Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Should I Disable Java, and If So, How?

Another vulnerability has been discovered in Java; if Java is installed on your machine, malware authors can exploit it to infect your computer with something as simple as your visiting a malicious or hacked website.

As I write this, there is no update to Java, which means that there is no fix. Technically that makes this a “zero-day exploit”.

The fix that most experts, including myself, are recommending is to remove Java from your machine. Chances are you don’t actually need it anyway.

But before we go further, we have to do the old “Java vs. JavaScript” dance.

Become a Patron of Ask Leo! and go ad-free!

Java and Javascript are two different and unrelated things

Because of another exceptionally poor choice of names, there’s always instant confusion when we talk about Java because people often confuse it with JavaScript.

That’s wrong. Java is not Javascript. They are completely unrelated to each other.

Javascript:

Javascript: (not to be confused with Java) is a computer programming language that is most commonly used to … continue reading.

From the Ask Leo! Glossary

  • Comes with your web browser; it’s part of Internet Explorer, Firefox, Chrome, and whatever other browser you might happen to have. There is no separate installation for JavaScript.
  • Is used by thousands and thousands of websites. Even Ask Leo! requires that JavaScript be enabled in order to post a comment (as part of a spam-prevention technique). Disabling JavaScript globally would render many if not most of the websites that you visit regularly partially to completely unusable.
  • Is considered a “scripting” language. While the term is somewhat vague, it generally means that JavaScript is a programming language used to augment some other environment, such as the display of HTML-based web pages in your web browser.

Java:

Java: (not to be confused with Javascript) is a general purpose programming language designed, as much as possible, to … continue reading.

From the Ask Leo! Glossary

  • Is a separate download. Typically, the first time that you run into a need for Java, it is downloaded and installed at that time.
  • Is a programming language used to write larger, full-featured applications.
  • Uses a “common runtime” which is installed on your computer to provide features and functionality to the programs written in Java.
  • May be installed either by installing a program that happens to use Java or by visiting a web page that itself contains a program written in Java.
  • Is used by a more limited selection of applications and websites.

While JavaScript may have its own set of issues from time to time, that’s not what this is about, at all. This is about Java.


However, you may have Java installed if you visited such a website, or installed such an application, even once …

You probably don’t need Java

While you almost certainly need JavaScript, it’s quite likely that you do not need Java.

Java is used only by certain applications and websites, and the majority of websites don’t use it.

However, you may have Java installed if you visited such a website, or installed such an application, even once. The installation was required to make that site or application work, but it’s not practical to somehow automatically uninstall it after your visit or after uninstalling the application because there’s simply no way to know if it’s also needed by some other application that remains or site that you visit.

It gets complex very quickly. As a result, once installed, Java remains installed until you explicitly uninstall it.

And that’s exactly what I recommend you do.

Uninstalling Java

In Control Panel, go to Add/Remove Programs (Windows XP) or Programs and Features (Windows 7).

Control Panel Programs list showing Java

Java Logo
Look for lines titled “Java”, “Java VM”, “Java Update” and the like, all with the Java logo as an icon.

Right-click on each, and select Uninstall.

Once you’re done, you’ve uninstalled Java.

Didn’t find any Java items in the Programs list? Then you’re done before you even started; you didn’t have Java on your machine to begin with.

Disabling Java

Disabling Java in your browser without removing it can be a complex task. I strongly recommend that you follow the process above to uninstall it from your computer completely.

However, as we’ll see in a moment, that might not be practical.

Rather than reinvent the wheel, here are instructions from Sophos’ Naked Security site on disabling Java in Internet Explorer. At the end of their instructions are links to similar instructions for Firefox, Chrome, Safari, and Opera.

What if it turns out I need Java?

After successfully uninstalling Java using the instructions above, you may encounter this when you visit a website that requires or uses Java:

Java Required Error

Depending on the browser, you may instead or also see a notification telling you that “Java(TM) is required to display some elements on this page.”

If you run a program on your PC that uses Java, you’ll see a similar error message (exact wording will depend on the program) indicating that Java is required, but not present.

You have a decision to make.

