Tag Archives: Java

More on Java and other updates

You may remember that I mentioned security flaws related to Java in a recent blog (Do you really need Java? – 17 Sept 2012). Well a report from Kaspersky, the security giant, details that Java is now the number one attack target, accounting for more than half of all malware exploit attempts. In other words, hackers are using the flaws in Java the most, to gain access to people’s computers.

Kaspersky doesn’t give any firm figures, but I’m assuming we’re talking significant numbers. According to Java, it is installed on 1.1 billion computers around the world. So rich pickings for hackers. Number two in the attack list is Adobe Reader.

According to W3Tech 0.2% of websites use Java. That’s 2 in every 1000. Confusingly, Java is not the same as Javascript which is used by 92% of websites. Websites that offer you the chance to book seats (say at a theatre or on a train), games sites, some learning sites which use animation all require Java. If you use OpenOffice or LibreOffice, or Adobe Creative Suite, then you’ll need Java.

In my recent posting I suggested that you could keep Java (in case you came a across a site that worked better with it) and change the update frequency, with the thought that Java would take these security flaws seriously and issue updates more regularly until it was fixed. The Kaspersky report is dated late October and implies that Java is not playing its part.

You have to make a decision. If any of the above apply to you, don’t ignore Java updates. But, if you are in the habit of ignoring requests from Java to update itself, then I suggest you uninstall it altogether. Far better ridding yourself of it, than hanging on to a version that is out of date. To uninstall Java:

  1. Go to the Control Panel through the Start menu
  2. Click Add/Remove Programs (in Windows XP) or
  3. Programs and Features in (Windows Vista and 7)
  4. Click the Java entry followed by the Install button the toolbar
  5. Follow the instructions on the screen
  6. Repeat for any reference to Java in the list.

If you then come a cross a webpage that requires Java for the page to work properly, then install it again and if the service that webpage is offering will be useful to you in the future, then make sure you don’t ignore Java update requests.

Adobe Reader, not surprisingly, is the number two target. I travel around and see a lot of different computers in a week, and frequently the session is preceded, or interrupted by a request to update Adobe Reader (and Java, for that matter). Too many people ignore these requests either because they think they have to pay something, don’t know what it means, or don’t have the time.

Think about it. An update request is coming from a program or feature that is already in use on your computer. The program’s engineers have developed a better way to run the program, or more likely have discovered a security flaw which can be exploited by hackers and have issued a patch (to use the jargon) to repair the flaw. The fact that a patch has been issued means that the hacker can then work out where the flaw is and exploit it on any computer that hasn’t applied the patch. So if you ignore update requests you are running software that is vulnerable. No matter how good your anti-virus and anti-malware protection is, your system is potentially open to attack.

Updating Adobe Reader is even easier than updating Java. Just don’t put it off. Adobe Reader is needed in lots of instances when you’re on the internet, so don’t uninstall it. It would be too inconvenient to be without it. Just keep it update.

What we need from companies like Java and Adobe is updates that are handled automatically (as Windows updates are) by default, without us having to intervene. Out of date software is like a free meal to hackers. So why not withdraw the invitation?

This article applies to Windows users, but if you’re using an Android smartphone and have Adobe Reader installed on it, this article applies to you too.

Please feel free to leave a comment.

Do you really need Java?

Java is a program that works with your browser (Internet Explorer, Firefox, Chrome, Safari) that enables you do take advantage of the services offered by a website. The one feature that springs to mind is booking theatre tickets; you can see the theatre seat layout, which seats have been sold and which are availble. Some programs also depend on Java such as OpenOffice.

In the past year, over 600,000 Apple computers have been infected by malware which has got onto these computer because of a flaw in the Java code. The makers of Java have been warned by the internet security industry that it is not taking their warnings seriously enough, and the latest ComputerActive magazine reports that Java should be removed from all computers, including Windows-based ones.

I’ve done a bit of looking around to see what other folk on the internet have been thinking, and I’ve done a bit of thinking myself. And this is what I recommend. Instead of removing Java, because you might use a site that uses Java, I suggest you keep on top of any updates on the assumption (safe or not) that the makers will eventually catch up with the problem and fix it with an update.

First, you have to check to see if you have Java installed. Go to the Control Panel and if you see the Java icon (it looks like a coffee cup) then Java is on your computer. If it’s not there and you haven’t been asked to install it, then you don’t need to read on.

Open the Java feature in the Control Panel and change the update schedule from monthly to daily:

Make sure there is a tick in the box beside Check for Updates Automatically
Click the Advanced… button on the same line
The following dialogue box will appear:

Java Control Panel

 

 

 

 

 

 

 

Click the Daily option
And Click OK (& again) to close the dialogue box.
Close the Control Panel.

Now you still have Java installed and if there are any updates you’ll be asked to install them. And remember to opt out of installing any extra features (such as the Ask toolbar) when you’re installing a Java update.

If you are an Apple user, or you want to know more as a Windows user, I suggest you go to the ComputerActive article at www.computeractive.co.uk/2202858 for more information. There’s another opinion here which may be of interest: http://www.zdnet.com/blog/bott/how-big-a-security-risk-is-java-can-you-really-quit-using-it/4749.

I’ll update this post with any news that the threat has passed. Please feel free to leave a comment.