Advent tip #23: Check that Java is turned off in your browser

You’ve heard of Java.

It’s a computer programming language that can be used to develop applications that aren’t tied to a single sort of computer.

Java programs have two main ways of running:

  • As full-blown applications, installed permanently onto your computer in the same way that you might install Word on Windows or Keynote on a Mac.
  • As web applets, delivered in a web page to run inside your browser, under stricter security controls than full-blown Java applications.

A few years ago, Java applets were a happy hunting ground for cybercrooks: finding an exploitable bug in the applet subsystem was as good as finding a bug in the browser itself.

At the same time, fewer and fewer websites actually relied on Java, so the only people who really benefitted from it being turned on in your browser were the crooks.

That’s the problem with software that you only rarely need, but which is continually exposed to outside threats: it’s easy to ignore it, and let it get out of date, only to receive a rude shock when it’s used to attack your computer.

That’s why we’ve been recommending for years that you turn Java off in your browser.

Even Oracle, the owners of Java, agree these days, and have provided a “switch” for centralised control of browser-based Java.

Why not do us all a favour, including yourself, and use your Java Control Panel to check that it really is turned off?

💡 LISTEN TO OUR PODCAST: Sophos Techknow – All about Java

(Audio player above not working? Download MP3 or listen on Soundcloud.)

Images of Christmas tree and Advent calendar courtesy of Shutterstock.