Over the past week or so, our series of articles on How to turn off Java in your browser has been very popular.
That's because of a widely publicised vulnerability, thankfully now patched by Oracle (nice work, guys), that was being actively exploited by cybercriminals to infect PCs.
Our article directs you to five sub-articles giving specific instructions for five well-known browsers:
- How to disable Java in Internet Explorer
- How to disable Java in Firefox
- How to disable Java in Chrome
- How to disable Java in Safari
- How to disable Java in Opera
Let me apologise in advance that we couldn't include everyone. If you're a fan of alternative browsers such as Konqueror, Midori, Lynx, Seamonkey, Iceweasel and Links, "We're sorry." And if you're a fan of browsers that didn't even make that alternative list, "We're doubly sorry." There's a biggish list of browsers on Wikipedia, if that makes you feel better, but even that article starts with the dreaded words, "A list of notable web browsers."
Today, as I was looking through our recent Naked Security readership statistics, it occurred to me to do a percentage breakdown of the the people who had read each of the browser specific articles day-by-day for the past five days.
"Those stats are bound to tell an interesting story," I thought to myself. (I didn't really think that. I thought that they might make a pretty graph, which is nearly, but not quite, the same thing.)
For example, a browser might be over-represented, compared to its market share, thus indicating that users of that browser are more informed about security issues, and thus more likely to seek expert advice to make sure they are on top of the problem
Or it might be over-represented because its users are less informed about security, and thus more likely to seek expert advice to make sure they are on top of the problem.
Or users of a particular browser might dislike Java more than users of another browser, and thus be keener to read how to turn it off.
Unless, of course, their dislike prompted them to turn it off long ago, causing them to be under-represented.
Or they might be under-represented because they uninstalled the whole shebang, and no longer need to know about how Java and their browser interact on account of having no Java at all.
If you must read something into this graph, it should probably be no more than that it provides a possibly staggeringly inaccurate measure of each browser's market share.
OK, a possibly staggeringly inaccurate measure of each browser's market share amongst Naked Security readers.
But I was right. It does make a pretty graph, doesn't it? And that's interesting in its own right.
(I mean to say that it is interesting inasmuch as it makes a pretty graph, not interesting that I was right, but that is interesting too, now I think about it.)
On a serious note: you have patched or updgraded your Java installation, haven't you? That is, if you have Java installed, whether turned off in your browser or not?
And if you are in the 42% using Internet Explorer: you've applied the brand new IE patch too, haven't you? Or migrated upwards to IE 9 or IE 10?