Java is unsafe! Which part and which version


  1. andis59
    Posts : 77
    Microsoft Windows 7 Ultimate 32-bit 7601 Multiprocessor Free Service Pack 1
       New #1

    Java is unsafe! Which part and which version


    We all hear that Java is unsafe, but which part is unsafe?
    There are browser plugins and there is standalone applications (which have its own version of Java).

    I have found this on my C drive

    Filename: c:\Datalogic\IMPACT\Applications\jre\bin\java-rmi.exe Version: 6.0.250.6
    Filename: c:\Datalogic\IMPACT\Applications\jre\bin\java.exe Version: 6.0.250.6
    Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javacpl.exe Version: 6.0.250.6
    Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javaw.exe Version: 6.0.250.6
    Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javaws.exe Version: 6.0.250.6
    Filename: c:\Program Files\Finale NotePad 2012\Plugin Components\Java\jre\bin\java-rmi.exe Version: 6.0.300.12
    Filename: c:\Program Files\Java\jre7\bin\java-rmi.exe Version: 7.0.450.18
    Filename: c:\Program Files\Java\jre7\bin\java.exe Version: 7.0.450.18
    Filename: c:\Program Files\Java\jre7\bin\javacpl.exe Version: 10.45.2.18
    Filename: c:\Program Files\Java\jre7\bin\javaw.exe Version: 7.0.450.18
    Filename: c:\Program Files\Java\jre7\bin\javaws.exe Version: 10.45.2.18
    Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\java-rmi.exe Version: 0.0.0.0
    Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\java.exe Version: 0.0.0.0
    Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javacpl.exe Version: 0.0.0.0
    Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javaw.exe Version: 0.0.0.0
    Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javaws.exe Version: 0.0.0.0
    Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\java-rmi.exe Version: 7.0.100.18
    Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\java.exe Version: 7.0.100.18
    Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javacpl.exe Version: 10.10.2.18
    Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javaw.exe Version: 7.0.100.18
    Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javaws.exe Version: 10.10.2.18
    Filename: c:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\javacpl.exe Version: 10.5.1.255
    Filename: c:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\javaws.exe Version: 10.5.1.255
    Filename: c:\Windows\System32\java.exe Version: 7.0.450.18
    Filename: c:\Windows\System32\javaw.exe Version: 7.0.450.18
    Filename: c:\Windows\System32\javaws.exe Version: 10.45.2.18
    Just by searching for java*.exe, but there are also java*.dll and ...

    Oracle recommends version Version 7 upgrade 45 (7.0.450.18)

    I don't have any browser plugins activated (I think) but I have some standalone applications that has their own Java version

    Which are safe(ish)?
      My Computer
    Quote Quote

  3. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #2

    I too have some apps that include an old versions of Java. In my case, version 6 update 19.

    But I do not think that the files are referenced in the registry in such a way as to allow a program to pass a Java file to the OS shell... in other words: If a browser tries to run a Java file, the operating system will not know to pass that file on to the old version of Java that comes with these apps.

    Malware writers usually attempt to use Java's flaws to get the malware running in such a way that it can do things that it normally could not do. In theory, malware could be started via other means (you run something from a USB/CD/DVD/download) and the malware could scan the hard drive for versions of Java that it can exploit - thus allowing the malware the ability to do things that it normally could not do.

    I doubt that there are any forum members that are willing to state which parts of Java are safe.
    (Probably not the answer that you wanted to hear.)
      My Computer
    Quote Quote

  4. andrew129260
    Posts : 4,566
    Windows 10 Pro
       New #3

    Guess what? Unfortunately all java is unsafe and has multiple attack points and exploits. Simply do not use it.

    (Unless you absolutely have too)
      My Computer
    Quote Quote

  6. benedictus
    Posts : 2
    Windows 7 64-bit
       New #4

    andrew129260 said:
    Guess what? Unfortunately all java is unsafe and has multiple attack points and exploits. Simply do not use it.

    (Unless you absolutely have too)
    Why is inherently unsafe? Is it because java bypasses the normal windows security layers?
      My Computer
    Quote Quote

  7. andrew129260
    Posts : 4,566
    Windows 10 Pro
       New #5

    No, did you not read my post? The program itself is unsafe.....meaning it has multiple security holes. It can easily be exploited and attacked.

    See here for examples:

    http://arstechnica.com/security/2013...e-experts-say/

    http://www.usatoday.com/story/tech/c...-java/1840219/

    http://www.pcworld.com/article/20301...and-flash.html

    Oracle on Monday was distributing a patch for Java software flaws deemed so dangerous that the US Department of Homeland Security said that people should stop using it.

    Read more at: http://phys.org/news/2013-01-oracle-...holes.html#jCp
      My Computer
    Quote Quote

  8. A Guy
    Posts : 53,363
    Windows 10 Home x64
       New #6

    You can, at least, remove older versions of Java to reduce your exposure.

