Microsoft offers warning on fake Java update alerts

There's been a lot of news lately about Oracle's Java software and none of it has been good. The US government put out an alert for everyone to disable Java earlier this month on their PCs due to an exploit that was found to be used in the wild by hackers. Java's creators at Oracle issued a patch a few days later but even more exploits have been discovered since then.

In a new post on Microsoft's security tips blog, the company warns that some hackers may try to take advantage of this current situation. It stated:

Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software. These alerts state that your computer or other device is at risk, but clicking a link in one of them could lead you to downloading malicious software. In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately.

Microsoft says that if you want to update Java on your PC, you should do so directly via Oracle's website. The only alternative is to disable Java on your web browser or to uninstall Java on your PC entirely.

Source: Microsoft | Image via Oracle

Report a problem with article
Previous Story

Microsoft files for Marlow Briggs and Gunpowder game trademarks

Next Story

Xbox Live service down for Xbox 360, Windows 8 and more [Update]

32 Comments

Commenting is disabled on this article.

I was worried about it but I de-installed Java about 6 months ago and as a heavy user expected some pain as I use the web heavily daily. However I haven't been affected much at all. In fact I can think of only three sites where I really miss it and I can live without two of them. So for the safety of my data I only re-install Java when I need to access the third site the official live F1 timing. Once the race is over I de-install it.

Very happy I have removed a big risk to my PC as this has been going on for years and Oracle clearly can't be trusted as security conscious citizens.

There are fake java AND flash updates. I've seen'em both. There's also a mad outbreak of fake windows antivirus popups (warning your computer is infected, click ok to start scaning bla bla bla)... the only way to escape is "ctrl shift esc" and end task on your web browser.

It's been clear for far too long that installing Java is basically just installing a backdoor for hackers to do whatever they wish with your system.

If your bank account is drained or your system partition gets formatted during a restart, you won't have anyone to blame but yourself.

Is it worth it for a game, or to watch animated radar at noaa.gov?

listen minecraft kids, time to grow some balls and start to play DX11 C/C++ powered games... just like bosses and cool people do. I can't imagine me playing ugly, laggy, bogus and unsecure games... U__u

WinRT said,
listen minecraft kids, time to grow some balls and start to play DX11 C/C++ powered games... just like bosses and cool people do. I can't imagine me playing ugly, laggy, bogus and unsecure games... U__u

And we'll forget that many microcontroller and microprocessor developers as well as others use Java-based Eclipse as an IDE... including TI, FreeScale, Google, IBM, SAP, Sybase, ARM....

I have two pieces of software that require it. One I can get rid of and replace with something else, the other no. Frustrating.

Or Ninite, that downloads directly from Oracle's site. Still... I only have to use Java for my bank account. If only they switch for something else...

I never thought I'd see the day that Java, a supposedly secure sandboxed virtual machine, would be having the same security issues as ActiveX used to.

billyea said,
I never thought I'd see the day that Java, a supposedly secure sandboxed virtual machine, would be having the same security issues as ActiveX used to.

Oracle ended up with Java as a result of buying Sun. They have zero interest in maintaining or developing what is effectively a free programming language, especially when some of its major competitors use Java extensively to run/support their own business (in competition to Oracle).

They were shamed into providing a fix recently. I'm sure they are just looking for more ways to dump it and hurt their competitors.

The competition will only hurt for a little while before they rebound. Supporting JRE is a nightmare, I hope to see JRE and Flash die someday in my lifetime.

dvb2000 said,

Oracle ended up with Java as a result of buying Sun. They have zero interest in maintaining or developing what is effectively a free programming language, especially when some of its major competitors use Java extensively to run/support their own business (in competition to Oracle).

They were shamed into providing a fix recently. I'm sure they are just looking for more ways to dump it and hurt their competitors.

Oracle cares a great deal about Java. Their own development tools were written using Java, and were doing a lot of work to integrate Java into the database. And if they didn't care too much about Java, as soon as they bought SUN they would have released Java to the public domain, instead only a few months later they vigorously pursued Google over Google's use of Java in Android. If Oracle didn't care, they wouldn't have worried too much about claiming a few lines of code were copied.

dvb2000 said,
Oracle ended up with Java as a result of buying Sun. They have zero interest in maintaining or developing what is effectively a free programming language, especially when some of its major competitors use Java extensively to run/support their own business (in competition to Oracle).
I despise Oracle as a company because of their general practices, but Java was known for its security vulnerabilities before Sun was purchased.

Toysoldier said,
Come on, finish HTML5, let java and flash die with the legacy hardware.

Uh. I hate Java as much as the next guy that's ever had to deal with it without drinking the koolaid first, but if you think the web is the only platform Java exists on, your opinion is sorely lacking in substance.

Joshie said,

Uh. I hate Java as much as the next guy that's ever had to deal with it without drinking the koolaid first, but if you think the web is the only platform Java exists on, your opinion is sorely lacking in substance.

Well I am clearly referring to the use of Java on computers given that this thread is about java on computers.

What he is referring to is the frustrating amount of desktop installed applications that require JRE to function. Some of these nightmares are business critical and require older versions of JRE.

That statement has always ticked me off. If it was so critical (as owners have told me), why isn't it critical enough to secure or update?

zeke009 said,
What he is referring to is the frustrating amount of desktop installed applications that require JRE to function. Some of these nightmares are business critical and require older versions of JRE.

If he was referring to desktop apps that require the JRE, he wouldn't have suggested HTML5 as a replacement.

He didn't suggest HTML5. The OP of the thread did. The next guy said it exists on desktops as apps also, which it does.

It is frustrating the number of apps, especially in education. Our web filter at work requires a Java applet to run (thankfully changing this week). There are many others that aren't web apps.

Toysoldier said,

Well I am clearly referring to the use of Java on computers given that this thread is about java on computers.


Well, it's a good thing you meant Java on computers. I mean it's not like Blu-ray, cellphones, coffee makers, Android / Dalvik, and servers use it... thank gosh.

So since you have such a firm grasp on the situation, maybe you can point me at the HTML5 port of Eclipse IDE? And you probably know where to get the HTML5 version of Java EE?