In my order of preference:

  • Live without that website or program. Perhaps find an alternative that does not use Java.
  • Reinstall Java on a separate “sacrificial machine” or virtual machine and use that to access these sites or run these programs, leaving it off the rest of the time.
  • Reinstall Java, but disable it in all browsers except for one, which you use only to access the sites that require it. Use a different browser with Java disabled for your day-to-day web surfing.
  • Reinstall Java and be super-extra-careful.

In any of the circumstances that involve re-installing Java, make certain to always keep Java up to date. Letting it update itself is the preferred approach, if offered.

Why is this such a mess?

The current situation isn’t an indictment of Java as a programming language – it actually is a pretty cool language, and ironically was itself designed with security in mind. One of its original selling points (‘write once, run everywhere’), while technically not 100% accurate, is a very popular reason for many to have adopted Java as a technology.

No, the devil here is certainly in the details.

All software has bugs, make no mistake. Even your favorite never-had-an-issue program that you use every day, whatever it is and whatever computer it’s running on, has bugs.

And so does the implementation of Java. It’s not the programs written in Java that are at issue (although they certainly have bugs of their own). The issue here is in that common runtime – often referred to as the “Java VM” or “Java Virtual Machine” – I mentioned earlier. It’s just software too, and like all software, it has bugs.

It might even have more than average, although I’m not going to say that for certain.

And it’s installed on a lot of machines.

As Java has become more popular over time, it’s become worth the time of hackers to see if there are bugs that haven’t been fixed that they can exploit. It’s popularity for hackers may not be based on millions of people actively using it, but rather millions of computers that happen to have Java installed because a website requiring it was visited once upon a time.

Update

In response to some of the comments:

  • Yes, a fix was released for the most recent problem. I still encourage people to uninstall Java, simply because most don’t need it, and this is not the first time we’ve been in this position, and it simply seems likely to happen again. If you do need to keep Java, then as I said above keep it (and all your software) up to date.
  • J2RE is a part of Java and can be removed.
  • Javascript (which is not Java) does not appear in the add/remove programs list, as it’s part of your browser and not a separate install.

(Update added January 12, 2013.)

Update to the Update

Several people have noted that:

  • A fix was released.
  • Java version 6 didn’t have the problem.

I have to stress that this is about much more than just a single vulnerability.

As it turns out, within days of the bug fix release hackers announced that they had found at least two more vulnerabilities in Java 7.

In my opinion the track record for Java vulnerabilities is poor enough that I continue to strongly recommend that you uninstall all versions unless you’re certain that you need it. (And uninstalling it to find out if you need it is also, in my opinion, a valid approach.)

(Update added January 22, 2013.)

Additional references

Javatester.org, includes a partial list of applications and sites that use or require Java.

How do I disable Java in my web browser?, instructions from Oracle.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

58 comments on “Should I Disable Java, and If So, How?”

  1. Java Update uninstalled. Now, what about J2SE Runtime Environment 5.0? Has a Java icon. Thx for the usable and clear advice.

    Reply
  2. I installed Java 7 Update 10 on 10th of January. Does this fix the vulnerability you mention? I can understand your reluctance to put a date in an article but in this case maybe it would be better than putting in “As I write…”?

    All my articles are dated at the bottom of the article.

    Leo
    13-Jan-2013
    Reply
  3. @Carol: This is probably Java version 5 which is really really old. I would uninstall it.

    @Gerard: No. All editions of Java 7 have the latest flaw. Java 6 does not have this flaw (which does NOT mean that its perfectly safe). The good new with Update 10 that you have is that Java use by web browsers can be totally disabled with a single checkbox. See the Java Control Panel in the Windows control panel, Security tab.

    Disabling Java in Internet Explorer, while leaving it enabled in other browsers is arguably impossible. This from Oracle themselves which says the only way to fully disable Java in IE is with the just mentioned checkbox introduced with Java 7 Update 10 that disables Java in ALL browsers, system wide.

    For much more on this topic see

    How to be as safe as possible with Java
    http://blogs.computerworld.com/cybercrime-and-hacking/21626/how-be-safe-possible-java

    Thanks Michael. I’ve added a link to your article in an additional resources section below mine.

