Is your Java up to date?

Is your Java up to date?

Summary: For a long time, the experience of patching Sun's Java software has been less than pleasant. The updates were huge and time consuming, the patching instructions were a mess and, even worse, Sun never removed older, vulnerable versions from the patched machine.

SHARE:

For a long time, the experience of patching Sun's Java software has been less than pleasant. The updates were huge and time consuming, the patching instructions were a mess and, even worse, Sun never removed older, vulnerable versions from the patched machine.

Now it appears that things have been fixed. For starters, the company is offering this very important link that allows users to run a quick scan to determine whether the Java environment installation is up to date.

[ How does Apple get away with this badware behavior? ]

I ran the tool on a Vista installation and not only did it find and patch my Java, it actually removed all remnants of the Update 11 environment.

The update process still has a badware component.  Sun is bundling the MSN Toolbar with the Java patch and it's pre-checked by default.

Ugh!

* Hat tip: ISC Sans diary.

Topics: Emerging Tech, Open Source, Oracle, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

30 comments
Log in or register to join the discussion
  • What about Linux distro's?

    Well, for instance Centos or Fedora you use the alternatives command and you either remove the old version manually or leave it and create new symlinks for the new version. Kind of a pain, then sometimes it works and it don't.

    Thank goodness for open-jdk I am sick of dealing with Sun's Java fiasco with 800 million versions and none of it works correctly...
    Christian_<><
    • OpenJDK is inferior

      I only use Sun Java JRE in my Linux distro's, because OpenJDK is inferior. Only JRE works well on all websites.

      Usually a JRE update like this, appears within one or two weeks in the automatic updates. The keepers of the repositories want to testdrive a new JRE version first, before they add it to the relevant repo.
      pjotr123
      • Open_jdk maybe right now

        On certain sites, however it works for most the only ones I have had any issues is ridiculous sites that require specific versions of java.


        The entire java fiasco is a major pain, what was write once, run anywhere is do NOT upgrade your java version or be stuck with broken non-functioning apps.


        It is time to go open-source on this one, the locked in 900 Trillion Sun Java versions is one word - stupid.
        Christian_<><
        • Gee, it's tough when someone tells it like it really is, eh?

          First you say "sun sucks" in so many words, but thank the Linux Lord for open_jdk. Then someone who obviously knows what they're talking about says JRE is better and your open_jdk is inferior. Then, you're forced to admit that "it ain't so great". If you've had issues with "ridiculous sites", they're ridiculous sites YOU'VE visited. Hmmmmm....
          MGP2
          • Gee, stalker of zdnet

            Are you a stalker, no it is NOT I visited it is internal hp or ibm blade center 'java' based proprietary interfaces, I have never had any issues online or otherwise.

            I am sure with more research I could get it to work, however the beauty of fedora or cent is the /etc/alternatvies command I can change on the fly.


            So why don't you stalk someone else for a while or get some therapy.

            ;)
            Christian_<><
        • Chess

          Of course, in the end the open source solution is better. I'll switch from JRE to OpenJDK as soon as I can play chess with it, on Yahoo Games. :-)
          pjotr123
          • Chess or not, I have performance question...

            When yoou do, could you mail me if OpenJDK is less bloated in memory hogging and CPU usage. I mean other system-independent noncompiled to binary asm run faster & use less memory. Since Java Applets seems to me only even slightly good use fr java today (though flash can do most of it better).

            I used to write Java and before Java 5 it seemed fine. After Java 5 I grew sick of it's slow speed and humongous mem use for what was needed.
            robsku
      • That's called beta testing

        It's apparent that closed source releases products not when they are reay but when they are ready enough.

        It's bettter for security and stability (which go hand in hand) to use programs that have been declared stable first. That's why I use Debian stable and only use stuff from backports or testing repos for debian when I absolutely need something.

        Working system enhances productivity.
        robsku
    • What "fiasco?"

      "I am sick of dealing with Sun's Java fiasco with 800 million versions and none of it works correctly..."

      800 million versions? None of it works correctly?

      This is pretty much news to me.

      But then again, I've never really messed with the *nix versions of Java - but you're the first person I've heard that complains about them.
      CobraA1
      • Nah, he just makes stuff up to suit his argument

        nt
        MGP2
        • MGP2 is a stalker on zdnet

          Attention all please be aware of the stalker mgp2 on here he uses PERSONAL attacks against anyone that does not agree with him.

          caution he is a stalker...

          fyi
          Christian_<><
          • Well, if pointing out facts...

            If pointing out that someone frequently exaggerates (800 million versions?) to try to make their argument, or that someone posts under multiple aliases (what are you really afraid of?), then OK, I guess that makes me a stalker.
            MGP2
      • Unix version works. At least in Linux.

        "[i]But then again, I've never really messed with the *nix versions of Java - but you're the first person I've heard that complains about them.[/i]"

        Unix versions work just like any other. That is badly because of mplemetation of Java on *every* systems. So one could say that it works just as angelic way (if I are say) as it works on OS X. Rumor (they cant always be trusted) is that works as well even Windows (unless someone uses secret NSA backdoor).
        robsku
    • Open-JDK is no good for Eclipse

      I had to change to the Sun Java version because Eclipse IDE ran dead slow when using Open-JDK.

      So until those kind of performance issues are sorted I'm gonna stick with Sun's version.
      DevJonny
  • What about all the previous versions

    is there a Utility to remove ALL previous versions - it's really a pain to manually uninstall all previous versions of Java ... not just the Update 11 Environment ...

    Ludo
    Ludovit
    • Utility to remove old java versions: JavaRa

      JavaRa
      http://raproducts.org/javara.html

      It is not an official Sun program, but seems to work OK. It will remove all previous Java versions in one step. I run it first, then install the latest version.

      -Greg
      Xtomik
      • Perfect !!!

        Thanks very much for the link - it'll save me hours ...

        Derek
        Ludovit
  • You are never going to have them stop pre-checking

    downloads, so it is UP TO THE USER (who shouldn't be stupider than a braindead infant!) and LOOK TO SEE WHAT IS CHECKED!

    That is what I do every time I install something: I actually READ WHAT IS IN THE FARKING BOXES in order to make sure that nothing but what I want on my system is being installed on my system.
    Lerianis
    • Updating software should not be the chore that it is

      First of all, most people simply do not know enough about their own computer to know any better. I know someone who thought a prechecked internet toolbar was a [u]requirement[/u] of the program they were installing. Most people do not have that intimate a knowledge of what should be on a computer, and in this day and age they really shouldn't have to.

      Second, updates should be more automatic. Java's update (and Apple's for that matter) is only semi-automatic. And the sad thing is that it is that way [u]by design[/u] because that's how they try to slip in additional software. If it were an automatic update they wouldn't be able to have a prechecked box in the first place. Today's updates should be out of sight, out of mind, unless the user chooses to do things manually. The fact that many vendors stand in the way of this is one of many sorry states of affairs on the Windows platform. And OS X for that matter.
      Michael Kelly
  • shutdown -9

    In the UK there is an agency with which one can register to stop unsolicited telephone marketing and mailshots. Perhaps we should have the same for software. A vendor guilty of trying to foist unwanted software on a user is liable for a fine.

    I'd like to register for Internet Explorer ;-)

    I also use the Shockwave check at
    http://www.adobe.com/shockwave/welcome/
    and the Flash plugin at
    http://www.macromedia.com/software/flash/about/

    ... and of course ZDNET put us on to:
    http://secunia.com/vulnerability_scanning/
    that does pretty much everything!

    HAND
    jacksonjohn