Indeed. Or even "don't click on suspicious emails or visit suspicious websites" which are actually always harmless. How about simply "don't run a program you don't trust" and we wouldn't need virus scanners at all.
Or at least cause you to consider the risk of loss compared to the value of using the software while not panicking when you receive a spam email with a suspicious looking xls file attached.
Well, I just checked and found information about Java being disabled by default in Firefox and Chrome.
The only resources I found on IE were about how it is difficult to disable.
Because of this, I am going to assume that it is enabled by default on IE. Correct me if I'm wrong.
IE has about an 18-20% share of the browser market [1]. A significant amount of targets by any measure!
So as long as it is true that a large percentage of the target market could benefit from "Don't visit/view!" security advice then it makes sense to include such advice.
Java's sandbox is no more secure than it was before, but because of Firefox and Chrome adding in a ton of mitigating features like requiring "click to play" by default, disabling it as soon as it goes out of date, and Oracle adding the same features internally, it's definitely way less of a threat right now.
Drive bys are still of course possible via Adobe Flash and Reader exploits, the occasional IE exploit, and the rare Firefox exploit.
Depends on who's measuring. IE has over/about half of the browser market. Corporate cubicle farms are dominated by IE, as are aunt's, uncle's, and grandma's computers.
