Since late 2010, Java exploits have become way more popular with hackers than the Adobe-related ones.
The problem with Java is not so much in the newly discovered vulnerabilities, as they get fixed pretty soon, but with the fact that too many users don’t update it regularly. In fact, many of them aren’t even aware of its existence on their machines.
Add to all this the fact that in the last few months there has been a huge increase in Java-based malware and attacks abusing two distinct Java type-confusion vulnerabilities, and it’s easy to see why Microsoft Malware Protection Center employee Jeong Wook Oh has though it a good idea to teach users how to update, disable or remove Java.
To check whether you have the latest version on your computer, simply browse to this page, and follow the instructions.
If you’re a Windows user and you have decided to disable Java, go to your Control Panel, select “Java”, and once the “Java Runtime Environment Settings” dialog box appears, select “Java” once again and uncheck the “Enabled” check box.
Needless to say, if in the future you need to use Java again, go through the same steps and check the aforementioned check box.
Finally, to completely remove Java from your system, go to the Control Panel > Programs > Programs and Features, find Java, select it and press the “Uninstall” button.
There is another option, proposed by F-Secure’s Mikko Hypponen: leave Java on your system but remove the Java plugin from the browser you use every day, then use another browser for the handful of sites and web apps that you use and that need it.
OS X users can disable the Java plugin in Safari by choosing Safari > Preferences > Security (tab) and unchecking the “Enable Java” check box.