    Leo
    13-Jan-2013
    Reply
  4. J2SE is not needed anymore as the new java 7 has it built in. i had a issue were i had to remove all java including j2se ad the firefox would not recognize the new java update was installed. so i went to website for java and it said to remove all java including this and re-install standalone java and it is all included. Now on to disabling java there is a new feature inside java console under security untick disable in browser and your done. all disabled in browser and only on the machine for programs that need it.

    Reply
  5. What about running Java on a Mac running OS X Mountain Lion. Does it still apply that it is best to uninstall it?

    What I’m hearing is yes.

    Leo
    15-Jan-2013
    Reply
  6. Thanks for keeping us up to date on this issue. Unfortunately, I seem to need Java. I have disabled it in Firefox and IE but I keep having to enable it for one site or another, the latest being Ticketmaster.

    I did just install v.7 update 11 as recommended by Javatester, but I’m keeping it disabled for now….

    Reply
  7. Dear Leo, I have removed Java from the computer BUT how is Java Script recorded in ADD/Remove so that I can ensure that I do not remove it ?

    Javascript is part of the web browser and does not appear separately in Add/Remove programs.

    Leo
    15-Jan-2013
    Reply
  8. Under XP, I found ONLY Java 7 Update 9, and JavaFX2.1.1. No other Java was found. Are they trouble and how do I get rid of these?
    Jack

    You uninstall them as described in the article.

    Leo
    15-Jan-2013
    Reply
  9. Re: Java and it’s problems, as of 1/14/13 on both my home & work computer, I have gotten the pop-up “Update your Java”. Should I be doing this now and HOPE that it is the “fix”? I’ve not seen anything on the news about a fix yet.

    There is a fix for the most recent issue, but the safest approach is to remove it completely unless you know you need it.

    Leo
    15-Jan-2013
    Reply
  10. Thank you so much for this. I uninstalled Java and another problem I was having went away – see below.
    Should I also uninstal JRE and J2SE Runtime Environment?
    There’s a forum on which I’m following a thread. Whenever there’s a reply, it auto-emails me and also shows a link to the thread. However, clicking on the link takes me to a site URL4SHORT. Uninstalling Java has stopped those diverts but if you search the internet for URL4SHORT you will see that this is a big problem for many users. What could be behind the problem? I bet you’ll find out, Leo! Keep up the good work & thanks again.

    Reply
  11. Hi Leo. Thanks for that. Running Windows Vista Home Premium on an HP Notebook computer. Found three instances of Java in my “Add/Remove Programs” list. Two I was able to uninstall without any problem, but the third Java (TM) 6 Update 7 refuses to uninstall. I get the following error message “Error 1719 – Windows Installer cannot be accessed. This may be because it is not properly installed. Contact your support personnel”. Can you advise me please?

    Reply
  12. I cannot find Java in my programs buy it is on my uninstall list in two items that must be installed before they can be uninstalled. I seem to be in a catch 22. Is there a solution? read your article with interest.

    Reply
  13. I was able easily to remove Java from the control
    panel, several Java listings. However, an icon
    remained on the control panel. I selected it and tried
    to bring it up, but without success. I did not select it
    and use the delete function. Should this icon be
    deleted also?

    If you’ve otherwise successfully uninstalled, and it sounds like you have, then I’d ignore it.

    Leo
    15-Jan-2013

    Reply
  14. I was too fast to follow Leo’s advice (respect)BUT as usually, I didn’t have to as a patch was found,and most important for me……i couldn’t play chess on line,so i learned my lesson

    A fix was found for *the most recent* problem. I still encourage people to uninstall Java, and would encourage you to find a different online chess program. Smile

    Leo
    15-Jan-2013
    Reply
  15. Hi Leo and everybody, today I gota message to update this JAVA problem, it appears there is a fix by updating to JAVA to 11. You can do this in your control panel (XP on mine) right click the ICON and open to the tab, then check for the update tab, it only took a few minutes to complete, but watch for the freebee in the check box, uncheck if you don’t want it before you go to the “next” box. 1/15/13

    Yes, a fix was found for *the most recent* problem. I still encourage people to uninstall Java, simply because most don’t need it, and this scenario seems likely to happen again.

