Java Update/Security Reminder

Dropping this in here in case it's handy for someone else..

I download all 4 files (latest Java 6 and 7 in 32 and 64bit)

Then I have this bat file to install them.


Code: 
@echo off
title Java 32bit installing
echo Installing Java 6 - 32bit..

jre-6u38-windows-i586.exe /s /v/qn

echo Installing Java 7 - 32bit..
jre-7u10-windows-i586.exe  /s /v/qn

if exist "c:\Program Files (x86)" goto x64
goto end

:x64
title Java 64bit installing
echo Installing Java 6 - 64bit..
jre-6u38-windows-x64.exe /s /v/qn

echo Installing Java 7 - 64bit..
jre-7u10-windows-x64.exe /s /v/qn

:end
title Java install complete
echo.
echo Java install complete
echo.
pause

Typically I'll turn off UAC whilst installing to avoid the prompts.

Here's the Flash one (IE and Firefox) for good measure.

Code: 
@echo off
title Installing Flash Player
echo Installing Flash IE
install_flash_player_11_active_x.exe -install
echo Installing Flash Mozilla
install_flash_player_11_plugin.exe -install
echo.
echo Flash install complete
echo.
pause

Remove the 'pause' at the end if you don't want the prompt to appear
 
Cheers for heads up.

Update installed, still keep it disable at browser level now though. Not worth it.

Edit - Just checked Auto Update default check frequency...Monthly....LOL! Changed that to daily.....
 
Has anyone still using windows XP found that the Java control panel is missing from control panel.

I went into control panel to update Java to version 7 update 10 only to find that the Java control panel icon was missing which probably explains why I haven't been prompted to update yet (I did change the update settings a while ago, but that really doesn't make any difference since it kept on resetting), and the only thing I can think has happened is that an update has removed it.

Now I've got to go through the whole manual download routine again since I lost the update system on my laptop after installing the 64-bit version of Java on it.
 
To be fair the majority of users don't even need the Java Runtime and especially not at a browser level, I don't have it installed and rarely find a website that has functionality that needs it.
 
The problem is people install it once (for a game or something) and it just stays resident in the browser waiting to get exploited. Apple had a good model for a time which just disabled it after a period of inactivity.
 
That's the more recent block, which I don't think is a good thing personally. It's a bit ham fisted and crosses the line in my opinion.
 
Java 7 Update 11 is out.

https://blogs.oracle.com/security/entry/security_alert_for_cve_2013

With this Security Alert, and in addition to the fixes for CVE-2013-0422 and CVE-2012-3174, Oracle is switching Java security settings to “high” by default. The high security setting requires users to expressly authorize the execution of applets which are either unsigned or are self-signed. As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet.
Click to expand...
 
You can use the QuickJava addon to turn it on or off in some convenient place of your choice from the addon bar on the browser GUI. It will do Javascript and Flash and images as well.

https://addons.mozilla.org/en-US/firefox/addon/quickjava/

JavaFlash_zpsa89068f7.jpg


The Java button is 'off' (red) and button for Flash showing blue is 'on'. Click to toggle.
 
Last edited:
Java 7 Update 13 is out!

Oracle just released the February 2013 Critical Patch Update for Java SE. The original Critical Patch Update for Java SE was scheduled on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.

In addition to a number of security in-depth fixes, the February 2013 Critical Patch Update for Java SE contains fixes for 50 security vulnerabilities. 44 of these vulnerabilities only affect client deployment of Java (e.g., Java in Internet browsers). In other words, these vulnerabilities can only be exploited on desktops through Java Web Start applications or Java applets. In addition, one vulnerability affects the installation process of client deployment of Java (i.e. installation of the Java Runtime Environment on desktops). Note also that this Critical Patch Update includes the fixes that were previously released through Security Alert CVE-2013-0422.
Click to expand...

https://blogs.oracle.com/security/entry/february_2013_critical_patch_update

Don't let it install the Ask Toolbar.
 
You must log in or register to reply here.
Back
Top Bottom