dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3394
share rss forum feed


Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
kudos:2
reply to therube

Re: Patched your Java yet?

said by therube:

Agreed, just not worth it.
Uninstalled from every computer I have access to. If someone needs it, I'll hear about it & deal with it then. Otherwise, bye bye.

+1


Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..

1 edit
reply to StuartMW

OK. Thanks! Two more questions and a comment and we're history on this "problem."

Comment: I find the for a simpleton like me that the Oracle website experience of understanding what exactly it is you need for whatever platform you seeking is about as friendly as a case of hemorrhoids. Going in the front door you all ready have to know quite bit about Java within a certain context.

Question #1: It looks like to me that the proper download for both windows 7 64 bit and OS X 10.6.7 is the file
"Java SE 7u9" Is that correct?

Second, Apple is pretty good through their update checker that you can run easily 24/7 in identifying anything new in key software or drivers that needs updating and they do it for you when you OK it. But they say nothing or do not reference any new updates for Java.

Somewhere a while back in time it is my recollection that it was said by somebody of authority with Apple or OS X or Oracle that Macs use a specialized version of Java. If true that fits why nothing in the Apple software apple updater but it seems totally contradictory to what the portal page you links says. They seem to say the file referenced above is newest safest and the one BOTH Macs and Windows needs.

I wonder if we have any Mac familiar folks here that can comment.

Thanks!

I don't want mess up the mac. I like Windows 7 a lot and use it frequently but the OS X is my main bad boy.

Both OS's have their strengths and weaknesses but my favorite trait of the Mac is its ease to "drive." In terms strictly of ease to drive the Mac is like driving a BMW 7 down the freeway while the Windows is like driving your new F-150 down a beat up Baja dirt road.

Both vehicles are great vehicles doing what they were designed to do and they are doing it well. It's the individual that decides what experience they like based upon their taste and needs!

I want to keep that BMW running down the freeway trouble free.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by Blogger:

Question #1: It looks like to me that the proper download for both windows 7 64 bit and OS X 10.6.7 is the file
"Java SE 7u9" Is that correct?

Correct.
--
Don't feed trolls--it only makes them grow!


Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
reply to Blogger

Oracle and Apple are fighting right now.

You'd want to check on Oracle's site since they're not allowed in the App Store now.



Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..
reply to StuartMW

As a first time visitor to the Oracle web site in search of the right Java update for both my Windows and OS X I found the site very cold, and unfriendly plus dry and not user friendly.

I successfully downloaded and installed the 90 MB update for Windows.

I successfully downloaded the 140 MB update that Oracle instructed me for the Mac. When I went to install it then, and only then the Oracle web site told me sorry this doesn’t work on your version of OS X. What’s wrong with this picture?



Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1

1 recommendation

Oracle's website is horrible.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to StuartMW

Thanks Stuart, unless Dustyn poops pellets, DLSR is actually run by aliens. I mean Foreigners ;-P ( To use the US vernacular describing others including us northern neighbours)



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

Nothing wrong with being an Alien If you go to TX you'll be a Ferriner

TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3
reply to StuartMW

Sorry is there a reason not to use

»www.java.com/en/

Thanks



DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1
reply to StuartMW

I'm about halfway through the machines at work. Got the machines with Java, Flash and Shockwave first, the rest are just Java.



norwegian
Premium
join:2005-02-15
Outback
reply to StuartMW

Just about to sort out the 1 or 2 that have it, but happily avoiding running it at all on others.



therube

join:2004-11-11
Randallstown, MD
reply to TheWiseGuy

That site is fine.
It is actually easier & clearer for what most people will want.
By default (at least for Windows) it will download a stub installer, but there is also a link to the full installers.

Java Downloads for All Operating Systems

Also, JavaScript is not Java.



chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast
reply to StuartMW

Yes I have updated (OpenJDK). I am not going to get rid of it. I have several programs that need Java. I am not afraid. I am not worried.

said by ISC Diary | Patched your Java yet? by Daniel Wesemann :
In short, if your Java JRE is unpatched, you will get hacked. Silently and stealthily. The bad guys will grab all your passwords for a week or so. And then, they will move in, and change your life.
What a bunch of bullony. I was uppatched for a while, on more than one occasion, nothing of the sort has happened. Java is not evil.
--
Chris
Living in Paradise!!


mromero
Premium
join:2000-12-07
The O.C.
kudos:1
reply to StuartMW

ended up deleting it, not worth the risk for the 2 sites i needed it for.



koira
Keep Fighting Michael
Premium
join:2004-02-16
Reviews:
·Start Communicat..
reply to Blogger

said by Blogger:

As a first time visitor to the Oracle web site in search of the right Java update for both my Windows and OS X I found the site very cold, and unfriendly plus dry and not user friendly.

I successfully downloaded and installed the 90 MB update for Windows.

I successfully downloaded the 140 MB update that Oracle instructed me for the Mac. When I went to install it then, and only then the Oracle web site told me sorry this doesn’t work on your version of OS X. What’s wrong with this picture?

we have a Mac book pro running snow leopard , an update for Java was available this morning on the apple menu / software update


Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..

1 edit

Thanks for the info! Do you have Snow Leopard 10.6.7 or 10.6.8?

Incidentally in the Oracle clear listing of the most current Java update file for all the OS platforms it simply had one for mac. It didn't address the issue of what version of OS X.