    Leo
    15-Jan-2013
    Reply
  16. i did disable java. after reading your article i went into programs to uninstall. this is what happened. java7 update9 would not allow me to uninstall. the message came up as follows:
    first box – windows installer, preparing to remove. next window –
    an unidentified program wants to access your computer’ cancel, i don’t know where this program is from –
    allow i trust this program i know where it is from or i’ve used it before.
    this is the first time this ever
    happened when i uninstalled a program.
    just in case i use vista home basics and i did not do anything yet. thank you leo

    Reply
  17. I heard on the radio the other day about removing Java; so I immediately removed all Java files (it wasn’t listed as a program on the list of programs). However I did include all Javascript files when I deleted the files. So what do I do now?

    Depends on exactly what it is you deleted. Javascript is part of your browser, so if your browser starts acting up I’d probably reinstall it.

    Leo
    15-Jan-2013
    Reply
  18. Oracle says that the Java update issued on Sunday ( 7.11) solves the problem in version 7.10.

    Yes, a fix was found for *the most recent* problem. I still encourage people to uninstall Java, simply because most don’t need it, and this scenario seems likely to happen again.

    Leo
    15-Jan-2013
    Reply
  19. As a researcher in molecular biology/genetics, we are absolutely dependent upon programs that run in Java. Is there a way to restrict Java to certain trusted websites/programs?

    Don’t really have a good solution for you, other than, as I think someone else suggested, consider running those programs using Sandboxie.

    Leo
    15-Jan-2013
    Reply
  20. Leo’s contribution contribution to this subject is, of course, not the only one but in many the distinction between Java and JavaScript is just not made or even alluded to. If ever there was proof of the value of Leo’s service to us all – this is it. So very worthwhile to Bookmark – thankyou Leo.

    Reply
  21. An extremely useful and well-written article for all us uninitiated computer users who try to keep up with “progress”. I’ve removed all Java including the update 7.11. But, it occurred to me to ask you why an exploit, even targeted at a software program (it’s listed under “programs” in my Win XP), isn’t going to be caught or detected by my antivirus program (Avast) or Malwarebytes (running in the background)? If not detectable, how much “damage” can the exploit actually do if users follow prudent operating precautions? Would System Restore be usable if infected? I have also followed your advice and routinely image my Dell laptop.

    Reply
  22. Just because YOU don’t want/need it, doesn’t mean that your readers don’t want and need it… you are selling too much of the MacroSloth line here. The exploit is well understood, only affects web browsers and has a fix. Stop selling FUD and start sharing facts!

    Reply
  23. Leo, you have been a godsend for many many peoople. Thank you for being here, and I LOVE to see what you are writing about in every issue. I have read about this recent java issue, in about 4 different places: cnet, pitstop,Bob Rankin and others. And they ALL say exactly what you are saying Leo. So MR.Gimbrone, Leo is not feeding or selling us “bull”, it is fact, and just because someone says there is a fix, it does not mean it is fixed and all your problems gone. Just be safe and disable it.

    Reply
  24. Are there programs that use Java internally, without requiring updates like one would expect?

    Perhaps a better question is can you name any programs/webfiles that can profile these problems (other than Belarc Advisor) and help you decide what to use and avoid?

    I occasionally get alerts from my AV browser about these types of exploits (maybe Javascript) and I can’t find anything in Add/Remove (I removed all I found long ago as well). As Microsoft makes several patches each month for similar exploits STILL in XP, Javascript itself is apparently a large target of hackers as well.

    Is the .NET platform a response to these issues, I wonder?

    I hope I’m not being paranoid, and thank you for everything you do, you are a godsend of simplicity and reason.

    Reply
  25. Is earlier version of the Sun Java work or not?

    I recommend uninstalling all versions. The lastest bug may not be in older versions, but then older versions have other issues. Better to be safe.

    Leo
    16-Jan-2013

    Reply
  26. Thank You Leo for these wonderful articles. Thank You again for the simple & practical ways to AVOID problems…. Your articles are structured & systematic and is helpful for not so computer savvy people like us….. Software experts can differ & argue on several aspects……!!!! There is no Fix for that…

    Reply
  27. Hi,
    Just found the new update
    Java (Version 7 Update 11)
    said the bug fixed.

