Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Java is unsafe! Which part and which version


31 Oct 2013   #1

Microsoft Windows 7 Ultimate 32-bit 7601 Multiprocessor Free Service Pack 1
 
 
Java is unsafe! Which part and which version

We all hear that Java is unsafe, but which part is unsafe?
There are browser plugins and there is standalone applications (which have its own version of Java).

I have found this on my C drive

Quote:
Filename: c:\Datalogic\IMPACT\Applications\jre\bin\java-rmi.exe Version: 6.0.250.6
Filename: c:\Datalogic\IMPACT\Applications\jre\bin\java.exe Version: 6.0.250.6
Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javacpl.exe Version: 6.0.250.6
Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javaw.exe Version: 6.0.250.6
Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javaws.exe Version: 6.0.250.6
Filename: c:\Program Files\Finale NotePad 2012\Plugin Components\Java\jre\bin\java-rmi.exe Version: 6.0.300.12
Filename: c:\Program Files\Java\jre7\bin\java-rmi.exe Version: 7.0.450.18
Filename: c:\Program Files\Java\jre7\bin\java.exe Version: 7.0.450.18
Filename: c:\Program Files\Java\jre7\bin\javacpl.exe Version: 10.45.2.18
Filename: c:\Program Files\Java\jre7\bin\javaw.exe Version: 7.0.450.18
Filename: c:\Program Files\Java\jre7\bin\javaws.exe Version: 10.45.2.18
Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\java-rmi.exe Version: 0.0.0.0
Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\java.exe Version: 0.0.0.0
Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javacpl.exe Version: 0.0.0.0
Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javaw.exe Version: 0.0.0.0
Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javaws.exe Version: 0.0.0.0
Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\java-rmi.exe Version: 7.0.100.18
Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\java.exe Version: 7.0.100.18
Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javacpl.exe Version: 10.10.2.18
Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javaw.exe Version: 7.0.100.18
Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javaws.exe Version: 10.10.2.18
Filename: c:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\javacpl.exe Version: 10.5.1.255
Filename: c:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\javaws.exe Version: 10.5.1.255
Filename: c:\Windows\System32\java.exe Version: 7.0.450.18
Filename: c:\Windows\System32\javaw.exe Version: 7.0.450.18
Filename: c:\Windows\System32\javaws.exe Version: 10.45.2.18
Just by searching for java*.exe, but there are also java*.dll and ...

Oracle recommends version Version 7 upgrade 45 (7.0.450.18)

I don't have any browser plugins activated (I think) but I have some standalone applications that has their own Java version

Which are safe(ish)?

My System SpecsSystem Spec
.

31 Oct 2013   #2

W7 Pro SP1 64bit
 
 

I too have some apps that include an old versions of Java. In my case, version 6 update 19.

But I do not think that the files are referenced in the registry in such a way as to allow a program to pass a Java file to the OS shell... in other words: If a browser tries to run a Java file, the operating system will not know to pass that file on to the old version of Java that comes with these apps.

Malware writers usually attempt to use Java's flaws to get the malware running in such a way that it can do things that it normally could not do. In theory, malware could be started via other means (you run something from a USB/CD/DVD/download) and the malware could scan the hard drive for versions of Java that it can exploit - thus allowing the malware the ability to do things that it normally could not do.

I doubt that there are any forum members that are willing to state which parts of Java are safe.
(Probably not the answer that you wanted to hear.)
My System SpecsSystem Spec
31 Oct 2013   #3

Windows 7 Professional x64 Sp1
 
 

Guess what? Unfortunately all java is unsafe and has multiple attack points and exploits. Simply do not use it.

(Unless you absolutely have too)
My System SpecsSystem Spec
.


31 Oct 2013   #4

Windows 7 64-bit
 
 

Quote   Quote: Originally Posted by andrew129260 View Post
Guess what? Unfortunately all java is unsafe and has multiple attack points and exploits. Simply do not use it.

(Unless you absolutely have too)
Why is inherently unsafe? Is it because java bypasses the normal windows security layers?
My System SpecsSystem Spec
01 Nov 2013   #5

Windows 7 Professional x64 Sp1
 
 

No, did you not read my post? The program itself is unsafe.....meaning it has multiple security holes. It can easily be exploited and attacked.

See here for examples:

http://arstechnica.com/security/2013...e-experts-say/

http://www.usatoday.com/story/tech/c...-java/1840219/

http://www.pcworld.com/article/20301...and-flash.html

Oracle on Monday was distributing a patch for Java software flaws deemed so dangerous that the US Department of Homeland Security said that people should stop using it.

