dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3621

Pentangle
With our thoughts we make the world.
Premium Member
join:2006-06-01
Vancouver BC

Pentangle to therube

Premium Member

to therube

Re: Patched your Java yet?

said by therube:

Agreed, just not worth it.
Uninstalled from every computer I have access to. If someone needs it, I'll hear about it & deal with it then. Otherwise, bye bye.

+1

Blogger
Jedi Poster
Premium Member
join:2012-10-18

1 edit

Blogger to StuartMW

Premium Member

to StuartMW
OK. Thanks! Two more questions and a comment and we're history on this "problem."

Comment: I find the for a simpleton like me that the Oracle website experience of understanding what exactly it is you need for whatever platform you seeking is about as friendly as a case of hemorrhoids. Going in the front door you all ready have to know quite bit about Java within a certain context.

Question #1: It looks like to me that the proper download for both windows 7 64 bit and OS X 10.6.7 is the file
"Java SE 7u9" Is that correct?

Second, Apple is pretty good through their update checker that you can run easily 24/7 in identifying anything new in key software or drivers that needs updating and they do it for you when you OK it. But they say nothing or do not reference any new updates for Java.

Somewhere a while back in time it is my recollection that it was said by somebody of authority with Apple or OS X or Oracle that Macs use a specialized version of Java. If true that fits why nothing in the Apple software apple updater but it seems totally contradictory to what the portal page you links says. They seem to say the file referenced above is newest safest and the one BOTH Macs and Windows needs.

I wonder if we have any Mac familiar folks here that can comment.

Thanks!

I don't want mess up the mac. I like Windows 7 a lot and use it frequently but the OS X is my main bad boy.

Both OS's have their strengths and weaknesses but my favorite trait of the Mac is its ease to "drive." In terms strictly of ease to drive the Mac is like driving a BMW 7 down the freeway while the Windows is like driving your new F-150 down a beat up Baja dirt road.

Both vehicles are great vehicles doing what they were designed to do and they are doing it well. It's the individual that decides what experience they like based upon their taste and needs!

I want to keep that BMW running down the freeway trouble free.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

said by Blogger:

Question #1: It looks like to me that the proper download for both windows 7 64 bit and OS X 10.6.7 is the file
"Java SE 7u9" Is that correct?

Correct.

Mike
Mod
join:2000-09-17
Pittsburgh, PA

Mike to Blogger

Mod

to Blogger
Oracle and Apple are fighting right now.

You'd want to check on Oracle's site since they're not allowed in the App Store now.

Blogger
Jedi Poster
Premium Member
join:2012-10-18

Blogger to StuartMW

Premium Member

to StuartMW
As a first time visitor to the Oracle web site in search of the right Java update for both my Windows and OS X I found the site very cold, and unfriendly plus dry and not user friendly.

I successfully downloaded and installed the 90 MB update for Windows.

I successfully downloaded the 140 MB update that Oracle instructed me for the Mac. When I went to install it then, and only then the Oracle web site told me sorry this doesn’t work on your version of OS X. What’s wrong with this picture?

Mike
Mod
join:2000-09-17
Pittsburgh, PA

1 recommendation

Mike

Mod

Oracle's website is horrible.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav to StuartMW

Premium Member

to StuartMW
Thanks Stuart, unless Dustyn poops pellets, DLSR is actually run by aliens. I mean Foreigners ;-P ( To use the US vernacular describing others including us northern neighbours)

StuartMW
Premium Member
join:2000-08-06

1 edit

StuartMW

Premium Member

Nothing wrong with being an Alien If you go to TX you'll be a Ferriner
TheWiseGuy
Dog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA

TheWiseGuy to StuartMW

MVM

to StuartMW
Sorry is there a reason not to use

»www.java.com/en/

Thanks

DrStrange
Technically feasible
Premium Member
join:2001-07-23
Bristol, CT

DrStrange to StuartMW

Premium Member

to StuartMW
I'm about halfway through the machines at work. Got the machines with Java, Flash and Shockwave first, the rest are just Java.

norwegian
Premium Member
join:2005-02-15
Outback

norwegian to StuartMW

Premium Member

to StuartMW
Just about to sort out the 1 or 2 that have it, but happily avoiding running it at all on others.

therube
join:2004-11-11
Randallstown, MD

therube to TheWiseGuy

Member

to TheWiseGuy
That site is fine.
It is actually easier & clearer for what most people will want.
By default (at least for Windows) it will download a stub installer, but there is also a link to the full installers.

Java Downloads for All Operating Systems

Also, JavaScript is not Java.

chrisretusn
Retired
Premium Member
join:2007-08-13
Philippines

chrisretusn to StuartMW

Premium Member

to StuartMW
Yes I have updated (OpenJDK). I am not going to get rid of it. I have several programs that need Java. I am not afraid. I am not worried.
said by ISC Diary | Patched your Java yet? by Daniel Wesemann :
In short, if your Java JRE is unpatched, you will get hacked. Silently and stealthily. The bad guys will grab all your passwords for a week or so. And then, they will move in, and change your life.
What a bunch of bullony. I was uppatched for a while, on more than one occasion, nothing of the sort has happened. Java is not evil.

mromero
Premium Member
join:2000-12-07
Fullerton, CA

mromero to StuartMW

Premium Member

to StuartMW
ended up deleting it, not worth the risk for the 2 sites i needed it for.

koira
Hey Siri Walk Me
Premium Member
join:2004-02-16

koira to Blogger

Premium Member

to Blogger
said by Blogger:

As a first time visitor to the Oracle web site in search of the right Java update for both my Windows and OS X I found the site very cold, and unfriendly plus dry and not user friendly.

I successfully downloaded and installed the 90 MB update for Windows.

I successfully downloaded the 140 MB update that Oracle instructed me for the Mac. When I went to install it then, and only then the Oracle web site told me sorry this doesn’t work on your version of OS X. What’s wrong with this picture?

we have a Mac book pro running snow leopard , an update for Java was available this morning on the apple menu / software update

Blogger
Jedi Poster
Premium Member
join:2012-10-18

1 edit

Blogger

Premium Member

Thanks for the info! Do you have Snow Leopard 10.6.7 or 10.6.8?

Incidentally in the Oracle clear listing of the most current Java update file for all the OS platforms it simply had one for mac. It didn't address the issue of what version of OS X.

After the download is said that the latest version was only for OS Lion. I would have mentioned that somewhere before the 140 mb download. Also, what does that mean for OS Mountain Lion if the latest Java is for Lion?

koira
Hey Siri Walk Me
Premium Member
join:2004-02-16

koira

Premium Member

here is a link for 10.6.8 update
not sure if it will update all 10.6.X

»support.apple.com/kb/DL1573

Blogger
Jedi Poster
Premium Member
join:2012-10-18

Blogger

Premium Member

Thanks again. See my last post typed while you were posting you last post that I did not see until after I made my post about the Lion v Mountain Lion issue.

koira
Hey Siri Walk Me
Premium Member
join:2004-02-16

koira

Premium Member

sorry, Blogger not clear are you good to go ?

if not look here for all the latest security updates for apple as of Nov 1

»support.apple.com/kb/HT1222

Blogger
Jedi Poster
Premium Member
join:2012-10-18

Blogger

Premium Member

I have all the latest updates available for 10.6.7. My Apple Software update confirms that.

The issue I was trying to make about Lion and Mountain Lion is if you go to the Oracle Website it lists the absolute most current Java update for both "mac" and Windows which is JDK 7u9.

Windows downloads fine. The "Mac" version downloads fine but when you go to install it says the version is only good for OS X Lion. (So its no good for Snow Leopard.) My question is where does that leave Mountain Lion?

Sorry if I'm being too convoluted.

norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member

It is a good question.

Mac OS X System Requirements:

•Intel-based Mac running Mac OS X 10.7.3 (Lion) or later.*
•Administrator privileges
•64-bit browser

Note: Installing Java on a Mac is performed on a system wide basis, for all users, and administrator privileges are required. You cannot install Java on a single-user basis.
A 64-bit browser (Safari or Firefox, for example) is required to run Java 7 on Mac OS X. Java 7 does not support 32-bit browsers such as Chrome on the Mac platform.


