As you are probably aware, lots of people, including the writers at Naked Security, are advising you to turn off Java in your browser for security reasons.
So, let me clarify.
They’re configured separately.
Apologies if you already know this. But the names are a bit confusing.
I’ll keep this article short and simple by not going into too much detail about the differences here.
On the other hand, Java, made by Oracle, is a software package installed separately from your browser.
It can be used for creating and running all sorts of regular-style software: web servers, code editors, word processors and much more. These are called applications, just like any other application such as Microsoft Word or Apple iMovie.
In fact, you probably won’t miss much without applet support. Lots of Facebook users, for example, report being able to use their favourite addons such as games without Java.
Nevertheless, there have been several recent and widely-abused bugs in the applet part of Java that make your browser insecure.
So we are recommending that you turn off Java in your browser.
And that’s it.
But let me reiterate: we aren’t recommending that. And if you do, you won’t get rid of Java, which is probably what you want.
In case you’re wondering, Java was originally called Oak, after a tree outside the inventor’s office. It was renamed Java after the island, because lots of coffee comes from there, and programmers run on coffee.
how exactly do i turn off java then? sorry but i am a novice when it comes to this sort of stuff
To turn Java off, have a look here:
I play games on facebook and if I turn Java off will I still be able to play games? How do I go about turning it off?
Facebook games don't use Java…at least, I haven't heard anyone complaining of an FB game that stopped working without Java. (I've added a mention of this to the article to clarify.)
As for how to turn it Java:
Yahoo Games needs Java enabled in the browser.
Most FB games use Flash, not Java.
I come from Java, and that’s right!
This is the island of coffee.. Sometime I recommended you to try “Luwak Coffee”, which is the 1st class coffee in the world.
That's the stuff that gets eaten by a civet first, right? And then, ahhhh, excreted and, well, collected for sale?
I think I read somewhere that there's a competitive coffee brand now that uses elephants as the enzyme-activated pre-processing service.
I imagine the elephant coffee would have to cost more…you'd have to pay the blokes who collected the, ahem, excreta a fair bit more danger money, I expect. Though I suppose you'd get more pre-digested beans per…per…what *is* a unit of dung in polite parlance?
In a formal context, it's a "Morgan". In an informal context, a "Piers". :o)
Turn off Java and see if it still works. If it doesn't, turn Java back on if you really need it.
If you're using Chrome, and you have the Java plugin enabled, it should give you a notification saying "Java(TM) needs your permission to run", which you can either approve (be it just once or for the whole site) or reject (by ignoring and/or closing the notification).
If you're not using Chrome, then you might have to go with David's suggestion of turning Java on and off until you've figured out which sites need it and which ones don't. But – as I've mentioned elsewhere among these comments – if your browser doesn't prompt you first before loading an applet, then you should be considering a better browser.
hmm.. thanks – Id say thats about as much as I [i]need[/i] to know about the computer kind and maybe a little more than I need to know about the liquid kind.
As far as I understand, installing Java on your computer and running applications using Java is not particularly dangerous. The increased risk comes from using the Java plug-in in a browser. Am I correct in this?
Yes you are. The problem is that many browsers don't prompt first before loading Java applets. This is silly, since Java applets aren't just Flash animations: they're full-fledged programs, just like one you'd download and install on your machine, and *by design* are able to do things like create files on your computer. Java is a powerful programming language, which is why it's pretty much ubiquitous in educational websites (especially those with science simulators; NASA is especially fond of using Java for its educational simulators) and commonplace for banking.
So by this virtue, it's a bit unfair to pin all the blame on Java as a whole – or even Oracle's problematic implementation of it – when the browser can and should be preventing Java applets from automatically running.
There is one browser, however, that *does* prompt you before loading an applet: Chrome. Unlike Internet Explorer and Firefox, Chrome will not run an applet by default, but instead will display a notification bar with options to allow once, allow always for that particular site, or not allow (by ignoring the bar or closing it with the X at the far right).
For example's sake, let's go back to that NASA simulator I referenced. It's called RocketModeler III, and is a Java applet. You can find it at http://www.grc.nasa.gov/WWW/k-12/rocket/rktsim. Open that URL with Internet Explorer. Then try Firefox. Then try Chrome. Chances are, if Java is enabled as a browser plugin, IE and Firefox will load it without your approval, while Chrome will wait for you to click on either "Run this time" or "Always run on this site" before it even thinks of launching the applet.
In conclusion, though Oracle should certainly fix its code, it's not *completely* Oracle's fault that browsers are allowing applets to load without user confirmation – which, mind you all, is exactly why the exploit that everyone's up in arms about is even slightly significant. If you're a routine Java user (like me) and find that disabling Java entirely would be inconvenient, try Chrome.
Isn't it about time to rename Java script to something completely unrelated to Java? This never ending confusion is both understandable and potential harmful to people which do not know the difference.
Or another much better suggestion could be to just rename Java instead…I suggest the perfect new name: "GARBAGE". So if you make a Ja…Garbage program you need Oracles Garbage compiler 😀
Which may be why it's never caught on.
As for renaming Java to something pejorative…as previous commenters have pointed out, Java still plays an important role in letting you create and deliver applications. And standalone Java applications seem to create no more or less risk than OS-native applications (.EXEs on Windows).
The troubles are almost entirely in the browser integration. And IIRC Oracle's latest Java releases include a control panel that let you lock Java out of any and all browsers you have on your system. That means you can run Java applications to your heart's content, but can't run applets at all.
(For example, I have Java installed because I need it for Android research and development. But I don't use any websites that require it, so I have it locked out from my browsers. Best of both worlds.)
Better to just get rid of Java.
Should "Java Deployment Toolkit" be disabled as well?
This probably answers your question:
If you don't have Java in your browser, then the JDT is pointless so you can remove it. It you do have Java in your browser, the JDT's function is to go and get the "right" Java version for the applet you're trying to run, in case the applet wants a different version than the one you have installed.
Assuming you keep your Java up-to-date, it sounds to me as though the best thing the JDT can do for you is nothing, and the worst is to offer to drag down an outdated Java to run some old-school applet.
Sounds like you might as well remove, rather than merely disable the JDT. But as the above link explains, even if you do neither it won't affect your "Java in the browser" setting…
Java was developed by Sun Microsystems, and was later acquired by Oracle.
Oracle didn't create Java.
hi i was helping a friend with a virus problem, and he only had java update 6, 16, i helped him update it to 6.38 but why cant I put him on 7 11, hes running windows vista. thanks for the help
If you’re having a problem with Java, your first port of call should probably be Oracle’s support team. Sorry not to be more help.
Is there a way to allow Java to run only on selected ("white-listed") web-sites, and disable it for all others?
It would be nice to be able to use Java only for an internal corporate server or a banking site, for example.
You can do this with NoScript (http://noscript.net).
What about Club Pogo? I play there almost everyday. They requires Java to be on. :/
Oracle bought Sun in 2010. Since then, the java infections have dramatically increased. Perhaps Oracle should stay with databases and sell Java to someone who cares.
Garbage err Java is the language you use to write apps and those popular/addictive cute casual games for smartphones and mobile devices, particularly for Android OS. Yep, it may have become an irritant for webpages but for the mobile industry, it's gold!
What’s the difference?
Java is a full blown object oriented programming language for both web and desktop apps. Its latest iteration rivals Microsoft’s C#.
A long time ago Java was the preferred language of the web, ever since their debacle with Mozilla they expanded their multi platform universe to include mobile devices like Android. Java flourishes on phones and tablets. Whereas JS is stuck with the web browsers of choice.
Since I hate web programming I can’t really comment on anything positive or constructive for that matter.