Java Runtime Environment (aka Java, Java RE, Java SE, JRE) is a common plug-in in all web browsers. Sadly, it has become a major target for malware, surpassing even Adobe's infamous Flash Player and Reader. It is mainly because of older versions still installed on users' computers and slow automatic updates.
The first cause is often not even users' fault as Java installer does not remove most older versions automatically. Yep, that's right - many computers have 5 or more versions of Java installed! And that's what makes these PCs an easy target for hackers.
The second cause is again really strange. The automatic updates schedule of Java is like Brainiacs' episode of "Things... but very slowly". 
By default, the schedule activates the updater only once a month, and if the computer is not turned on at that time, there will be no checks at all! Hey Oracle, fix this now (not very slowly)!
Please bear in mind that Java and JavaScript are totally different things - JavaScript support is included in every modern web browser, but Java needs to be installed (or uninstalled) separately.
To keep Java and many other important programs updated automatically, it is best to use the free program called Secunia PSI. You can also visit the Browser and Plug-in Check page to see if the installed version is up-to-date.
To enhance Java security even more, learn about Microsoft EMET.
Downloading and installing the latest version of Java Runtime Environment
To get the latest version of JRE, go to Java download page and click the link that has "Offline" in it.
After download is complete, launch the setup program. Click Install.
Now that's what I like - no series of Next buttons! 
Just click Close after the install is complete.
Cool, you now have the latest version of Java installed!
Configuring Java security settings
Until Java Runtime Environment 7 update 10 there were no really usable security settings available in Java's Control Panel applet, but since that version Java allows prompting or blocking apps that are not digitally signed. Generally, only the latest version of Java is now considered secure and all older ones result in prompts each time a browser tries to load some Java content.
To configure Java security settings, open Control Panel and double-click Java. On 64-bit Windows, the applet is named Java (32-bit) or Java (64-bit), and you might see both listed. This also means that you have to configure both separately.
Windows XP users might have to click the Switch to Classic View link on the left to see it listed. Windows Vista, 7 and 8 users can simply type "java" (without quotes) into Control Panel's Search box.
Java Control Panel window opens. Open Security tab and make sure that Security Level slider is set to at least High (minimum recommended).
Since Java 7 update 21 a prompt appears even if Java is up to date (considered secure) and the applet is properly signed - but you can use a check box to trust the applet. If Java version is out of date, a prompt for each Java app appears, and multi-click prompts for unsigned Java apps are used.
By the way, the first check box - Enable Java content in the browser - allows completely turning off Java support in all installed web browsers. Some programs, such as Freeplane, OpenOffice.org or LibreOffice require Java for some functionality. Now you can install Java without worrying about possible security holes - just clear the check box and Java support in web browsers is gone. You still need to restart all browser windows if any of these were open.
Click OK to apply changes and close the window.
Here's an example of Java warning for a properly signed app. If you trust the site, you can tick the Do not show this again for apps from the publisher and location above check box. This will prevent the warning from appearing again.
Please note that you might see additional warnings for signed apps, such as the one below. Here the app contains both signed and unsigned code and Java asks whether to block potentially unsafe components from being run. Clicking Don't block is recommended only if you are 100% sure you are on a safe site.
The second example shows a signed Java application with expired digital signature. You can still tick the box if you really-really trust the site, but notice how yellow warning signs are shown.
And finally, here's an example of multi-click prompt for an unsigned Java app with a red "Running this application may be a security risk" warning. You must enable the I accept the risk and want to run this app option and click Run to let the program start. But please make sure you really are on the correct web site first. Ticking the Do not show this again for this app check box is not recommended for unsigned apps.
Removing older versions of Java Runtime Environment with JavaRa
As Java installer does not remove older versions of JRE, many computers have several versions of JRE installed as in an example below:
And that is not the worst case I've seen! 
You could now remove all these old versions by clicking Remove or Uninstall buttons (depending on which version of Windows you have), but this can be really slow and might require several restarts.
Luckily, there is a small program called JavaRa available that does the same job really quickly.
Click the Download button to the right of Legacy version (1.1.6) line on the page.
Please note that while the version number of the program might remain the same for a longer time, its definitions for detecting Java installations still get updated. To achieve best results, it is recommended to download the program each time you want to run it.
After downloading is complete, extract the contents of the file to a folder you can find easily (e.g. a subfolder in My Documents).
In Windows XP, double-click the JavaRa.exe file to launch it.
In Windows Vista, 7 and 8, right-click the file and select Run as administrator.
In Windows XP, Windows Explorer will open a Security Warning dialog because the file has no digital signature. Click Run.
In Windows Vista, 7 and 8, User Account Control will pop up. Click Continue or Yes.
JavaRa will ask for language the first time you run the program. Select English from the combo box and then click to select Remember my selection. Then click Select.
Now click Remove Older Versions:
Click Yes in the confirmation dialog.
JavaRa will then remind you that Internet Explorer should be closed during the JRE removal process. Close all Internet Explorer windows and click OK.
Old versions of Java will then be removed. You will see a deletion window popping up from time to time during the process. Do not click Cancel!
Please note that under certain circumstances, JavaRa might crash during the process. Run the program again and click Remove old versions to complete the cleanup.
After the removal process is complete, a dialog with a list of removed versions will pop up. Click OK.
JavaRa will then inform you that a log file has been created and that the file will now open. Click OK.
Close the log file as it contains mostly technical stuff.
And that's it! Close JavaRa.
Your Java Runtime Environment is now up-to-date and all older versions of it have been removed!
