In Internet Explorer this is done in a fashion that confuses most end-users, by creating a "Trusted Zone" and setting different security properties in the Trusted Zone than in the Global Zone. (Directions for using Trusted Zones are here)
In FireFox, the best way to accomplish this is by running the Plug-In "No Script", which disables scripting by default and allows the user to click to enable scripts on Trusted Sites that seem broken if they scripting is disabled. (The NoScript homepage is here)
Bottom Line: Unless a site requires Java support and you trust it, you should not be browsing with Java Enabled!
Unfortunately, as I reviewed three groups of web statistics - from visitors to this blog, from visitors to my haiku poetry website, and from visitors to my genealogy website, Almost EVERYONE had Java enabled. Between 97.7% and 98.5%!!
Then I laughed at myself as I realized that I was using Google Analytics to do that measurement, and Google Analytics doesn't record the visit unless Java is enabled. Which now has me puzzling over how ANYONE was recorded who had no Java.
But I still had some interesting, though slighly off-topic results to share with you, Dear Reader . . .
If we watch the media in its various forms, we are being bombarded with a few basic messages:
- The Age of the Macintosh is upon us
- Linux Threatens Windows
- Windows Vista is the Path to Security
- Internet Explorer 7 is the Path to Security
I thought it would be interesting to look at some statistics to see if these messages reflect the reality of the Average Internet User.
After careful reflection, I realized I don't have the ability to measure The Average Internet User, so instead I looked at some Google Analytics for three websites that I have tagged. The three are of course English-language biased, but then so is most of the media I consume, so I think that's ok.
Sample One: People who read this blog.
This blog is about CyberCrime, and usually CyberCrime in the United States. One hopes that the readers are people who care about CyberCrime and perhaps by a bit of a stretch, protecting their computers.
For the sample period I looked at there were 3,400 unique visitors to this blog from 85 countries and all 50 states, but with 78% of the readers coming from the US.
Sample Two: People who visit my haiku poetry website.
The Haiku Poetry fans, as you might imagine, are a bit different than the readers here. 6,600 unique visitors from 98 countries and all 50 states, with only 54% of the readership coming from within the US.
SLIGHTLY higher Macintosh adoption (not statistically significant), slightly lower Linux adoption (also not statistically significant), but a much greater chance of using "old" Internet Explorer, not being on Vista, and still running Windows 98.
Sample Group 3: People who visit my genealogy websites
This was the smallest group, with 1200 unique visitors representing 37 countries, but with 86% of the traffic coming from within the United States. Genealogists tend to be older and thriftier people than Security professionals. Probably on a "technology" basis, they are more similar to the haiku poets than the security professionals. I included this as a hope towards a "lower tech but US based" sample, to see whether the haiku poets trends were representing their tech level, or their nation of residence.
Macintosh users, from my unscientific study, still represent less than 9% of the installed user base.
Linux users are still a small enough number for the average webmaster to safely ignore them.
Vista still represents less than 10% of the installed user base.
FireFox has an impressive market share and must be considered by all webmasters, but trails both IE 6 and IE 7 when considered individually.
Despite the security benefits of IE7, slightly less than half of those who could use it are using it. (From my experience this is because many web-based applications still don't work in IE7.)