    Please read the update I added to the bottom of the article that addresses this.

    Leo
    16-Jan-2013

    Reply
  28. Hi Leo
    Here we go again with Java. Alas as I am addicted to crosswords I do need to run it. When I first learned of the latest and quite serious disaster I did indeed uninstall including manually editing the registry. When I learned of the latest update (Java 7 Update 11), I decided to reinstall through the Firefox plug-in (Which at that stage was not making any rumbling noises of discontent). This of course installed Java in IE also. I then disabled Java through tools etc, and installed no-script in Firefox. This besides no-script being a terrible pain in the arse to use properly. Prior to posting this I further disabled Java through the security option in the Java icon, so am wondering if this will post (JavaScript is enabled temporarily). Further to this all temporary permissions are revoked immediately on finishing crosswords or whatever I use Java with.
    Question is:- Am I doing enough ?

    NB Am having trouble with preview and posting so will give further permissions to your article and see what happens !

    Reply
  29. Hi again
    Post did get through but it appears that to enable JavaScript in No-Script requires that “Enable all on this page” has to be clicked.

    Reply
  30. Hi Leo
    I think your recommendation to remove Sun java is too draconian. It is useful for many websites and videos. If the user has a good AV kit (ie Kaspersky IP 2013) any Java weakneses are immediatel detected and a fix offered.
    Happy new Year
    John

    Reply
  31. thanks Leo..I checked my Firefox plug ins and Java is disabled [ I run no-script religeously as well ] I noted that this plug in comes with a warning and a recomendation to disable it anyway even in the table of plug ins – good to see and i don’t run IE anyway as its a P.I.T.A so i disabled it. Good thing too because I have come across some sites that premote a error box which sez “error opening IE” Waaaa!, I’m running firefox so why the hell would a site try and open IE on the side ? Hee Hee not caught out yet by golly.

    Reply
  32. Thanks for this article. I used to subscribe to a foreign language website, Camino del Exito, which used Java. I was thinking of subscribing to it again; now I won’t. Although it was a really good website for learning Spanish, I just don’t want to take the chance and infect my computer. Keep up the good work, Leo:)

    Reply
  33. I was unsuccessful in Uninstalling Java 7 update 9 from Win764 IE, even fresh from a restart. The procedure beginss, prepares, confirms and then seems to disappear without a trace, leaving the item still listed. Repeated 5 times just to be sure. I then went through the recommended disabling procedure, with no problems.
    But why can’t I get rid of Java completely ?

    I’d give Revo Uninstaller a try: Revo Uninstaller – Uninstall Things That Won’t

    Leo
    16-Jan-2013
    Reply
  34. I believe that Pogo requires that Java be installed on a PC. My wife is a religious user of Pogo. So, if I follow Leo’s advice, I will probably need advice on a good divorce lawyer.

    Reply
  35. I found that earlier versions of Java, like Java 6, are NOT vulnerable. I am using Java 6, so this not a problem for me, at least for now. See below:

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422

    Last revised:01/17/2013

    NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks.

    I’ve added an “Update to the Update” at the bottom of the article. Bottom line is that this is about much more than just a single, recent vulnerability whether it’s fixed or not. I still recommend uninstalling all versions of Java unless you know you need it.

    Leo
    22-Jan-2013
    Reply
  36. I removed JAVA that I found in the add/remove programs but the next time and every time now when I boot up the computer hangs and then there is a message saying it can’t find:
    C:program filescommon filesJAVAJAVA UPDATEJUSCHED.EXE
    I click OK and get on with life but I think I should do something about this shouldn’t I? I used CCleaner but this message still appears. Thanks for all you do.

    The uninstall was incomplete. I’d give Revo Uninstaller a try, and if that doesn’t work look for a reference to jusched in auto-start locations using a tool like autoruns.

