Go into your Browser preferences, and disable the Java plug-in. The attack vectors are via your web browser.
NOTE: DO NOT disable Javascript, as that is essential to today's web. The only thing Java and Javascript have in common are the first 4 letters of their names.
OR, you can use System Preferences -> Java -> Security -> [_] Enable Java content in the browser, and make sure this field is NOT checked. That is another way to disable Java in your browsers.
If you have Java applications, they are fine (for example CrashPlan). A Java application is no different from any other app written in any other language. You get them from trusted sources and they are no more risk than any other app. It is "Just" Java plug-ins that allow web pages to download Java for execution as part of the web page that is the risk you want to avoid.