Update 06/21/2012: If you’ve previously installed JDK 1.6 on OS X Lion, despite removing the JDK as outlined below, it will still show up in Software Update. Not quite sure where the hooks are. If anyone out there knows, please leave a comment!
Update 05/01/2012: Oracle has released an official Java 7 JDK for OS X. If you require Java and want to run a current, secure, officially supported version, visit the Java SE 7 downloads page.
The Flashback trojan, a widespread threat that affected over 500,000 Macs, caused great concern in Apple’s commitment to keeping up with Java runtime security updates. By default, Java is not included in Mac OS X 10.7 Lion. If you installed Java, but don’t necessarily use it for development or Web-based applications, it may be safer to remove it and protect yourself from the potential of future Java runtime exploits.
To remove Java from OS X 10.7 (Lion) using Terminal:
|
1 |
sudo rm -rf /System/Library/Java/JavaVirtualMachines/*.jdk |
The above command removes all the Java runtime components from your OS X installation. To reinstall, simply visit Apple’s Web site and install the latest version of the Apple supplied Java runtime or use the method below to nudge OS X into asking you.
Using Terminal:
|
1 |
java -version |
OS X will detect that no runtime is installed and give you the option to install one through a dialogue.
As Apple computers and devices continue to gain marketshare, malware authors will increasingly target this once sacred and secure operating system. There’s no shame in removing components you don’t use, or even running antivirus software on your Mac. Personally, I recommend eSet Cybersecurity for its minimal interface and non-intrusive operation. If you’re not willing to spend a few bucks, Sophos Free AntiVirus for Mac is a great tool as well.
Don’t forget to change your passwords regularly, too. A quality password manager, such as 1Password, is well worth the investment and will become one of your most frequently used utilities.
Take security on your Mac seriously. The time or money you spend keeping things in order will be minimal compared to the recovery efforts and damage you will undoubtedly experience from a compromised system.
Doing what you are describing causes the software update to pop up a few times a day trying to run some java app (basically triggering the ‘do you want to install java or not?’ dialog).
Running software update directly does not bring up this dialog.
Any idea?
I’ve followed the method described here without that behavior. I did install the latest patches Apple pushed down for Java prior to doing so, however. When I open the Java Preferences application (Applications/Utilities) it even states I don’t have a JVM installed.. Did you update to the patched JVM from Apple before you removed? Does Software Update specifically mention Java? How about Java Preferences, any JVM listed? Report back if you can, I’d be happy to edit the article!
So, this removes Java. However if you try to run an older Java installation, Mac OS will pop up a dialog saying it cannot install as a newer version is present.
In my situation, I need to revert to an older version of Java because the new one is not compatible with the pages I have to work with. So, it seems Java truly isn’t fully uninstalled. Pain!
It’s true. It removes the Apple distributed JDK, but there are still some hooks in the operating system somewhere. I haven’t been able to track them down. Let me know if you find more info!
From Oracle, removing the following two files allows you to install the new version without being told that a newer version is already installed.
Remove one directory and one file (a symlink), as follows:
Navigate to /Library/Internet Plug-Ins and remove the JavaAppletPlugin.plugin directory.
Navigate to /Library/PreferencePanes and remove JavaControlPanel.prefpane.
Do not attempt to uninstall Java by removing the Java tools from /usr/bin. This directory is part of the system software and any changes will be reset by Apple the next time you perform an update of the OS.
Great article, this should be at the front page of apple.com. Java is the biggest security fail ever !