In the past two days I have received a Sans Security OUCH! Newsletter on security issues with Java from Oracle, followed by notices on technology media AND daily news media that the Department of Homeland Security has issued a warning to uninstall or disable JAVA because of a zero day exploit that has not been patched which could lead to theft of personal information, access to data, etc. So, what to do?
It is likely that you will not notice the difference if you turn off Java in your browser. A few popular web conferencing tools use it, but you can re-enable it if necessary. For software like OpenOffice you need Java, but not enabled in the browser.
Java has instructions on the site to disable it in all browsers if you have version 7.10. If you don’t there are instructions for disabling it in every major browser. DHS provides instructions on disabling Java in Internet Explorer if you are not running Java 7.10. This requires surgery so if you don’t have Java 7.10 the recommendation is to use a different browser for “different activities”.
If you want to check what version of Java you are running go here: http://www.java.com/en/download/installed.jsp . You can update it in Windows 7 by going to Control Panel – Java – Update.