![]() |
|
31 Oct 2013 | #1 |
Microsoft Windows 7 Ultimate 32-bit 7601 Multiprocessor Free Service Pack 1
|
Java is unsafe! Which part and which version
We all hear that Java is unsafe, but which part is unsafe?
There are browser plugins and there is standalone applications (which have its own version of Java). I have found this on my C drive Quote:
Filename: c:\Datalogic\IMPACT\Applications\jre\bin\java-rmi.exe Version: 6.0.250.6
Filename: c:\Datalogic\IMPACT\Applications\jre\bin\java.exe Version: 6.0.250.6 Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javacpl.exe Version: 6.0.250.6 Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javaw.exe Version: 6.0.250.6 Filename: c:\Datalogic\IMPACT\Applications\jre\bin\javaws.exe Version: 6.0.250.6 Filename: c:\Program Files\Finale NotePad 2012\Plugin Components\Java\jre\bin\java-rmi.exe Version: 6.0.300.12 Filename: c:\Program Files\Java\jre7\bin\java-rmi.exe Version: 7.0.450.18 Filename: c:\Program Files\Java\jre7\bin\java.exe Version: 7.0.450.18 Filename: c:\Program Files\Java\jre7\bin\javacpl.exe Version: 10.45.2.18 Filename: c:\Program Files\Java\jre7\bin\javaw.exe Version: 7.0.450.18 Filename: c:\Program Files\Java\jre7\bin\javaws.exe Version: 10.45.2.18 Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\java-rmi.exe Version: 0.0.0.0 Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\java.exe Version: 0.0.0.0 Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javacpl.exe Version: 0.0.0.0 Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javaw.exe Version: 0.0.0.0 Filename: c:\Program Files\Jet Profiler for MySQL\jre\bin\javaws.exe Version: 0.0.0.0 Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\java-rmi.exe Version: 7.0.100.18 Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\java.exe Version: 7.0.100.18 Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javacpl.exe Version: 10.10.2.18 Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javaw.exe Version: 7.0.100.18 Filename: c:\Program Files\JetBrains\PyCharm Community Edition 3.0\jre\jre\bin\javaws.exe Version: 10.10.2.18 Filename: c:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\javacpl.exe Version: 10.5.1.255 Filename: c:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\javaws.exe Version: 10.5.1.255 Filename: c:\Windows\System32\java.exe Version: 7.0.450.18 Filename: c:\Windows\System32\javaw.exe Version: 7.0.450.18 Filename: c:\Windows\System32\javaws.exe Version: 10.45.2.18 Oracle recommends version Version 7 upgrade 45 (7.0.450.18) I don't have any browser plugins activated (I think) but I have some standalone applications that has their own Java version Which are safe(ish)? |
My System Specs![]() |
. |
|
31 Oct 2013 | #2 |
|
I too have some apps that include an old versions of Java. In my case, version 6 update 19.
But I do not think that the files are referenced in the registry in such a way as to allow a program to pass a Java file to the OS shell... in other words: If a browser tries to run a Java file, the operating system will not know to pass that file on to the old version of Java that comes with these apps. Malware writers usually attempt to use Java's flaws to get the malware running in such a way that it can do things that it normally could not do. In theory, malware could be started via other means (you run something from a USB/CD/DVD/download) and the malware could scan the hard drive for versions of Java that it can exploit - thus allowing the malware the ability to do things that it normally could not do. I doubt that there are any forum members that are willing to state which parts of Java are safe. (Probably not the answer that you wanted to hear.) |
My System Specs![]() |
31 Oct 2013 | #3 |
|
Guess what? Unfortunately all java is unsafe and has multiple attack points and exploits. Simply do not use it.
(Unless you absolutely have too) |
My System Specs![]() |
. |
|
31 Oct 2013 | #4 |
|
|
My System Specs![]() |
01 Nov 2013 | #5 |
|
No, did you not read my post? The program itself is unsafe.....meaning it has multiple security holes. It can easily be exploited and attacked.
See here for examples: http://arstechnica.com/security/2013...e-experts-say/ http://www.usatoday.com/story/tech/c...-java/1840219/ http://www.pcworld.com/article/20301...and-flash.html Oracle on Monday was distributing a patch for Java software flaws deemed so dangerous that the US Department of Homeland Security said that people should stop using it. Read more at: http://phys.org/news/2013-01-oracle-...holes.html#jCp |
My System Specs![]() |
03 Nov 2013 | #6 |
![]() |
You can, at least, remove older versions of Java to reduce your exposure.
