Return to the Computer Help Forum | Post a Follow-Up

 o
Java updates

Posted by ravencajun (My Page) on
Sat, Sep 8, 12 at 14:25

the latest critical update for Java is essential they are seeing exploits of it in the wild currently. Java did put out a new update, if you have not done the most recent update for Java do so now.
I was very upset recently when I saw someone say updating java was not important and could be ignored that is a very dangerous thing to tell someone and could lead them into a very serious malware infection. Most of the worst infections we are seeing today are from vulnerbilities in java, adobe, flash etc. So keeping those items updated is essential.

If you do not have java and can live with out it then you don't need it if you are going to sites that prompt you for java then those sites will not render properly with out it.
All old versions of java must be removed because simply updating to the latest will not stop the problem with the old one as long as it is on the pc.

This little tool called javara can remove all the old java from your pc.
JavaRa 2.0

here is the verify java site to make sure you have the most recent update
Verify Java Version

to update java go to control panel to all your programs find java (the coffee cup) open it go to the update tab click check for updates.
be very careful when doing the update NOT TO GET the extra addons like toolbars etc you will need to pay attention and uncheck any of those that may be checked.
article about this latest zero day attack with java
Zero-Day Season is Not Over Yet

It is essential to keep java, adobe, and flash all updated just as you do your windows updates because the latest infections have all been due to people not updating those or leaving the vulnerable versions on their pc. An antivirus program will not do much to help you in most of these cases.

NEVER update java or anything for that matter, anywhere other than from the official java update site(or official site for what ever product you are updating), if you go to a page that offers you a link to update your java do NOT use that link you do not know if it is a real java link or a link to click on for a malware install.

This is from Susan Bradley in the latest windows secrets newsletter concerning java.

begin article:

An Aug. 30 Microsoft Malware Protection Center blog
suggests disabling Java plug-ins for browsers. But Java reminds me of a Canadian-based home show where the two hosts battle to see whether homeowners will keep their house or decide to sell it. Java is like the house: if you're not actually using it, you're better off dumping it. (Fortunately, it's quite a bit easier to walk away from Java than from a house.)

I suggest going into Windows' application removal tool (Programs and Features in Win7) and remove all Java installs you find. (Sort by application name.) Also remove or disable Java plugins in all installed browsers.

In IE and Firefox, plugin management is in Tools. For IE, it's Manage add-ons; in Firefox, it's simply Add-ons. For Chrome, it's easiest to enter chrome://plugins/ into the Web address/search box. (Chrome's plugin manager notes whether critical plugins are current, and its advanced setting lets you block/allow plugins for specific sites.)

With Java completely removed or disabled, keep an eye out for any websites that simply won't work without Java. If there are any , and you can't live without them , determine whether a site prefers the use of a particular browser and enable Java for just that one browser. For example, if you have a banking site that demands Java and Internet Explorer, install Java 7 Update 7 (download site
) only on IE.

Keep in mind that, even with Java 7, Update 7 installed, there's cause to worry. Other unpatched Java vulnerabilities are out there and in use in attacks. For example, I received a phishing attack that used a fake Microsoft template with a Java/Blackhole payload. The details can be found on an ISC Diary page
.

- What to do: Try running your system with Java completely removed or disabled. Otherwise, use Java only when necessary and limit it to one browser.

end of article.

java 7 update 7 is the latest

Giving advice to ignore updates of any kind is a very serious situation!! Updates are in most cases provided due to a security vulnerability so they should be taken very seriously. Especially java and adobe updates.

get your updated java then run the javara tool to make sure all old versions are off the pc.


Follow-Up Postings:

 o
RE: Java updates

java 7 update 7 is the latest

Odd. I just went to the verify Java site linked to above and got the following result:

Congratulations!
You have the recommended Java installed (Version 6 Update 35).

???


 o
RE: Java updates

Well, I went into Programs > Java > Update and did the updating the 'old fashioned' way, and now I have Java 7 Update 7, so all's right with the world -- and my computer -- again. :-)


 o
RE: Java updates

I always suggest doing it through the control panel and the java icon on the pc, it's easy and I have found more accurate for the individual pc.

I also wanted to add this excellent article by Ed Bott

Here is a link that might be useful: Java can you really quit


 o
RE: Java updates

I got an interesting response to using java ra linked above. Avast messaged that this program was very rarely used by anyone and implied it was likely bogus.

I went to control panel java and see two versions sitting there but they are called 1.6.0_31 and 1.5.0_17. I suppose the 5 and 6 could refer to versions 5 and 6. Could you confirm?

This is just enough oddness to wait for some advise.


 o
RE: Java updates

Chas,

Do not confuse version with build.

On August 31st I upgraded to Java v7 Update 7 (build 1.7.0_07-b10). Java's update utility and RCs verification link shows that version to be current.

Before installing any other Java use RC's link to RA and remove all prior versions. Then install. You will be current and clean of flotsam and jetsam.

DA


 o
RE: Java updates

javara is a very legit and safe program we have used and recommended it for years on the help forums. the old ones can be removed manually but using javara just makes it easy and gets some that you may miss manually.

any versions you show other than the latest version can be removed. Java has recently added a feature that is supposed to remove the old version it is replacing but they never put out anything that would remove the versions prior to that so it is not surprising to see some very old versions still listed on older pcs.
How I would proceed, do the update from the java icon on the pc, that should provide you with 7-7, then run javara and let it remove all other versions it finds.


 o
RE: Java updates

thanks DA you commented as I was composing!


 o
RE: Java updates

Since I feel sure there will be "someone" that will want numbers and figures to back up this info and will demand such I will just go ahead and post that too.
IT Threat Evolution

go to vulnerbilities and see the listings for adobe and java, which hit the top 10 list for threats.
from that article:
"For the very first time in its history, this ranking includes products from two companies only: Adobe and Oracle (Java).
The second quarter of 2011 saw 27,289,171 vulnerable applications and files detected on users computers. We detected an average of 12 different vulnerabilities on each computer."


 o
RE: Java updates

I have been following this and tried it and ended up getting Babylon toolbar etc on my computer and remember that somewhere along the line that was not good, so went to programs and took it off. Will try again to update Java like you recommended. Boy what a learning job for me and I do appreciate all the help that you all give.
I too have Jave 6--35 so will go to programs and try to update it there. Then clean out the old.
Thanks
Marie


 o
RE: Java updates

Hmmmm, interesting information here. Java is not enabled on Chrome browser by default. I checked via programs and I do have the latest version installed. Just another reason I like and use Chrome.


 o
RE: Java updates

Hi Raven,

I went into add/remove programs and found JavaFX2.1.1 Should I remove that one? I updated to the newest version 7.7 and it is listed there and is OK. I just don't know what the JavaFX2.1.1 is. I will wait for your reply. Thank you. I have Windows XPSP3.

thirdfrt!!!


 o
RE: Java updates

use javara that way you know it will remove all the bits and pieces that need removing. The link is in my original post above.
The "Remove Older Versions" button does exactly what it says, but Windows 7 users must run the program as administrator to be able to uninstall the program.
JavaRa : Easily Remove Older Versions of Java


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Please review our Rules of Play before posting.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here