No Gravatar

By now you’ve probably heard about the latest Java exploit and the government’s recommendation that you disable Java in your browser. You may also have heard that Oracle has released an update to fix the problem. But there’s a fair chance that others will be found. Because of this, some are calling for Java to be killed off. That’s just crazy.

Yes, there will probably be many more vulnerabilities found. But problems are found almost daily in all sorts of software. There’s no reason to kill off something useful because of the possibility of an issue.

That’s not to say you shouldn’t take precautions. Almost all of the issues with Java are due to visiting malicious web sites. But you can easily avoid the problem by turning off the web portion of Java, either in your browser or, with the latest update, system-wide in the Java Control Panel.

In Safari, you can disable Java in Safari’s preferences by unchecking it:



Don’t turn off JavaScript – it’s unrelated to Java completely (other than the confusing name).

You can also turn off Java in all your browsers by going to System Preferences, choosing Java, and then going to the Security tab:


Uncheck the box at the top and it will be disabled in all browsers.

So why not just uninstall Java completely? Well, you may have programs that need it on your system. I have several Java programs that run locally that I have no desire to try and find replacements for (if any even exist). These programs are the best for what I need them to do. One is for accessing multiple different types of databases, something I do all day long, and I’d be lost without it. Also, my Major League Baseball TV package for the Mac requires it.

So it’s not like Java is some useless appendage that exists solely to leave security holes in your system. There are many programs that rely on it – more on the server side these days, but that doesn’t mean there aren’t client programs as well.

You may not have any Java programs on your system at all – in fact, you may not even have it installed. Apple stopped including it with Lion (10.7), offering it to be downloaded if something came up looking for it. If you don’t have it, then you obviously don’t have any Java programs and don’t need to worry. If you do have it on 10.7 or 10.8, it’s probably because you did something to trigger downloading it. So don’t be in a big hurry to get rid of it unless you’re sure you are no longer using it.


Share →

2 Responses to Black Coffee In Bed

  1. Brian Stone says:

    Thanks Jack.

    Much more helpful than all of the other stuff I have read.

  2. […] an update to last week’s post, it seems the patch Oracle put out took care of the bug it was supposed to, but others are still […]