After the download is said that the latest version was only for OS Lion. I would have mentioned that somewhere before the 140 mb download. Also, what does that mean for OS Mountain Lion if the latest Java is for Lion?



koira
Keep Fighting Michael
Premium
join:2004-02-16

here is a link for 10.6.8 update
not sure if it will update all 10.6.X

»support.apple.com/kb/DL1573



Blogger
Jedi Poster
Premium
join:2012-10-18

Thanks again. See my last post typed while you were posting you last post that I did not see until after I made my post about the Lion v Mountain Lion issue.



koira
Keep Fighting Michael
Premium
join:2004-02-16

sorry, Blogger not clear are you good to go ?

if not look here for all the latest security updates for apple as of Nov 1

»support.apple.com/kb/HT1222



Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..

I have all the latest updates available for 10.6.7. My Apple Software update confirms that.

The issue I was trying to make about Lion and Mountain Lion is if you go to the Oracle Website it lists the absolute most current Java update for both "mac" and Windows which is JDK 7u9.

Windows downloads fine. The "Mac" version downloads fine but when you go to install it says the version is only good for OS X Lion. (So its no good for Snow Leopard.) My question is where does that leave Mountain Lion?

Sorry if I'm being too convoluted.



norwegian
Premium
join:2005-02-15
Outback

It is a good question.

Mac OS X System Requirements:

•Intel-based Mac running Mac OS X 10.7.3 (Lion) or later.*
•Administrator privileges
•64-bit browser

Note: Installing Java on a Mac is performed on a system wide basis, for all users, and administrator privileges are required. You cannot install Java on a single-user basis.
A 64-bit browser (Safari or Firefox, for example) is required to run Java 7 on Mac OS X. Java 7 does not support 32-bit browsers such as Chrome on the Mac platform.


* Users with Mac OS X versions 10.6 and below should go to Software Update under the Apple menu to look for updates.

»www.java.com/en/download/mac_sysreq-sm.jsp

So it seems you will have to wait till Apple resolves it.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to StuartMW

On my home computers I have it installed, but disabled in my browsers. I've either updated it or turned off updates, since it's not nagging me. Can't really be bothered to check, I only use it for Minecraft.

On my work computer however I'm unable to update it, since the update breaks certain software we need. Yeah, really. Oops.
--
Think Outside the Fox.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to StuartMW

What does this mean?

"JavaFX 2.2.3 is now bundled with the JDK on Windows, Mac and Linux x86/x64." The site says JavaFX is for Enterprise users so why is it bundled with JDK? And why do I have to download a DEVELOPMENT KIT? Where's plain Java download for users? I am not developing Java applications!

What's that "Next Release - Early Access" one? A beta version?

I'm asking because I want to know what I am doing when my new machine arrives and I need to install Java right away so I can do some speed tests. Last time I upgraded Java, it was Sun Java years ago. So, Oracle's site is new to me. I actually like Oracle's site much better than Sun's Java site (used to be when I was updating my old Sun Java) as Oracle's is nice and clean and business like.

Actually, this is what users want:

»www.java.com/en/download/index.jsp

It reminds me of the old Sun site to get Java but Oracle has not cluttered the site like Sun did. It is a nicer site now. But why are you recommending download of JDK?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 recommendation

JDK - Java Development Kit.

Whether downloading from java.com or Oracle, consumer/desktop use is the JRE...Java Runtime Environment.

Early Access - development builds.
--
Gladiator Security Forum: www.gladiator-antivirus.com/



Selenia
I love Debian
Premium
join:2006-09-22
Fort Smith, AR
kudos:2
reply to StuartMW

Makes me glad I run the openjdk on all computers. Much less exploits against it and runs everything I need for Java very well.


mysec
Premium
join:2005-11-29
kudos:4
reply to StuartMW

Patched your Java yet?


No because I like to test the exploits in the Exploit Kits and a Java exploit is always included.

but if you haven't


quote:
In short, if your Java JRE is unpatched, you will get hacked. Silently and stealthily. The bad guys will grab all your passwords for a week or so. And then, they will move in, and change your life.
»isc.sans.edu/diary/Patched+your+···t+/14428

A bit alarmist, methinks.

That conclusion in the Diary followed this assessment:

quote:
Looking through the logs even further back, we were able to determine that the original infection had happened when the user visited a - perfectly benign - newspaper web site, which at the time apparently was featuring a poisoned advertisement banner somewhere within the page content. The entire attack happened compeletely stealthily, there is nothing the user could have seen or done (maybe with the exception of Java popping up in the tray, but who pays attention to that?)
(my bolding)

Sorry, but there is much the user could have done, starting with keeping the Java plugin disabled unless a known site requires it. (my policy)

Also, the analysis revealed a malicious binary executable on the victim's machine from the attack, indicating that there was no protection in place to alert/block unauthorized executables from a remote code execution (drive-by) attack.

Thus, two significant shortcomings in the user's security strategy.

Continuing from the Diary:

quote:
In the case at hand, it was an e-banking application, of all things, that did not yet work with Java JRE 7, and had kept the user from upgrading his Java JRE.

No one I know accepts the notion that having an application up-to-date makes the user immune from attack. Too much "0-day" stuff in the past refutes that contention. From 2-1/2 years ago:

Inside the Java 0-Day Exploit
April 16, 2010
quote:
The Java flaw, which Google researcher Tavis Ormandy disclosed publicly on April 9, was patched by Sun yesterday with an emergency out-of-cycle fix after evidence surfaced that it was being exploited on one Web site. But researchers at FireEye have seen some other sites using the exploit against visitors, as well.

That page performs a drive-by download that installs a Trojan downloader on the victim's machine.
[trojan downloader = binary executable]


The Diary's Bottom Line conclusions are good advice, but the assumptions drawn from the analysis of the attack are a bit far-reaching, IMHO.


----
rich