Java! Uninstall It, Update it, or bend over and grab the ketchup!

By +Warwagon
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

Java! Uninstall It, Update it, or bend over and grab the ketchup!

For some of you, this is news!

If you have it, but don't know you explicitly really need it, please uninstall it immediately!!

Java is bad. Not by itself, but by the exploits it brings along with it. While you may have the most current version, the bad guys always seem to keep a zero day vulnerability close to their hearts!

The current version of Java (version 7) does in fact use DEP. Which should (in theory keep Vista and Windows 7 users safe, until proven it doesn't). For those of you using XP, you should come up with a really good reason why you still need java.

My mom who does stock trading. I tell her, "Please keep java updated. Only use Java with IE. The rest of the time, use Java Firefox and the Quickjava extension with Java DISABLED!"

While a lot of you love java, (I Love a cup of coffee as much as the next guy) Please take Java seriously, otherwise you may be looking down a malware infested barrel, called a rootkit infested machine!

For those of you who know and program in Java and are OK with the consequences of having it installed "More power to you!".

For the rest of the Neowin members, if you have Java, that's great, but please (for the love of god) keep it up to date, or disabled until you need it!

Walfgang Kandek, CEO of Qualys, said that the 200,000 who visited broswere security service BrowserCheck in July 2010 ? January 2011, 42% of them were running versions of plug-in Java that had not been updated and contains known vulnerabilities. Only 24% of them were older versions of Flash that include also vulnerabilities. Other applications risky because old versions are Adobe Reader (32%) and Apple QuickTime(25%).

During 2010, Oracle released several updates to address vulnerabilities Java . One last update addresses a group of 21 vulnerabilities, 8 of them considered critical. 19 of which can be exploited through a network not valid without the required login data. It is the second warning that draws attention to Java , after the December, released by Cisco, which announced that attacks through Java had surpassed the number on the Adobe Reader and Acrobat in 2010.

From that blog post:

?During the one year period starting in the third quarter of 2010 (3Q10) and ending in the second quarter of 2011 (2Q11), between one-third and one-half of all exploits observed in each quarter were Java exploits[1]. During this one year period, Microsoft antimalware technologies detected or blocked, on average, 6.9 million exploit attempts on Java related components per quarter, totaling almost 27.5 million exploit attempts during the year.?

The exploit attacks a vulnerability that exists in
Oracle Java SE JDK and JRE 7 and 6 Update 27
and earlier. If you are using
Java 6 Update 29
, or
Java 7 Update 1
, then you have
that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it?s time to update. Not sure whether you have Java or what version you may be running? Check out
, and then click the ?Do I have Java?? link below the big red ?Free Java Download? button. Apple
to fix this flaw and other Java bugs earlier this month.

Enthusiast

Zkal

Posted
Posted

What's so special about Java that it deserves its own thread? Doesn't this rule apply to any software; update it or risk getting infected.

This plus just disable Java in your browser. That's what I do since only thing I use Java for is Minecraft.

Proficient

Beyond Godlike

Posted
Posted

I work in information security where we have IDS's setup. We regularly see java getting owned and malware being installed even on current versions within corporate environments. On peoples home PC's..yikes...

Grand Master

Chicane-UK Veteran

Posted
  • Veteran
Posted

I fricking hate Java.. I think the fundamental concepts of the language, and it being cross platform etc are excellent but like so many things to do with Oracle, it's just been horrendously implemented.

It seems to need updating on a near weekly basis and even if you turn off automatic updating, it still bugs you about updating. Not to mention how unreliable it is and the penchant it has for locking up / breaking. Hateful. I just wish it would go away and die somewhere quietly, and take Oracle with it.

Grand Master

cork1958

Posted
Posted

Will NEVER install Suns version of this total POS software!!

The ONLY use I have really ever seen for this bloated, insecure junk is java speed tests. I simply don't run those.

The 3 most attacked (and crappiest) pieces of software ever written, IMO, are java, flash, Windows!!

Grand Master

SuperKid

Posted
Posted

I would remove it, but i can't I am a java programmer and I need it to make server applications with!! :p I would NEVER EVER use Java for desktop applications period, but for server applications its great :)

Collaborator

jimmyfal

Posted
Posted

People are always asking me how to stay secure with their computers. Then I spin into the "keep Windows up to date, keep adobe up to date, adobe everything, and keep java up to date.

After their eyes stop glazing over I then walk over to the "laptop", remove java from the control panel, stop the computer from going to sleep every 20 minutes, and set Windows updates to happen at 3pm every day not 3am. Then I update Adobe and hope that they get the Adobe download that asks if you want to keep it up to date automatically. Where can I make that happen anyway? I can't seem to find that download all the time. Sometimes Adobe will provide a check mark to keep it updated automatically and sometimes it won't.

Then I put on MSE because it pretty much takes care of itself and set it to also scan once a week during the day. THEN I tell them to try and leave the computer on at 3pm every now and then to insure all the updates happen. OR do the updates manually.

