Secunia software inspector

  • Thread starter Thread starter Guest
  • Start date Start date
Hello Bob and Dave,

Bob, no I went to www.java.com ((Bob, the instructions at Secunia DO
actually specify www.java.com, not http://java.sun.com/ ) and clicked on the
Download radio button. Clicking on that took me to
http://java.com/en/download/windows_ie.jsp and the page is entitled:

DOWNLOAD using Internet Explorer browser
JAVA SOFTWARE FOR WINDOWS

Download Details

FREE - Java Runtime Environment Version 5.0 Update 9
(filesize: ~7.1MB)
Approximate download times:
Low-bandwidth ~40 minutes
High-bandwidth ~ 3 minutes

I ran the online install from that page, and my computer showed that Java
Version 1.5.0 (build 1.5.0_09-b03) was installed.

Then, after reading your and Dave M's replies here, I uninstalled Java
Version 1.5.0 via the Control Panel and I went to
http://java.sun.com/javase/downloads/index.jsp and downloaded the JDK 6 --
The Java SE Development Kit (JDK) file: "jre-6-windows-i586.exe." I
installed Java using THAT file. The installation went fine and I went back
to Secunia: Once more I was told that I didn't have Java installed, and I
should go to www.java.com to get the latest version of Java.

Anyway, I was still determined so I went to the
http://www.java.com/en/download/manual.jsp link that Dave provided and
downloaded the "jre-1_5_0_09-windows-i586-p-s.exe" file. Once again I
uninstalled Java Version 1.5.0 via the Control Panel and re-installed Java
using the latest (jre-1_5_0_09-windows-i586-p-s.exe) installation file. The
installation went fine. I closed IE6 and re-launched IE6 and I went to the
"Test Your Java Installation page" at
http://www.java.com/en/download/ins...icrosystems+Inc.&os=Windows+XP&os_version=5.1

I was cheerfully assured by Sun (:>) that:
"We detected your Java environment as follows;
Description Your Environment

Java Runtime Vendor: Sun Microsystems Inc.
Java Runtime Version 1.5.0_09

CONGRATULATIONS, you have the Latest version of Java!"

So...back to Secunia Inspector I went. I clicked on the "Start Now" radio
button. This time I was NOT told that I didn't have Java installed, and it
took me to the next page where I clicked on the "Start Now" radio button. I
saw the message: "Status / Currently Processing:" appear. About a minute
later I received the message that: "There might be problems loading the Java
Applet in your browser."

It sounds like I'm making progress...... :> :>

Alan
 
Latest For those who are following this saga, I'm back to getting a
message telling me that I don't have Java installed, and I should go to
www.java.com to get the latest version of Java, when I click on the Start
Now button at Secunia.

And the "Test Your Java Installation page" reassures me that I have the
latest version of Java.

I think I'll do something REALLY important now, like sort my sock drawer.

Alan
 
Alan,

Uninstall that vulnerability magnet quick, before you really have problems!

I tried the link myself and the second it told me it required that useless
Sun Java c**p, I wrote it off as pointless. I'd rather research the updates
myself than open myself to future exploits from such a known swamp.
Fortunately, I've got an old W2K PC with the [limited] built-in Java that
hasn't had an exploit in quite a while, but is kept up to date by Windows
Update itself.

The funny thing here is that you can reference the same site (Secunia) to
find proof of exactly this issue with the software they're requiring you to
install to find out of date, vulnerable software. I think this is laughable
myself.

Vulnerability Report: Sun Java JRE 1.4.x
26 Secunia Advisories in 2003-2006
http://secunia.com/product/784/?task=advisories

Fundamental truth - the more software you install, the higher the likelyhood
that you will have acquired something with a vulnerability that is
exploitable. This includes even antimalware software, as we've seen quite
clearly over the last few years.

Vulnerability Report: Symantec Norton AntiVirus 2005
6 Secunia Advisories in 2003-2006
http://secunia.com/product/4009/?task=advisories

Vulnerability Report: McAfee VirusScan 9.x/2005
3 Secunia Advisories in 2003-2006
http://secunia.com/product/4792/?task=advisories

Bitman
 
Alan said:
I think I'll do something REALLY important now, like sort my sock drawer.

Enough time to get your socks sorted?