Read more at: http://phys.org/news/2013-01-oracle-...holes.html#jCp
My System SpecsSystem Spec
03 Nov 2013   #6

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

You can, at least, remove older versions of Java to reduce your exposure.

Why should I uninstall older versions of Java from my system?

Java Uninstall Tool

A Guy
My System SpecsSystem Spec
03 Nov 2013   #7

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by A Guy View Post
You can, at least, remove older versions of Java to reduce your exposure.

Why should I uninstall older versions of Java from my system?

Java Uninstall Tool

A Guy
I'm not sure if you were talking to the OP or to benedictus or both...
...but, I do not think that the Java Uninstall Tool (JUT) will help the OP.

You can have several old versions of Java installed by other apps (which is what the OP is talking about) and those versions will not be detected by the JUT. That JUT only looks in the registry for one key. If that key is not there, it gives up. See the end of this video for that key.

Java is unsafe! Which part and which version-ie10-64bit-java64bit.png

I ran the JUT using
IE10 with 64bit tabs and 64bit Java
and
IE10 with 32bit tabs and 32bit Java
Neither found the old Java shown in the screenshot.
I'm guessing that the OP will have the same results.


My System SpecsSystem Spec
03 Nov 2013   #8

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

The OP, yes. But wasn't speaking to removing the older versions used by an application. It was more a general Java safety (an oxymoron?) tip. The biggest exposure is via browsers, but older Java installations on the system are still an issue.

The older versions in apps can hopefully either be updated via the app, or sometimes you can just copy the corresponding file from the updated Java installation to the app. An older app, that has no newer alternative, and must use an older Java would not be acceptable, although I understand people are put in positions where they must use such conditions.

I don't have Java to confirm what options are available with "Additional tasks" in JavaRa these days. Nor did I have that ability with Java's own tool. A Guy
My System SpecsSystem Spec
03 Nov 2013   #9

Windows 7 Ultimate x64
 
 

The particular thing that has been specified to have flaws always were the browsers plugins, which are able, under the right circumstances, to run arbitrary code on your computer. Disabling them removes the vulnerability altogether. I'm not aware of any other parts of them to have the same flaw, since everything else runs on your machine and isn't exposed to the web.

Another different history are the programs themselves written in Java. They can be themselves a problem because of their own behavior, but not related to Java itself (the same can happen with any program, written in ANY language). Some programs as you see use their own "private" Java runtime in their own folders, which is merely a convenience. That doesn't means a potential security exploit in your computer (again, the flawed component is the browser plugin) because of the presence of those, but rather you must think if you really trust the program using them, as you would do with any program.

Just remember to have an updated antivirus, a working, properly configured firewall and most important common sense, and you can live reasonably safe.
My System SpecsSystem Spec
03 Nov 2013   #10

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
~~~
I doubt that there are any forum members that are willing to state which parts of Java are safe.
(Probably not the answer that you wanted to hear.)
Quote   Quote: Originally Posted by Alejandro85 View Post
The particular thing that has been specified to have flaws always were the browsers plugins, which are able, under the right circumstances, to run arbitrary code on your computer. Disabling them removes the vulnerability altogether. I'm not aware of any other parts of them to have the same flaw, since everything else runs on your machine and isn't exposed to the web.

Another different history are the programs themselves written in Java. They can be themselves a problem because of their own behavior, but not related to Java itself (the same can happen with any program, written in ANY language). Some programs as you see use their own "private" Java runtime in their own folders, which is merely a convenience. That doesn't means a potential security exploit in your computer (again, the flawed component is the browser plugin) because of the presence of those, but rather you must think if you really trust the program using them, as you would do with any program.

Just remember to have an updated antivirus, a working, properly configured firewall and most important common sense, and you can live reasonably safe.

I stand corrected.

Actually, I'm not standing at the moment :-)
My System SpecsSystem Spec
Reply

 Java is unsafe! Which part and which version




Thread Tools



Similar help and support threads for2: Java is unsafe! Which part and which version
Thread Forum
Java Version 7 Update 45 Software
Solved Uninstall Old Java Version - Cannot Find Software
Java...What version? Software
New Java version available - 6 update 24 Released Browsers & Mail
Java.. new version 6.18 Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:57 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33