Removing Old Version of JAVA? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Removing Old Version of JAVA?





| Did you get any feedback from that?

| When vendors bundle a JRE it's their resposibility to update it. It's
| not reasonable to expect Sun's update process to find other installed
| software which might use its own JRE. I've seem advice from Microsoft
| about their own vulnerable redistributable DLLs that are not part of
| the base system, and they say vendors are resposible for notifying or
| providing customers with updates.

Nope.  I provided my "official" email address and nothing from Adobe was
received on this
subject matter.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Removing Old Version of JAVA?





| In dealing with the Antivirus 2008, David H. Lipman had suggested I
| run the vulnerability Scan at
| http://secunia.com/vulnerability_scanning/online to determine what
| software has vulnerabilities and need to be updated/patched to
| mitigate the exploitation of the vulnerabilities.

< snip >

The following question was posed in m.p.s.v ...

"A well-known 'feature' of the Sun Java update process is that it leaves
older versions still installed. Could an old version with a vulnerability
be exploited by the baddies, even when the fixed version has been
installed?"

My response...

I actually posed this question to Information Assurance (IA) experts who use
Harris Stat
and Digital eEye Retina on a regular basis.  The subject matter was why older,
vulnerable,
versions of Sun Java are not removed if there are say 7 ~ 9 versions of Sun Java
in;
C:\Program Files\Java  and listed in the Control Panel applet "Add/Remove
Programs".  The
answer is this, when you install the latest version of Sun Java it will find the
other
versions of Sun Java and patch them to mitigate the vulnerability and thus there
is no
requirement toremove older versions of Sun Java to comply with IA requirements.

At this point I will SUGGEST removing old versions but, it is not required to
mitigate
vulnerabilities, just install the LATEST version to mitigate the existing
vulnerabilities.

You should also NOT manually delete remnant folders if you remove older versions
of Sun
Java from the the Control Panel applet "Add/Remove Programs".  Such software
such as Apple
Quicktime will drop a Java Jar in the folder and set an environemntal variable
pointing to
said Java Jar in that folder.  If you manually remove the folder [ such as
"C:\Program
Files\Java\jre1.6.0_06"  when you have v6 update 7 installed ] you will delete
the Java
Jar and break Apple Quicktime use of said Java Jar.

For example...
You installed Apple Quicktime  when you had JRE v6 update 5 installed.  Apple
Quicktime
will drop its Java Jar in "C:\Program Files\Java\jre1.6.0_05" and set and
evironmental
variable to the Java Jar in "C:\Program Files\Java\jre1.6.0_05".

The only question I have now is when a program bundles an older version of Sun
Java with
its application such as Adobe Acrobat v9.
C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre

The question is if you install say JRE v6 update 7 will it find JRE in;
C:\Program
Files\Adobe\Acrobat 9.0\Designer 8.2\jre  and patch it even though it is not in
C:\Program Files\Java


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline