Java Update/Security Reminder

Sin_Chase

Sin_Chase

Sin_Chase

Soldato
Joined
13 Jan 2004
Posts
21,244
So,

I run a tight ship at home and keep everything updated, Java, Flash, the lot. Tonight I got an MSE warning for four Java exploits on my system. What the hell?

I'm running the latest Version 7 Update 5 and this exploit was patched in June! Turns out Java did not 'update' itself and I had 32 and 64Bit versions of Java installed, as expected but not Just Version 7 Update 5, but an ancient version 6 also. 4 JREs installed.....

Can only see it when you go into the Programs and Features and list Java or go into the Java Control Panel and list the JREs there. Even doing a java.com "Do I have Java?" check says "You have the latest version of Java" and makes no mention of any other version on your system.

Was totally unaware Java will NOT update an existing instance but merely add another JRE and leave the old version sitting about, seemingly available to be executed even though the latest JRE is installed and enabled.

Luckily for me it was only some Java class files that were in Java deployment areas and had not been executed or been able to download Trojan BS onto my system. Worth double checking though!
 
Last edited:
Google Chrome is your friend. It keeps Java at bay. :)

For even more protection, run it in interactive plug-in mode. Even Firefox has this feature.
 
I only have it for Minecraft and some silly Java stuff my university site uses... If it weren't for them, it won't even be on my system!
 
Java and adobe are awful awful programs in terms of security. Looking forward to them both being obsolete.
 
Sin_Chase said:
Was totally unaware Java will NOT update an existing instance but merely add another JRE and leave the old version sitting about, seemingly available to be executed even though the latest JRE is installed and enabled.
Click to expand...

That's how it used to be done before they added the ability to remove the previous version during the update and the other versions you have might have been from before that was put in place.
 
Java also trys to install a toolbar now :( Oh and the default space it allocates is your entire drive.

It's in danger of becoming crapware :p
 
Haven't had Java installed since I got this PC last September, haven't missed it at all really and I don't think I've come across anything that hasn't worked because of Java not being present.
 
KIA said:
Good point. OP's Java was probably out of date at the time of posting. I patched my Java before the creation of this topic.
Click to expand...

No it was not.

I manually checked the currently live downloadable version and did the actual "Do I have Java?" check.

The only available versions was 7 Update 5 and the Check returned "You have the latest version"

Edit - Checked sites. Only oracle.com has it, the actual Java site is still on Update 5.
 
Last edited:
You know when you un-installed version 6 the cache didn't get deleted? You'll find it in AppData > LocalLow > Sun > Java > Deployment > cache. Av is moaning about it :)
 
KIA said:
J7U6 was released on the 14th. The update program (set to perform daily checks) notified me a few days later. There's an issue somewhere.
Click to expand...

If you looked at the Java.com site, it lists J7U5 as the latest version and that was there yesterday.
 
You must log in or register to reply here.
Back
Top Bottom