Announcement‎ > ‎

又有Java 0-Day漏洞, 怎樣暫時Disable Browser的Java功能呢? (How to disable Java?)

posted Jan 11, 2013, 6:32 PM by Anthony Lai   [ updated Jan 11, 2013, 7:23 PM ]

Java was once touted as the "write once, run anywhere" language. In theory, a single Java program could run on any Java-supporting platform. That dream never quite came to perfection, though, and these days Java is a favorite attack vector for hackers. The Flashback Trojan breached Macintosh computers via a Java vulnerability last year, for example. In August, researchers at FireEye reported another zero-day vulnerability in Java. The most recent Java vulnerability affects all versions of Java 7, including the most current version. Unless you absolutely need it, you should disable Java now.

Fortunately, Oracle offers a Web page with straightforward instructions on how to turn off Java.

Disable Java in All Browsers
Last month Oracle released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers in the Java Control Panel. Open Control Panel and launch the Java applet. If you don't see it, switch to Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab. In previous versions this tab just allowed advanced users to manage Java-related certificates. It now displays a security-level slider and, more important, a single checkbox titled "Enable Java content in the browser." Un-check this box, click OK, and you're done.

Disable Java in One Browser
For security's sake you really should be using the very latest Java version. If you're not, or if you need to enable Java in some browsers but disable it in others, you can do that too.

Using Chrome? Enter chrome://plugins in the browser's address bar. Scroll down to Java and click the link to disable it. That was easy, and a bit simpler than Oracle's recommended steps. The process is similar in Opera, which Oracle's page doesn't mention. First, enter about:config in the address bar. Click the Java heading to expand that section, un-check the checkbox, and click the Save button. In Safari, choose Preferences, choose Security, and deselect Enable Java.

The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.

Firefox users can click the Firefox button at the top and choose Add-ons from the resulting menu. On the Plugins tab, click the Disable button next to "Java(TM) Platform." You can also disable Java for all Mozilla family browsers by un-checking the Mozilla family box in the Java control panel.

Stay Updated
When writing this article, I had a hard time viewing the new feature that Oracle added in Update 10. Why? Because I had disabled Java and figured I didn't need to update it. That was lazy thinking; I've reformed. At any time you might find you need Java, perhaps for a Web meeting, or a remote-control tech support session. If you don't want to let Java update automatically, you can check for updates from the Java Control Panel at any time.

Whichever method you choose, visit the Java test page at to confirm that Java is disabled. Yes, you'll occasionally run across a website that relies on Java. If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.

在特定瀏覽器中停用 Java 內容
Internet Explorer
在 Internet Explorer (IE) 中完全停用 Java 的唯一方法是透過「Java 控制面板」停用 Java,如上所述

  1. Enter chrome://plugins
  2. Disable Java
  3. 關閉並重新啟動瀏覽器以啟用變更。
備註:您也可以透過以下方式存取 Plug-in 設定:在瀏覽器網址列鍵入about:plugins

  1. 按一下 Firefox 標籤,然後選取附加元件
  2. 在「附加元件管理員」視窗中,選取 Plugins
  3. 按一下 Java (TM) Platform Plugin 以選取該項目
  4. 按一下停用 (若按鈕顯示為「啟用」,則表示 Java 已停用)
  1. 選擇 Safari 偏好設定
  2. 選擇安全性選項
  3. 取消選取啟用 Java
  4. 關閉 Safari「偏好設定」視窗