Tag Archives: security flaws

More on Java and other updates

You may remember that I mentioned security flaws related to Java in a recent blog (Do you really need Java? – 17 Sept 2012). Well a report from Kaspersky, the security giant, details that Java is now the number one attack target, accounting for more than half of all malware exploit attempts. In other words, hackers are using the flaws in Java the most, to gain access to people’s computers.

Kaspersky doesn’t give any firm figures, but I’m assuming we’re talking significant numbers. According to Java, it is installed on 1.1 billion computers around the world. So rich pickings for hackers. Number two in the attack list is Adobe Reader.

According to W3Tech 0.2% of websites use Java. That’s 2 in every 1000. Confusingly, Java is not the same as Javascript which is used by 92% of websites. Websites that offer you the chance to book seats (say at a theatre or on a train), games sites, some learning sites which use animation all require Java. If you use OpenOffice or LibreOffice, or Adobe Creative Suite, then you’ll need Java.

In my recent posting I suggested that you could keep Java (in case you came a across a site that worked better with it) and change the update frequency, with the thought that Java would take these security flaws seriously and issue updates more regularly until it was fixed. The Kaspersky report is dated late October and implies that Java is not playing its part.

You have to make a decision. If any of the above apply to you, don’t ignore Java updates. But, if you are in the habit of ignoring requests from Java to update itself, then I suggest you uninstall it altogether. Far better ridding yourself of it, than hanging on to a version that is out of date. To uninstall Java:

  1. Go to the Control Panel through the Start menu
  2. Click Add/Remove Programs (in Windows XP) or
  3. Programs and Features in (Windows Vista and 7)
  4. Click the Java entry followed by the Install button the toolbar
  5. Follow the instructions on the screen
  6. Repeat for any reference to Java in the list.

If you then come a cross a webpage that requires Java for the page to work properly, then install it again and if the service that webpage is offering will be useful to you in the future, then make sure you don’t ignore Java update requests.

Adobe Reader, not surprisingly, is the number two target. I travel around and see a lot of different computers in a week, and frequently the session is preceded, or interrupted by a request to update Adobe Reader (and Java, for that matter). Too many people ignore these requests either because they think they have to pay something, don’t know what it means, or don’t have the time.

Think about it. An update request is coming from a program or feature that is already in use on your computer. The program’s engineers have developed a better way to run the program, or more likely have discovered a security flaw which can be exploited by hackers and have issued a patch (to use the jargon) to repair the flaw. The fact that a patch has been issued means that the hacker can then work out where the flaw is and exploit it on any computer that hasn’t applied the patch. So if you ignore update requests you are running software that is vulnerable. No matter how good your anti-virus and anti-malware protection is, your system is potentially open to attack.

Updating Adobe Reader is even easier than updating Java. Just don’t put it off. Adobe Reader is needed in lots of instances when you’re on the internet, so don’t uninstall it. It would be too inconvenient to be without it. Just keep it update.

What we need from companies like Java and Adobe is updates that are handled automatically (as Windows updates are) by default, without us having to intervene. Out of date software is like a free meal to hackers. So why not withdraw the invitation?

This article applies to Windows users, but if you’re using an Android smartphone and have Adobe Reader installed on it, this article applies to you too.

Please feel free to leave a comment.