Applications that really rely on a specific version of the Java run-time should use a private copy of that specific version inside their own program environment, in stead of using the version installed at the OS level. This embedded copy will never be upgraded, except via an upgrade of the application that uses it. This is the recommended way of doing this, but not all software plays by the rules.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group.
Create a free Team What is Teams? Learn more. Ask Question. Asked 6 years, 11 months ago. Active 4 years, 5 months ago. Viewed 4k times. Can I uninstall the older updates? I am speaking with respect to Java for Windows. Improve this question. Add a comment. Active Oldest Votes.
Should I uninstall older versions of Java? Improve this answer. But why doesn't the update remove the older version for you? Or upgrade over the previous version. There must be a reason that it does leave the old version in place, even if its removal is recommended I was also wondering why they don't put a configurable option for whether you want to automatically uninstall the older versions or updates.
Java is not bundled into "clean" installations of Lion, but can be added later. Java is a favorite target of cybercriminals because it is so easy to exploit, and also because users are frequently using outdated versions of it.
The big problem is that Java installations aren't being patched, Carey said, which is a problem that can be traced back to three main issues. First of all, organizations are often unaware of the security implications of not patching their software. Second, if software that an organization depends on was written using older versions of Java, upgrading Java may cripple or altogether disable that software. Third, many users aren't aware that Web browsers are configured with Java plug-ins enabled, which makes them susceptible to drive-by malware attacks targeting older versions of Java.
This happens with Flashback. Java shouldn't be confused with JavaScript, an unrelated language used for enabling features on web pages. At one time, Java was absolutely necessary if you wanted to be able to use your computer for, well, just about everything. Today there is less need for it. A growing number of security experts recommend not installing Java if you don't already have it, and perhaps even getting rid of it if you do.
This will allow you to check if your browser has Java enabled, and if so, which plug-in version is it running. If your plug-in is out of date, updates are free to download and install.
Knowing if your computer actively uses Java for other applications, however, is a little tougher. If you are a business user, you may not have a choice.
Many companies have used the Java language to develop business applications that run on servers, and this "server-side" Java is safe. It's the "client-side" Java running via web browser plug-ins that is not safe.
Note that Java has nothing to do with JavaScript, which is another language used to develop websites and apps. JavaScript was originally developed by a different company Netscape under a different name LiveScript. The name was changed for marketing reasons that disgraced both the companies involved, neither of which survived.
Java has been in the news this year because of some "zero day" vulnerabilities exploited by malware writers. Zero day means there is no patch for the hole, so users cannot protect themselves by updating their software. In fact, Java became the main vehicle for malware attacks in the third quarter of , when they increased fold, according to Microsoft's Security Intelligence Report Volume 10 PDF.
Things got worse, and Kaspersky, a leading anti-virus company, dubbed The year of Java vulnerabilities. I therefore regard Java as an unnecessary security risk, and I removed it from our home PCs years ago. I suggest you do the same. Living without Java is much less of a challenge than living without Adobe Flash. All programs have bugs and may have security holes, so why the Draconian approach?
Sorry to say, I don't have enough confidence in Oracle's ability to fix it. Oracle didn't write Java, just inherited it when it bought the failing Sun Microsystems, and according to The Register : " Metasploit founder HD Moore warned Oracle was still sitting on a backlog of Java flaws that will take up to two years to patch, even without the discovery of new flaws. Oracle is good at selling high-priced products to large enterprises, but Java involves dealing with up to a billion non-paying consumers.
In my view, Oracle's belated response to the recent "veritable media firestorm" does not make the right noises about protecting consumers. It seems more concerned with defending its profit-making server-side and embedded Java businesses. So, start by disabling Java in all your browsers. Sophos's Naked Security blog has instructions for most popular browsers.
0コメント