I found NoScript to be just too much of a hassle – I never had time to get efficient with it.

So I’m trying the QuickJava extension for Firefox.
https://addons.mozilla.org/en-US/firefox/addon/quickjava/

“Allows quick enable and disable of Java, Javascript, Cookies, Image Animations, Flash, Silverlight, Images, Stylesheets and Proxy from the Statusbar and/or Toolbar.”

You get 8 buttons in the Add-On bar, where you can click disabling buttons for Javascript, Java, etc, on-the-fly.

That probably isn’t going to help for a legitimate but infected site, unless you’ve disabled things ahead of time.
In that vein, via QuickJava I have Java permanently disabled.

But if you were going to a site that you had a hunch was suspicious, you could disable a lot of things ahead of time.
Of course it’s not always that straightforward.

Perhaps someone more expert than I will have a better approach.

Before I understood the difference, and when I first started reading the warnings here about Java, I used to wonder . . . so “disable Java” – does that also mean Javascript is disabled ? Are they interrelated somehow ?, or one affects the other ?
Which plugin disables what ?
So I just put off the disabling until I had time to figure it out.

After doing the google search “java vs javascript’ I got it.
But remember, we’re all beginners at some point.
People might be just arriving on krebsonsecurity and have the same confusion but be afraid to ask.

So I was thinking it might be helpful for the parts in the Java articles where you eventually recommend disabling Java, to routinely tack on a very short note that Java and Javascript are completely different animals, and perhaps why. I think you’ve done that a bit actually.

= = =

Here’s a few copy & pastes :

https://developer.mozilla.org/en-US/docs/JavaScript/A_re-introduction_to_JavaScript?redirectlocale=en-US&redirectslug=A_re-introduction_to_JavaScript

“It’s useful to start with an idea of the language’s history. JavaScript was created in 1995 by Brendan Eich, an engineer at Netscape, and first released with Netscape 2 early in 1996. It was originally going to be called LiveScript, but was renamed in an ill-fated marketing decision to try to capitalize on the popularity of Sun Microsystem’s Java language — despite the two having very little in common. This has been a source of confusion ever since.”

http://stackoverflow.com/questions/245062/whats-the-difference-between-javascript-and-java

JavaScript is an object-oriented scripting language that allows you to create dynamic HTML pages, allowing you to process input data and maintain data, usually within the browser.

Java is a programming language, core set of libraries, and virtual machine platform that allows you to create compiled programs that run on nearly every platform, without distribution of source code in its raw form or recompilation.

While the two have similar names, they are really two completely different programming languages/models/platforms, and are used to solve completely different sets of problems.”

For a more detailed explanation :
http://www.htmlgoodies.com/beyond/javascript/article.php/3470971/Java-vs-JavaScript.htm

But as Brian notes :
“It is not hard to browse the web without Java. It is harder to browse without Javascript. “

But browsing the web with Javascript full on is a recipe for disaster, because all of the things that Javascript can be made to do in the hands of bad guys who like to plant nasty scripts at hacked/legitimate sites. So, your best bet is to use a script blocking function that lets you select which scripts per site you want to run. This takes a bit of getting used to, and some people really can’t deal with it, but I’ve found that using Noscript on Firefox and Notscripts on Chrome (or even Google’s built-in script-blocking feature) isn’t that much trouble and saves me from a lot of danger.

Also, since most Java applets require some type of scripting to run, script-blocking programs like those mentioned should block the automatic running of Java applets unless you enable that site to run scripts.

I’ve had my MBP since 2009. I run both OSX Snow Leopard and Windows XP (for work).

So much of what I do is in this device it’s “sick”. Programing, Web design, Music (reading this blog). I suppose it’s the same for a lot of people.

Backups are golden.

My advice…patch/update…whenever necessary!