Java Security - Safety Tips in case you cannot disable
PC magazine offers safety tips and avoiding questionable email or websites will also help protect against attacks
QUOTE: Java is under attack. Not only from the black hats who are crafting drive-by-downloads, malicious attachments, and other attacks that exploit the vulnerabilities in the technology, but also from the white hats who argue that users shouldn't be using it at all. Even after Oracle patched the latest batch of zero-day vulnerabilities in Java, the Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) recommended users turn Java off. Much like Adobe's Flash, Java is a popular target because of its tremendously large installed base. If you really don't use websites that require Java, go ahead and dump it. We even have a nice set of instructions on how to disable Java within your browser.
Then, there are the rest of us who actually use Java on a regular basis."I doubt that anyone who pays attention to security advice is running Java, IE 6/7/8, et. al. because they want to—we run these things because we have to, and the decision is out of our control," security guru Jack Daniel wrote on Uncommon Sense Security. Users can adopt a two-browser system. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox. Then, enable Java in an alternative browser such as Chrome, IE9, Safari, etc., and browse only to sites that need Java and never for general Web surfing. "It is best to enable Java in one browser and only use that browser for websites that will not function without it," said Wisniewski.