* Users with Mac OS X versions 10.6 and below should go to Software Update under the Apple menu to look for updates.

»www.java.com/en/download ··· q-sm.jsp

So it seems you will have to wait till Apple resolves it.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to StuartMW

Premium Member

to StuartMW
On my home computers I have it installed, but disabled in my browsers. I've either updated it or turned off updates, since it's not nagging me. Can't really be bothered to check, I only use it for Minecraft.

On my work computer however I'm unable to update it, since the update breaks certain software we need. Yeah, really. Oops.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to StuartMW

Premium Member

to StuartMW
What does this mean?

"JavaFX 2.2.3 is now bundled with the JDK on Windows, Mac and Linux x86/x64." The site says JavaFX is for Enterprise users so why is it bundled with JDK? And why do I have to download a DEVELOPMENT KIT? Where's plain Java download for users? I am not developing Java applications!

What's that "Next Release - Early Access" one? A beta version?

I'm asking because I want to know what I am doing when my new machine arrives and I need to install Java right away so I can do some speed tests. Last time I upgraded Java, it was Sun Java years ago. So, Oracle's site is new to me. I actually like Oracle's site much better than Sun's Java site (used to be when I was updating my old Sun Java) as Oracle's is nice and clean and business like.

Actually, this is what users want:

»www.java.com/en/download ··· ndex.jsp

It reminds me of the old Sun site to get Java but Oracle has not cluttered the site like Sun did. It is a nicer site now. But why are you recommending download of JDK?

chachazz
Premium Member
join:2003-12-14

1 recommendation

chachazz

Premium Member

JDK - Java Development Kit.

Whether downloading from java.com or Oracle, consumer/desktop use is the JRE...Java Runtime Environment.

Early Access - development builds.

Selenia
Gentoo Convert
Premium Member
join:2006-09-22
Fort Smith, AR

Selenia to StuartMW

Premium Member

to StuartMW
Makes me glad I run the openjdk on all computers. Much less exploits against it and runs everything I need for Java very well.
mysec
Premium Member
join:2005-11-29

mysec to StuartMW

Premium Member

to StuartMW

Patched your Java yet?


No because I like to test the exploits in the Exploit Kits and a Java exploit is always included.

but if you haven't


quote:
In short, if your Java JRE is unpatched, you will get hacked. Silently and stealthily. The bad guys will grab all your passwords for a week or so. And then, they will move in, and change your life.
»isc.sans.edu/diary/Patch ··· t+/14428

A bit alarmist, methinks.

That conclusion in the Diary followed this assessment:
quote:
Looking through the logs even further back, we were able to determine that the original infection had happened when the user visited a - perfectly benign - newspaper web site, which at the time apparently was featuring a poisoned advertisement banner somewhere within the page content. The entire attack happened compeletely stealthily, there is nothing the user could have seen or done (maybe with the exception of Java popping up in the tray, but who pays attention to that?)
(my bolding)

Sorry, but there is much the user could have done, starting with keeping the Java plugin disabled unless a known site requires it. (my policy)

Also, the analysis revealed a malicious binary executable on the victim's machine from the attack, indicating that there was no protection in place to alert/block unauthorized executables from a remote code execution (drive-by) attack.

Thus, two significant shortcomings in the user's security strategy.

Continuing from the Diary:
quote:
In the case at hand, it was an e-banking application, of all things, that did not yet work with Java JRE 7, and had kept the user from upgrading his Java JRE.

No one I know accepts the notion that having an application up-to-date makes the user immune from attack. Too much "0-day" stuff in the past refutes that contention. From 2-1/2 years ago:

Inside the Java 0-Day Exploit
April 16, 2010
quote:
The Java flaw, which Google researcher Tavis Ormandy disclosed publicly on April 9, was patched by Sun yesterday with an emergency out-of-cycle fix after evidence surfaced that it was being exploited on one Web site. But researchers at FireEye have seen some other sites using the exploit against visitors, as well.

That page performs a drive-by download that installs a Trojan downloader on the victim's machine.
[trojan downloader = binary executable]


The Diary's Bottom Line conclusions are good advice, but the assumptions drawn from the analysis of the attack are a bit far-reaching, IMHO.


----
rich