In this post, Pioneer Web Design will discuss the issue Java Exploits Increase and show you How to Properly Update Java.
A recent entry on the Microsoft Malware Protection Center website notes an alarming spike in malware related to Java. Java is ‘ubiquitous’ in that it is used by almost all web users and integrated into almost all websites. It is prevalent in many applications used in Windows, Mac, and Linux, and is also found widely in mobile devices.
A few of the important things to be pointed out (from the article linked to above) are below and are intended to help Windows PC users to proactively protect themselves.:
- Misfits are attacking older versions of Java but many folks either do not take the time to update Java or just are not sure how to update Java properly.
- Most are unaware that due to the manner in which Java updates have been done over time, full older versions are left on PC’s leaving the vulnerable code available to hackers.
- “Considering that these vulnerabilities all have available updates from Oracle that would prevent these attacks from being successful, this data is a reminder that, in addition to running real-time protection, it is imperative to apply all security updates for software, no matter what your flavor might be.”
The proper method to ‘update’ older versions of Java on XP, Vista, and Windows 7 is to remove ALL versions of Java found in the add/remove programs section and then download and install the latest version. Due to the nature of the patching/updating mechanism used in Java, I strongly suggest that anyone who does not find only the latest version of Java on their PC to remove all the versions they find, reboot, then install the latest version. This makes sure that older insecure code has not been left behind. As of the writing of this post, the latest version is Java 6 Update 22:
Above is the window you will see when prompted to update or when you force a Java update. If you have uninstalled the older versions, you need to go to the Java Download site to download and install the latest version of Java. Again, that is my recommendation.
I would also remind folks of a highly recommended piece of software from Secunia, a well respected security research company, called “Personal Software Inspector”
“The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly “popular” among criminals”
Use PSI to inspect your system for programs that have security patches available but are not installed yet:
Use the link above to download it, update it, and run it. This program will tell you what software requires security related patches or upgrades and provides easy to use links to do so. Many of you will be quite surprised at how many old and insecure programs you have on your PC.