    Why should I uninstall older versions of Java from my system?

    Java Uninstall Tool

    A Guy
      My Computer
    Quote Quote

  10. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #7

    A Guy said:
    You can, at least, remove older versions of Java to reduce your exposure.

    Why should I uninstall older versions of Java from my system?

    Java Uninstall Tool

    A Guy
    I'm not sure if you were talking to the OP or to benedictus or both...
    ...but, I do not think that the Java Uninstall Tool (JUT) will help the OP.

    You can have several old versions of Java installed by other apps (which is what the OP is talking about) and those versions will not be detected by the JUT. That JUT only looks in the registry for one key. If that key is not there, it gives up. See the end of this video for that key.

    Java is unsafe! Which part and which version-ie10-64bit-java64bit.png

    I ran the JUT using
    IE10 with 64bit tabs and 64bit Java
    and
    IE10 with 32bit tabs and 32bit Java
    Neither found the old Java shown in the screenshot.
    I'm guessing that the OP will have the same results.
      My Computer
    Quote Quote

  11. A Guy
    Posts : 53,363
    Windows 10 Home x64
       New #8

    The OP, yes. But wasn't speaking to removing the older versions used by an application. It was more a general Java safety (an oxymoron?) tip. The biggest exposure is via browsers, but older Java installations on the system are still an issue.

    The older versions in apps can hopefully either be updated via the app, or sometimes you can just copy the corresponding file from the updated Java installation to the app. An older app, that has no newer alternative, and must use an older Java would not be acceptable, although I understand people are put in positions where they must use such conditions.

    I don't have Java to confirm what options are available with "Additional tasks" in JavaRa these days. Nor did I have that ability with Java's own tool. A Guy
      My Computer
    Quote Quote

  12. Alejandro85
    Posts : 2,468
    Windows 7 Ultimate x64
       New #9

    The particular thing that has been specified to have flaws always were the browsers plugins, which are able, under the right circumstances, to run arbitrary code on your computer. Disabling them removes the vulnerability altogether. I'm not aware of any other parts of them to have the same flaw, since everything else runs on your machine and isn't exposed to the web.

    Another different history are the programs themselves written in Java. They can be themselves a problem because of their own behavior, but not related to Java itself (the same can happen with any program, written in ANY language). Some programs as you see use their own "private" Java runtime in their own folders, which is merely a convenience. That doesn't means a potential security exploit in your computer (again, the flawed component is the browser plugin) because of the presence of those, but rather you must think if you really trust the program using them, as you would do with any program.

    Just remember to have an updated antivirus, a working, properly configured firewall and most important common sense, and you can live reasonably safe.
      My Computer
    Quote Quote

  13. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #10

    UsernameIssues said:
    ~~~
    I doubt that there are any forum members that are willing to state which parts of Java are safe.
    (Probably not the answer that you wanted to hear.)
    Alejandro85 said:
    The particular thing that has been specified to have flaws always were the browsers plugins, which are able, under the right circumstances, to run arbitrary code on your computer. Disabling them removes the vulnerability altogether. I'm not aware of any other parts of them to have the same flaw, since everything else runs on your machine and isn't exposed to the web.

    Another different history are the programs themselves written in Java. They can be themselves a problem because of their own behavior, but not related to Java itself (the same can happen with any program, written in ANY language). Some programs as you see use their own "private" Java runtime in their own folders, which is merely a convenience. That doesn't means a potential security exploit in your computer (again, the flawed component is the browser plugin) because of the presence of those, but rather you must think if you really trust the program using them, as you would do with any program.

    Just remember to have an updated antivirus, a working, properly configured firewall and most important common sense, and you can live reasonably safe.

    I stand corrected.

    Actually, I'm not standing at the moment
      My Computer
    Quote Quote

 

  Related Discussions
Hi, Less than an hour ago my Java Updater displayed a pop-up saying an upgrade to Version 8 131 was available. Given Java updates on a quarterly basis it sounds legitimate, but Java.com still lists 121 as the most recent version. Is this update safe to install?
Hello all, I just got a prompt to update java this morning and when I updated it this morning and went back to the website I was using all of a sudden now the java applet is not working now its taking me more than 5 minutes to do what I need to do what sorts of things should i try i am using the...
Source Release Notes Java? SE Development Kit 7 Update 45 Release Notes Download Java Downloads for All Operating Systems
I didn't realize it but there are several versions of java out there, Sun or Oracle, which is the real one and which is best for Win 7?
I've been alerted about the newest version of Java.. on the laptop.. I keep hearing Java is difficult to un-install ( old version )..on Windows 7.. shall I try to un-install it.. I need to install the new version. On XP I would go to the Control Panel and un-install all versions.. and such...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 14:48.
Find Us