Why should I uninstall older versions of Java from my system? Java Uninstall Tool A Guy |
My System Specs![]() |
03 Nov 2013 | #7 |
|
You can, at least, remove older versions of Java to reduce your exposure.
Why should I uninstall older versions of Java from my system? Java Uninstall Tool A Guy ...but, I do not think that the Java Uninstall Tool (JUT) will help the OP. You can have several old versions of Java installed by other apps (which is what the OP is talking about) and those versions will not be detected by the JUT. That JUT only looks in the registry for one key. If that key is not there, it gives up. See the end of this video for that key. ![]() I ran the JUT using IE10 with 64bit tabs and 64bit Java and IE10 with 32bit tabs and 32bit Java Neither found the old Java shown in the screenshot. I'm guessing that the OP will have the same results. |
My System Specs![]() |
03 Nov 2013 | #8 |
![]() |
The OP, yes. But wasn't speaking to removing the older versions used by an application. It was more a general Java safety (an oxymoron?) tip. The biggest exposure is via browsers, but older Java installations on the system are still an issue.
The older versions in apps can hopefully either be updated via the app, or sometimes you can just copy the corresponding file from the updated Java installation to the app. An older app, that has no newer alternative, and must use an older Java would not be acceptable, although I understand people are put in positions where they must use such conditions. I don't have Java to confirm what options are available with "Additional tasks" in JavaRa these days. Nor did I have that ability with Java's own tool. A Guy |
My System Specs![]() |
03 Nov 2013 | #9 |
|
The particular thing that has been specified to have flaws always were the browsers plugins, which are able, under the right circumstances, to run arbitrary code on your computer. Disabling them removes the vulnerability altogether. I'm not aware of any other parts of them to have the same flaw, since everything else runs on your machine and isn't exposed to the web.
Another different history are the programs themselves written in Java. They can be themselves a problem because of their own behavior, but not related to Java itself (the same can happen with any program, written in ANY language). Some programs as you see use their own "private" Java runtime in their own folders, which is merely a convenience. That doesn't means a potential security exploit in your computer (again, the flawed component is the browser plugin) because of the presence of those, but rather you must think if you really trust the program using them, as you would do with any program. Just remember to have an updated antivirus, a working, properly configured firewall and most important common sense, and you can live reasonably safe. |
My System Specs![]() |
03 Nov 2013 | #10 |
|
The particular thing that has been specified to have flaws always were the browsers plugins, which are able, under the right circumstances, to run arbitrary code on your computer. Disabling them removes the vulnerability altogether. I'm not aware of any other parts of them to have the same flaw, since everything else runs on your machine and isn't exposed to the web.
Another different history are the programs themselves written in Java. They can be themselves a problem because of their own behavior, but not related to Java itself (the same can happen with any program, written in ANY language). Some programs as you see use their own "private" Java runtime in their own folders, which is merely a convenience. That doesn't means a potential security exploit in your computer (again, the flawed component is the browser plugin) because of the presence of those, but rather you must think if you really trust the program using them, as you would do with any program. Just remember to have an updated antivirus, a working, properly configured firewall and most important common sense, and you can live reasonably safe. I stand corrected. Actually, I'm not standing at the moment :-) |
My System Specs![]() |
![]() |
Thread Tools | |
Similar help and support threads | ||||
Thread | Forum | |||
Java 8 Version 131? Hi, Less than an hour ago my Java Updater displayed a pop-up saying an upgrade to Version 8 131 was available. Given Java updates on a quarterly basis it sounds legitimate, but Java.com still lists 121 as the most recent version. Is this update safe to install? |
Software | |||
New Version of Java not working with applets Hello all, I just got a prompt to update java this morning and when I updated it this morning and went back to the website I was using all of a sudden now the java applet is not working now its taking me more than 5 minutes to do what I need to do what sorts of things should i try i am using the... |
Software | |||
Java Version 7 Update 45 Source Release Notes Java? SE Development Kit 7 Update 45 Release Notes Download Java Downloads for All Operating Systems |
Software | |||
Java...What version? I didn't realize it but there are several versions of java out there, Sun or Oracle, which is the real one and which is best for Win 7? |
Software | |||
Java.. new version 6.18 I've been alerted about the newest version of Java.. on the laptop.. I keep hearing Java is difficult to un-install ( old version )..on Windows 7.. shall I try to un-install it.. I need to install the new version. On XP I would go to the Control Panel and un-install all versions.. and such... |
Software |
Our Sites |
Site Links |
About Us |
Find Us |
Windows 7 Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd All times are GMT -5. The time now is 09:57. |
![]() ![]() ![]() ![]() ![]() |