Is it too much to ask the consumer to keep their computers updated to avoid getting viruses? That's the easiest question of all. YES. Warwagon knows...

Grand Master

leesmithg

Posted
Posted

I removed Java 7 and 6. I like playing dominoes and yahoo pool.

They don't work on it.

J2SE v1.5.0 is what yahoo tries to install and that works.

I wish we could have ms virtual machine which I enjoyed, but, NO.

Collaborator

Coolicer

Posted
Posted

I would remove it, but i can't I am a java programmer and I need it to make server applications with!! :p I would NEVER EVER use Java for desktop applications period, but for server applications its great :)

Wait, what? People are actually using JAVA applications on servers? Is it a heavy-load server or just a server that runs JAVA applications for some small tasks?

Veteran

Emon

Posted
Posted

Wait, what? People are actually using JAVA applications on servers? Is it a heavy-load server or just a server that runs JAVA applications for some small tasks?

http://en.wikipedia.org/wiki/Java_Platform,_Enterprise_Edition

Grand Master

Seizure1990

Posted
Posted

Java should be destroyed entirely. The only reason that it exists is that the .NET framework hasnt been opened to other OSs. If so, C# would **** all over it.

Uh, check out Mono. Woops, there goes your theory.

Java exists for a few very good reason, though you may not be aware of them.

Is it too much to ask the consumer to keep their computers updated to avoid getting viruses? That's the easiest question of all. YES. Warwagon knows...

I think ANYBODY who's worked in the repair industry knows - it's impossible :p

Wait, what? People are actually using JAVA applications on servers? Is it a heavy-load server or just a server that runs JAVA applications for some small tasks?

There are servers that actually run on Java, yes. Depending on the situation, it can make a lot of sense.

http://en.wikipedia....avaServer_Pages

http://en.wikipedia.org/wiki/Sun_Java_System_Web_Server

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • BrowserOS 0.46.0

      By Copernic · Posted

      BrowserOS 0.46.0 by Razvan Serea BrowserOS is a free, open-source Chromium-based browser that runs AI agents natively, offering a smarter, more productive browsing experience. It supports Chrome extensions and integrates AI agents to automate tasks, fill forms, and streamline workflows. Your data stays on your computer: you can use your own API keys or run local models via Ollama, making it a privacy-first alternative to tools like Perplexity, Comet, or Dia. With built-in productivity tools and app integrations, BrowserOS boosts efficiency while keeping control firmly in your hands. Being Chromium-based, BrowserOS lets you effortlessly import your bookmarks, passwords, and Chrome extensions in just a few clicks. BrowserOS works with OpenAI GPT models, Anthropic Claude, Google Gemini, and local AI models via Ollama or LMStudio. You can use your own API keys and effortlessly switch between providers. BrowserOS Agent Your AI productivity assistant that organizes and manages your browsing effortlessly Quickly list, group, or close tabs Save and resume browsing sessions Search your history and organize bookmarks Switch instantly to the tab you need BrowserOS Navigator – Automate web tasks with ease Navigate websites and search automatically Interact with pages without manual effort Handle repetitive tasks in seconds What makes BrowserOS special Feels like home - same familiar interface as Google Chrome, works with all your extensions AI agents that run on YOUR browser, not in the cloud Privacy first - bring your own keys or use local models with Ollama. Your browsing history stays on your computer Open source and community driven - see exactly what's happening under the hood MCP store to one-click install popular MCPs and use them directly in the browser bar (coming soon) Built-in AI ad blocker that works across more scenarios! BrowserOS 0.46.0 changelog: Run Claude Code & Codex right in your browser — We've extended the agent harness to bring full coding agents into BrowserOS. Claude Code and Codex now come bundled and plug straight into the assistant, so you can drive your browser with the agent — and the subscription — you already use. A brand new experience — A redesigned new tab, a calmer composer, and a rebuilt command center for switching between agents. The whole assistant is cleaner, faster to reach, and easier to live in. New MCP tools — We rebuilt the browser tool surface from the ground up — a tighter, more reliable set of tools for agents to drive the browser. Plus one-click install of BrowserOS as an MCP server into the agents you already run, with automatic URL sync. Chromium 148 — Updated to the latest Chromium base with all recent upstream fixes and security patches. Streamlined — We've pulled back a few features that weren't getting much use — Skills, Soul, and Memory — so we can focus and ship better versions of them soon. Download: BrowserOS 0.46.0 | 181.0 MB (Open Source) Download: BrowserOS for macOS | 485.0 MB Links: BrowserOS Homepage | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Politically funny images of the World

      By Michael Scrip · Posted

    • Microsoft finally admits its default Windows 11 25H2, 24H2 action broke key legacy component

