Java Security Vulnerabilities
I keep getting warnings on my screen that I need a Java software update, but I'm not sure if this is safe to do, or if I really need it. Will I be more vulnerable to security threats if I keep ignoring these popups?
Is Your Java Software Secure?
Just like in a good mystery, the culprit is always the last one you suspect. Most people think spam is the biggest threat to their online security; actually, the volume of spam is declining worldwide and spam filters do an excellent job. Last year, Adobe PDF files made headlines for a security hole that left anyone who read a PDF open to identity theft. But hackers actually launched 3.5 times more attacks against holes in another, unassuming program that is probably installed on your computer right now.
The Java Runtime Environment (JRE or just "Java") is a free add-on program available from Sun Microsystems. It enables the execution of Web applications written in the Java programming language. Java is widely used by Web developers because it is platform-independent - meaning that Java apps will run on any operating system, even mobile operating systems such as Android or Windows Mobile. It is likely that your Web browser prompted you to download and install Java shortly after you began surfing the Web.
Most people install Java and then forget about it. The JRE does not load unless it is needed and it does its work invisibly. To see if Java is installed on your Windows PC, check the list of installed programs in the Add/Remove Programs area of Control Panel. You might see more than one version of Java installed, and that is part of the problem.
Updates, including security patches, for Java are made available several times per year. You may see a notification balloon saying that a Java update is available and asking permission to install it. Many people don't install Java updates because a) they don't recall what Java is; b) things seem to be working fine without any update; and c) downloading and installing the update takes time.
How to Keep Your Java Software Updated
But you really should install Java updates as soon as they become available. Updates are most often issued to close security holes that leave your computer vulnerable to hackers. In April, 2010, a serious leak in Java was discovered that would allow hackers to completely take over an exploited PC. The hole was patched in a Java update. Did you get it?
Unfortunately, that was the last Java vulnerability and update that got much mainstream press coverage. Java isn't "news" like Windows, whose routine monthly updates are hard to miss in the computer press.
Another security issue with Java seems to be sloppy programming of the update installer. Two issues have been identified. Sometimes a Java update reports to the user that it has been successfully installed when, in fact, it hasn't been installed. Another glitch is the Java installer's tendency leave older versions of Java installed even when the latest update has been installed successfully. The older version is still vulnerable to hacker attacks.
To protect yourself against Java exploits, go to the Java site and verify your Java version number. This will tell you if the latest version of Java is installed, and prompt you if you need to uninstall any older versions of Java. To remove an old version of Java on Windows 7 or Vista, click on Start / Control Panel / Programs / Uninstall. On Windows XP, click on Start / Control Panel / Add/Remove Programs.
Moving forward, always take the time to install a Java update when it is offered. And afterwards, check to see if any outdated versions need to be removed.
Do you have something to say about Java security vulnerabilites? Post your comment or question below...
This article was posted by Bob Rankin on 4 Feb 2011
|For Fun: Buy Bob a Snickers.|
Has Your Wireless Router Been Hacked?
The Top Twenty
The Internet Is Full... Go Away
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Java Security Vulnerabilities (Posted: 4 Feb 2011)
Copyright © 2005 - Bob Rankin - All Rights Reserved