Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Java: Patching's good, but removal is better




    PATCH WATCH


    Java: Patching's good, but removal is better


    By Susan Bradley

    A new, in-the-wild Java exploit caused a few anxious days while we waited for an update.
    Although the update is now available, the real decision is whether you really need to have Java installed!

    The full text of this column is posted at windowssecrets.com/patch-watch/java-patching-s-good-but removal-is-better/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Kathleen Atkins; 2012-09-05 at 15:50.

  2. #2
    Lounger
    Join Date
    Sep 2006
    Location
    Jhongli, Taiwan
    Posts
    42
    Thanks
    0
    Thanked 0 Times in 0 Posts

    What about java for Adobe updating?

    Thank you for your excellent columns. I have a question about your recent article "A quick test checks whether Java is current". At least 2 applications in my Adobe CS5 Creative Suite (Dreamweaver, Flash Catalyst) along with Adobe Acrobat 9.5 use archaic java.exe, dll, etc. files located in their .../JRE/BIN folder, evidently for updating purposes. Since these do not appear in the default JAVA installation location, these never get updated. My best defense has been to rename the java.exe file until I need to run the updaters. Is this sufficient protection?

  3. #3
    Star Lounger
    Join Date
    Apr 2010
    Posts
    77
    Thanks
    6
    Thanked 8 Times in 6 Posts
    Thanks for the link to the java version test site, however I get a completely different message concerning the version. What should I do?-
    Congratulations!

    You have the recommended Java installed (Version 6 Update 35).

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Billerica MA
    Posts
    21
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Note should be taken of
    http://blogs.computerworld.com/cyber...s-go-version-6
    August 31, 2012
    …It seems that in the Update 7 patch, Oracle blocked the road to the bug, but did not fix the underlying problem. In part, that may explain how Oracle issued a patch so quickly. From what these articles report, Security Explorations was able to find another path to exploiting the same flaw. A detour, if you will.

    As I wrote last time, Windows users can download the latest edition of Java 6, Update 35, from Oracle here and here.

    For anyone that needs Java, the path is now brutally obvious, go with version 6 rather than 7. Version 6 has fewer features (the bug is in a new feature that only exists in Java 7) and Security Explorations found they could not (yet at least) break it.

  5. #5
    New Lounger
    Join Date
    Jul 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Java Version

    You indicate in your article that the latest version of Java is 7/7. When I follow the link to Java's version verification site it shows I have Java 6, update 35 as the latest version ("recomended version").
    Thanks

  6. #6
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    With OpenOffice/LibreOffice, there are some features which still require Java (JRE). This runs against the advice to uninstall Java and see if anything doesn't run. Since these features may not be frequently used, the OOO issues (after Java removal) may take some time to be noticed.
    -- Bob Primak --

  7. #7
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    If Java is removed, Secunia will not run.

    Which is worse, a possible attack via Java, or via outdated software?

  8. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,487
    Thanks
    284
    Thanked 575 Times in 478 Posts
    Secunia 3.0 runs fine for me without Java.

  9. #9
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,794
    Thanks
    117
    Thanked 798 Times in 719 Posts
    Secunia 3.0 runs fine for me without Java
    Secunia OSI (Online Software Inspector) requires Java. You're probably running the off line version, PSI which doesn't require Java. Some of us prefer OSI.

    Jerry

  10. #10
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    In the control panel's "Programs and Features" section, the program version numbers will be displayed on the far right side of the section.
    All one needs to do is compare what you have currently with any potential software version updates on offer.
    Most, if not all software will also provide a means of checking under "help" whether an update is provided or on offer.
    So no need for any automated programs like Secunia.
    You can sacrifice a bit of convenience for a little work can't you?


    Because that's basically all it's about: convenience.
    Last edited by CLiNT; 2012-09-11 at 03:03.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  11. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,748
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by CLiNT View Post
    In the control panel's "Programs and Features" section, the program version numbers will be displayed on the far right side of the section.
    All one needs to do is compare what you have currently with any potential software version updates on offer.
    Most, if not all software will also provide a means of checking under "help" whether an update is provided or on offer.
    So no need for any automated programs like Secunia.
    You can sacrifice a bit of convenience for a little work can't you?


    Because that's basically all it's about: convenience.
    Not really. Secunia only identifies updates which are necessary due to recently discovered security flaws, but not any which are cosmetic or even bug-fixes. Trying to keep on top of which updates are actually needed to maintain security for hundreds of programs is virtually impossible without such a tool.

    Bruce

  12. #12
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Sometimes bug-fixes are a good thing. Even when they do not involve security issues. In addition to Secunia, it may be convenient to use a more general updates checker. I don't like to do extra work. Neither PSI (installed) nor most updates checkers require Java in any form whatsoever.

    I just don't accept every Beta which comes my way through updates checkers. And NEVER update OEM or driver-related software from these tools!
    -- Bob Primak --

  13. #13
    Lounger
    Join Date
    Feb 2011
    Posts
    41
    Thanks
    17
    Thanked 1 Time in 1 Post
    Different topic in the same column: Further down in the column, Susan warns us that we should be sure that Office 2010 is up to date before installing Windows 8 over Win7. Does this mean that Office 2007 can't be used with Win8?

    Thanks, Gary

  14. #14
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,748
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by gpeyton View Post
    Different topic in the same column: Further down in the column, Susan warns us that we should be sure that Office 2010 is up to date before installing Windows 8 over Win7. Does this mean that Office 2007 can't be used with Win8?
    No.

    Bruce
    Last edited by BruceR; 2012-09-14 at 16:25.

  15. #15
    Lounger
    Join Date
    Feb 2011
    Posts
    41
    Thanks
    17
    Thanked 1 Time in 1 Post
    Uh...no, it can't or no, it doesn't mean that. Sorry if that sounds a little dense.

    Gary

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •