Tuesday, October 19, 2010

On Java

I am writing this while on vacation because it is so important that I want it to be out as soon as possible. Again it underlines the requirement to proactively check for updates regularly; that means not when you happen to remember, once a month or anything like that. Do it at least once every week if you want to stay safe. Those updates have to be done for security reasons, not to just have the newest gadget!

In the following I will quote from an Australian computer technicians blog and add my comments right after a quote.

This past year something has been brewing in the underbelly of the Internet that has only recently come to light, causing security experts to sit up and taking notice.

Exploits on Java have multiplied tremendously in number and they are proving to be incredibly effective.

Many of you may have heard of rogue programs; some of you may even have had to battle one or call me for assistance. Much of that is due to Java.

Three recent vulnerabilities in Java have paved the way for malware exploitation and all three have had patches available for some time.

So why in all the world don’t people keep the software in their computers up to date?  Actually, this is a rhetorical question; mostly because people never have been told, some don’t do it because of complacency and all don’t do it because Microsoft did not design a “standardized” method to do it.

… notable is that two of the [Java] vulnerabilities went from hundreds of thousands of attacks per quarter [year] to millions.
Now that we know what is going on, what can we do to avoid malware drama?

Make sure to update Java frequently; in fact, a very important update for Java was just released today [Oct. 18 2010] with fixes for 15 highly severe vulnerabilities.

I have updated the Java paragraph of my article on What To Update to reflect this renewed importance of keeping Java up to date.

As of October 18, 2010 the most current version of Java is 6.0.22. In Add/Remove Programs on Win XP or in Programs and features in Vista and Win7 the entry looks like this:
ScreenShot026 I recommend to remove (or uninstall) all other Java versions. Future updates or releases will have higher version or update numbers. All eventually left behind older versions need to be removed manually, that is from within Add/Remove Programs or Programs and Features respectively.

Make sure you check for Java Updates regularly!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

2 comments:

Grandma said...

I have the latest update of Java installed but a Secunia scan shows I still have Java 6.0.10.6 as a security threat and it requires an uninstall to remove. The forum thread on this topice shows I am not alone with the problem. In add/uninstall I find these at Java: Version 1.6.0.20, 6.0.220 and 1.6.0.10 (but no 6.0.10.6). Can I just delete everything and start over with a new Java download or would that create more unintended problems with other programs. Thanks. And hope vacation is going good. A WTKM fan.

Eike Heinze said...

Thank you, Grandma.

I will update the article to reflect what should be left. Everything else called Java should be removed.

For newer versions that finally happens mostly automatically but I recommend to check it anyway.