    Leo
    22-Jan-2013
    Reply
  37. I followed the instructions and uninstalled java- now I have no available personal/private messaging in Facebook- not sure how, if at all, the two are related but it happened immediately! How might I fix what my FB needs! I can chat in the message box but not private messaging- get a blank screen or a message box with to way to input a name or message- or send! Thanks!!!

    The two are unrelated – Java has nothing to do with Facebook. (Javascript does, but as the article takes great pains to point out, Javascript is also completely unrelated to Java). Honestly, I can’t say what happened to your Facebook, and would probably just suggest you start by clearing your browser cache.

    Leo
    22-Jan-2013
    Reply
  38. thanks Leo! i read your article which i greatly appreciate. so i uninstalled java in win7 and thats fine. however now i am noticing a lot of videos require adobe flash player. when i download the new version it finishes and says its running but the video apps dont recognize it. then the flash site doesnt find an installed version. these are little facebook and youtube videos-nothing fancy and not all videos ask for the flash player. so i was told to reinstall java so i could get adobe flash to run. however i am concerned about the basic holiness of this java app as u have said–maybe THAT problem was fixed but the next one’s right around the corner..(yes i read that in your article :) so should i reinstall java to get flash to work or is there another way? does it have something to do w activex and is that safe?? my main goal is to have flash work, but if that is unsafe i will do my best to live without it–i’ve got norton AV and protect. java i usually dont need but now w flash i might??? thanks!

    You appear to be confusing JavaSCRIPT with Java. They are two completely unrelated things. JavaSCRIPT is typically required to run Flash (and many, many other things). It’s Java, not JavaSCRIPT, that needs to be dealt with.

    Leo
    29-Jan-2013
    Reply
  39. I just got a new Macbook Pro. (Love) I had a tech savvy friend install some software, and while doing they installed Java. I’ve disabled it in Safari and Firefox…but is this enough? (Do I even need both browsers anyway?) I found a Java VM file when searching my applications. Can I remove it? And thanks for the article. I removed Java from my Netbook; not sure if it’s related, but after doing so, it is running much more smoothly.

    Reply
  40. Well, I agree that Java is unnecessary. But I think that for most sites JavaScript is also unnecessary! The content sites I visit display fine with JS disabled, and — there are no JS-generated ads! Lovely! With Flash blocked as well, I can browse content without the crapola. Firefox add-ons will block JS with the option of allowing it on a case-by-case basis, and block Flash with the same case-by-case option. And yes, Java is disabled as well. Oracle does have a dismal record on security.

    Reply
  41. I have Windows 8 and when I try to remove Java I get a pop-up asking if I want to allow Java to make changes to my computer. When I click “no” the uninstall discontinues. I tried clicking “yes” and Oracle proceeded to load an updated Java version (I assume). I cancelled the upload and tried uninstalling and again received the request to allow Oracle to update. What gives?

    Reply
  42. @HW Pelt
    Maybe you can click yes and allow the process to complete. It might be that that would uninstall Java from your system in spite of what the message is saying. I’ve had similar experiences with other programs. If not, at least you’ll have a patched Java which is better than leaving it the way it is.

    Reply
  43. Hi,
    I have visited a website that need java so I have to install it again. And now, the firefox version 20 browser will ask if you want to run the java when you visit that website firstly.
    So, am I safe now keeping the java installed in the windows 7? Or that I better uninstall and install again when I want to visit that website?
    thanks

    Reply
  44. Hi Leo, or indeed anyone else reading this question …

    I am trying uninstall Java, after Windows Installer thinks about it for a while the following dialogue comes up “Do you want to allow the following programme (i.e. Java) to make changes to your computer?” It may seem obvious that I should click yes, however I’m concerned that if I do that it will do other things to my machine that I don’t want it to. Most programmes I’ve uninstalled have not asked that question before, and I want to check that clicking yes to this question won’t actually embed the programme even further into my machine. Your advice would be appreciated. Thanks, Liz

    Reply
  45. When I try to uninstall Java this message comes up: “An unidentified program wants to access your computer. Have you used this program before and do you trust it?” I then have to make a choice as to whether to allow access to this unidentified program. When I choose “No” Java still remains in my computer. Of course I am not told the name of the unidentified program.

    How can I proceed to uninstall Java?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.