      By hellowalkman · Posted

      Microsoft finally admits its default Windows 11 25H2, 24H2 action broke key legacy component by Sayan Sen Microsoft last week released Windows 11 KB5094126 and KB5093998 as the latest Patch Tuesday updates. Following that the company also published the accompanying dynamic updates under KB5094149, KB5095971, and KB5094156. So far the company has acknowledged two known issues that have popped up after the release which include bugged-out Office apps as well as the Recycle Bin; though there could be more at play too. Speaking of bugs and issues, Microsoft seems to have finally acknowledged a problem that probably has been around for close to a year. That's because back in July of 2025 the company made a default change to the latest Windows 11 versions, wherein it switched to JScript9Legacy on Windows 11 24H2 and later releases. Hence following the release of version 25H2 in October 2025, JScript9Legacy also remained default-enabled. As a result there has been a compatibility issue ever since then. For those wondering, by switching to JScript9Legacy Microsoft intended to improve the security of modern Windows PCs by reducing vulnerabilities tied to legacy scripting like cross-site scripting (XSS), among others. XSS exploits can allow cyber-attackers to attach malicious code onto legitimate websites and use them to execute the code when a potential victim loads such a website. Hence the new JScript9Legacy engine enforced stricter execution policies and improved object handling, which should help mitigate such attacks. Microsoft today has published a new support article detailing the problem. Neowin spotted it while browsing. The company says that JScript global definitions and execution context may fail to persist across scripts, potentially breaking older dependent apps and web-based components that relied on this legacy behavior. In the article Microsoft has confirmed that the issue stems from its move away from the older jscript9.dll engine in favor of jscript9legacy.dll. As mentioned above, while the newer engine was designed to address vulnerabilities and strengthen security it also changes how JScript handles execution context. As a result functions and definitions loaded by one script could no longer remain available to subsequent scripts once execution ended. The company notes that some applications worked correctly on earlier Windows versions because the older JScript engine automatically retained global definitions and execution state between scripts. Under the newer model though that behavior is disabled by default causing certain legacy workloads and polyfill-dependent scripts to fail. Microsoft says it addressed the problem via the KB5077241 update though the fix had not been enabled automatically in the following updates. As such admins must explicitly turn on persistent JScript execution context using a Registry setting that the tech giant shared today. The configuration can be applied to individual processes or system-wide through the FEATURE_ENABLE_PERSISTENCE registry key. The steps have been outlined below: Run the following command to create the feature control registry key: reg add "HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PERSISTENCE" Under this key, create a new DWORD (32-bit) value. Configure the value as follows: To enable persistence for specific processes only: Set the value to 1 for each target process name. To enable persistence for all processes: Add * as the key name and set its value to 1. You can find the official support article here on Microsoft's website.
    • The quantum search for Time's origin had an equally mind-boggling conclusion

      By cleverclogs · Posted

      The possibility that milk gathers back into a glass implies that gravity can be 'reversed'.
    • VidCoder 12.20

      By Copernic · Posted

      VidCoder 12.20 by Razvan Serea  VidCoder is a DVD/Blu-ray ripping and video transcoding application for Windows. It uses HandBrake as its encoding engine. Calling directly into the HandBrake library gives it a more rich UI than the official HandBrake Windows GUI. VidCoder can rip DVDs but does not defeat the CSS encryption found in most commercial DVDs. You’ll need the NET 8 Desktop Runtime. If you don’t have it, VidCoder will prompt you to download and install it. The Portable version is self-contained and does not require any .NET Runtime to be installed. You do not need to install HandBrake for VidCoder to work. Feature list: Multi-threaded MP4, MKV containers Completely integrated encoding pipeline: everything is in one process and no huge intermediate temporary files H.264, H.265, MPEG-4, MPEG-2, VP8, Theora video Hardware-accelerated encoding with AMD VCE, Nvidia NVENC and Intel QuickSync AAC, MP3, Vorbis, AC3, FLAC audio encoding and AAC/AC3/MP3/DTS/DTS-HD passthrough Target bitrate, size or quality for video 2-pass encoding Decomb, detelecine, deinterlace, rotate, reflect, chroma smooth, colorspace filters Powerful batch encoding with simultaneous encodes Customizable Pickers to automatically pick audio and subtitle tracks, destination, titles and more Instant source previews Creates small encoded preview clips Pause, resume encoding VidCoder 12.20 changes: Updated HandBrake core to 1.11.2. Download: VidCoder 12.20 | 47.0 MB (Open Source) Download: Portable VidCoder 12.19 | 89.3 MB Link: VidCoder Home Page | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • Week One Done
      Jordan Smith earned a badge
      Week One Done
    • Reacting Well
      BizSAR earned a badge
      Reacting Well
    • First Post
      AndreaB earned a badge
      First Post
    • Week One Done
      Huge Trailer earned a badge
      Week One Done
    • Week One Done
      Classifyskilleducation earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      590
    2. 2
      +Edouard
      185
    3. 3
      PsYcHoKiLLa
      76
    4. 4
      Michael Scrip
      73
    5. 5
      Steven P.
      66
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!