an offer to download it.

To Increase Java Security In ALL Web Browsers: If you must leave Java enabled in browsers you can still adjust the Security Level for better security. Follow the previous steps above to open the Security tab of the Java Control Panel then move the Security Level slider up the scale – ‘Very High’ means that you will be prompted before any Java app runs in the browser and unsigned apps will not run.

Tip: support for Java 6 ends in February 2013 – if you have not yet upgraded, this is a good opportunity to uninstall version 6 and install the latest version 7 for better security.

To Disable Java For A Single Browser

If you do not want to disable Java for all browsers, it is still possible to disable it per browser – to disable Java in Google Chrome see here or to disable Java in Firefox see here. There is no way to disable Java fully in IE only – our guide here gives advanced methods to partially disable it but there is still a risk that a webpage can bypass those restrictions.

Conclusion

Oracle have obviously taken notice of criticism following the 0-day security flaw in August which gained worldwide attention. Whilst many people may need to use Java for offline apps, there is now a simple way to disable Java from running in all web browsers – the source of most vulnerabilities.

The revised Security Levels also make it easier to strengthen security if running Java within the browser.

1 Response to: "Java 7 Update 10 Adds Ability To Disable Java In All Browsers"

  1. jon sullivan says:

    Oracle – fix all the security problems with your program and I will start to use it again.

Leave a reply