I guess the thing to do now would be to remove any and all existing versions
of java then go here:
https://sdlc2a.sun.com/ECom/EComActionServlet;jsessionid=42A35E162A3A78B2265CBAAB03244EFE

I know 1.5.09 is listed as the latest, but they seem to be a bit slow
updating. This link will give you 1.6.0 release. This is release software.
It is not a beta.

Bob Vanderveen
 
Anonymous Bob said:
I guess the thing to do now would be to remove any and all existing versions
of java then go here:
https://sdlc2a.sun.com/ECom/EComActionServlet;jsessionid=42A35E162A3A78B2265CBAAB03244EFE

I know 1.5.09 is listed as the latest, but they seem to be a bit slow
updating. This link will give you 1.6.0 release. This is release software.
It is not a beta.

Bob Vanderveen
Bob,

Along with your note about the slow site information updates, they also have
an automatic update (notification?) system that's known to be flaky, and a
lack of clear upward compatibility that results in the potential requirement
to leave multiple older versions on the PC.

Though the most recent versions have been getting better, they've also had
significant numbers of vulnerabilities that required updates where they
recommend exactly the opposite, to remove all older versions. However, this
must be done manually and is often unknown or ignored by most users,
resulting in significant numbers of infections reaching the manual malware
removal support sites.

As I understand it, Windows XP doesn't contain a Microsoft delivered Java
SDK, which is why the Sun SDK must be installed to provide one. The less
capable Java SDK included with earlier versions of Windows was the reason for
both its smaller list of vulnerabilities and the suit by Sun which forced
Microsoft to remove it from future products.

Microsoft Reaches Agreement to Settle Contract Dispute With Sun Microsystems
http://www.microsoft.com/presspass/press/2001/jan01/01-23sunpr.mspx

Since then, Microsoft has fully developed its .NET devlopment platform for
operation on the Windows 2000, XP, 2003, and Vista platforms. Since the older
Win 9x/ME platforms are no longer supported, this makes the Sun Java platform
irrelavant in the future. Few widely distributed applications were ever
produced using the platform anyway, other than some network management tools
and malware of course.

Other than a few animations on web sites, I've never seen much reason for
the average user to install the Sun SDK, since no commercial site would take
the risk of alienating those who don't have it installed. MSDN has been
providing tools and support for those with in house applications to port to
..NET for several years now, so I doubt that Java will ever recover from the
foolish mistake Sun made when they sued Microsoft back in 1997.

Bitman
 
Alan said:
Latest For those who are following this saga, I'm back to getting a
message telling me that I don't have Java installed, and I should go to
www.java.com to get the latest version of Java, when I click on the Start
Now button at Secunia.

And the "Test Your Java Installation page" reassures me that I have the
latest version of Java.

I think I'll do something REALLY important now, like sort my sock drawer.

Alan
 
Hi suebee,

I'm not sure if you were replying to me and your reply got cut off, but let
me provide an update to you and others who may have been following my
adventure.

After I sorted my sock drawer last night (just kidding, I actually went out
for a pizza), I made a decision. First thing this morning I uninstalled the
very latest version of Sun Java from my machine.

And I'm going to try very hard to forget there is a
http://secunia.com/software_inspector site, so I'll never be tempted to go
through this exercise in futility again.

Thanks to all who offered suggestions.

Alan
 
Alan said:
Hi suebee,

I'm not sure if you were replying to me and your reply got cut off, but let
me provide an update to you and others who may have been following my
adventure.

After I sorted my sock drawer last night (just kidding, I actually went out
for a pizza), I made a decision. First thing this morning I uninstalled the
very latest version of Sun Java from my machine.

And I'm going to try very hard to forget there is a
http://secunia.com/software_inspector site, so I'll never be tempted to go
through this exercise in futility again.

Thanks to all who offered suggestions.

Alan
Hi Alan, Yes I was replying to you. I was trying to explain,maybe not clearly that when I ran the inspector tool today earlier versions of flash that appeared in the report did not do so today. I did not make any changes but the results were different. As I said before I am skeptical about these results and I will be staying away from that site also. My point about java was in Firefox I did not have it enabled by checking the box in options so I received similar messages to yours from the inspector tool , after checking the box to enable java my installed version showed up on the report. In Internet Explorer I have the default settings so did not have a problem.
 
Back
Top