What is the best way to update my Java?

  • Thread starter Thread starter Nancy
  • Start date Start date
N

Nancy

From a previous thread I read this about installing Java:
--------------------
I don't suggest enabling Sun Java to auto-download new versions. For
Click to expand...
one the new version is installed but the old version has been left
intact. The problem with the is that some Trojans such as the Vundo
have the ability to search the folder; C:\Program Files\Java for
vulnerable versions by traversing the sub-folders.
--
Dave<
---------------------------
So what would be the best way to update my old version of Java?

1. Download the "Online Installation" which is 7.1 MB
2. Download the "Offline Installation" which is 18.23 MB !!!
3. Order the Java CD which I would have no problem with if it would be
a safe way to update my version.

Also, if using the offline or CD installation, should I uninstall the
old version first?

Thank you.

Nancy
 
Hi Nancy - You can get the Sun Java J2SE RunTimes or SDK here:
http://java.sun.com/downloads/index.html (all versions - select using the
dropdown - I recommend that you don't install any version prior to 1.5.0_06
in order to get an important security fix.) This is what I use, BTW. It's
strongly suspected that certain "malware" (Winfixer/Vundo) is making use of
an exploit in earlier versions of the Sun Java JRE if they are present on
your machine even if they are not the selected version of Java that's in
use. Anything earlier than one of the 5.0_XX releases should be removed,
particularly any 3.0_X or 4.0_X versions. Uninstall ALL prior versions -
they are a serious security risk even if you have a later version installed.
See here for affected versions:
http://www.frsirt.com/english/advisories/2006/0467

Sun also offers a download and/or automatic on-line install of just the
1.5.0_XX JRE (1.5.0_07 as of this posting) here:
http://www.java.com/en/download/manual.jsp


--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



|| From a previous thread I read this about installing Java:
|| --------------------
||| I don't suggest enabling Sun Java to auto-download new versions. For
|| one the new version is installed but the old version has been left
|| intact. The problem with the is that some Trojans such as the Vundo
|| have the ability to search the folder; C:\Program Files\Java for
|| vulnerable versions by traversing the sub-folders.
|| --
|| Dave<
|| ---------------------------
|| So what would be the best way to update my old version of Java?
||
|| 1. Download the "Online Installation" which is 7.1 MB
|| 2. Download the "Offline Installation" which is 18.23 MB !!!
|| 3. Order the Java CD which I would have no problem with if it would be
|| a safe way to update my version.
||
|| Also, if using the offline or CD installation, should I uninstall the
|| old version first?
||
|| Thank you.
||
|| Nancy
 
so if auto update downloads a new version just uninstall the old one by
add/remove program files?
and this will not effect the new version?
 
From: "ed" <[email protected]>

| so if auto update downloads a new version just uninstall the old one by
| add/remove program files?
| and this will not effect the new version?

Yes !
 
From: "ed" <[email protected]>

| so if auto update downloads a new version just uninstall the old
| one by add/remove program files?
| and this will not effect the new version?

Yes !
Click to expand...

Just curious -- why doesn't Sun remove old versions by default when a
new one is installed? I know there are users who require multiple VMs,
but ISTM better to make those users take extra measures to keep them
rather than make all users take extra measures to remove them. The
installer could throw up a dialog with checkboxes to remove old
versions, checked by default. Most users never stumble across a thread
like this one, so the old versions with their security flaws just
remain installed.
 
From: "»Q«" <[email protected]>


|
| Just curious -- why doesn't Sun remove old versions by default when a
| new one is installed? I know there are users who require multiple VMs,
| but ISTM better to make those users take extra measures to keep them
| rather than make all users take extra measures to remove them. The
| installer could throw up a dialog with checkboxes to remove old
| versions, checked by default. Most users never stumble across a thread
| like this one, so the old versions with their security flaws just
| remain installed.
|

That's a *very* good question !
One that has been asked over, and over. Especially in light of the fact that the Trojans
who seek out the vulnerable version of Java know that and exploit that fact.
 
Back
Top