Java is not JavaScript – tell your friends!

How to turn off Java. Image from ShutterstockAs you are probably aware, lots of people, including the writers at Naked Security, are advising you to turn off Java in your browser for security reasons.

Some people are worried that turning off Java also turns off JavaScript.

Most modern websites make heavy use of JavaScript, so these people are worried that sites such as Facebook, Twitter, and even Naked Security, will be pretty much useless if they follow our “turn Java off” advice.

So, let me clarify.

Java and JavaScript are completely different.

Turning off Java will not turn off JavaScript.

They’re configured separately.

The converse is true, too. If your aim was to improve security by turning off Java, turning off JavaScript instead will not have the desired effect.

Apologies if you already know this. But the names are a bit confusing.

I’ll keep this article short and simple by not going into too much detail about the differences here.


Suffice it to say that JavaScript is generally built in to your browser, and is used to control the look, feel and function of web pages displayed inside your browser. So you can think of it as part of your browser.

That doesn’t mean there aren’t security risks from JavaScript. There are, but they’re different to the ones posed by Java, and they’re generally fixed or patched directly by your browser vendor.

JavaScript is very commonly used in modern websites. In fact, you won’t get very far without it on many of the popular sites out there.

So we are not recommending that you turn JavaScript off in your browser.


On the other hand, Java, made by Oracle, is a software package installed separately from your browser.

It can be used for creating and running all sorts of regular-style software: web servers, code editors, word processors and much more. These are called applications, just like any other application such as Microsoft Word or Apple iMovie.

Java also provides a plugin system that allows stripped-down Java programs called applets to run inside your browser. They aren’t integrated with your browser like JavaScript programs, and their security generally depends on the Java system itself, not on your browser.

Java applets used to be fairly common, but (mainly through the rise of JavaScript) they are now are used rarely, or not at all, on most of the popular websites out there.

In fact, you probably won’t miss much without applet support. Lots of Facebook users, for example, report being able to use their favourite addons such as games without Java.

Nevertheless, there have been several recent and widely-abused bugs in the applet part of Java that make your browser insecure.

So we are recommending that you turn off Java in your browser.

And that’s it.

A warning

By all means, turn off JavaScript if it suits you.

But let me reiterate: we aren’t recommending that. And if you do, you won’t get rid of Java, which is probably what you want.

In case you’re wondering, Java was originally called Oak, after a tree outside the inventor’s office. It was renamed Java after the island, because lots of coffee comes from there, and programmers run on coffee.

JavaScript was originally called Mocha after the coffee drink, because programmers run on coffee, but turned into LiveScript, and finally into JavaScript, probably for marketing reasons to compete with Java. The only real similarity with Java is in the first four characters of the name.

Technically, JavaScript is now officially known as ECMAScript, and if you start calling it by that name, you’ll never confuse it with Java again!