KachiWachi
join:2004-02-12
PA, USA
| Updating JAVA - MS/Sun
With all the posts on JAVA recently, I don't think any mentioned uninstalling your version of MS JAVA...if it is installed.
Any problems leaving it as is, or should (must) it be removed?
Is it vulnerable to attacks in the same way that leaving an older version of Sun JAVA installed is?
Helpful links -
How to uninstall MS JAVA (from Sun) »www.java.com/en/download/help/un···msvm.xml
MS JAVA uninstall tool »www.mvps.org/marksxp/WindowsXP/java.php |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| At the moment i don't think there is any reason to remove MS Java if installed. I'm not aware if there are any exploits for the latest version but if they were MS will still patch it (but they will stop support eventually). Some site still work better with MS Java so another reason to leave it there a bit longer.
Cudni |
|
Libra
Premium
join:2003-08-06
USA | reply to KachiWachi
There was a Windows Update for the MS Virtual Machine back in July: my notes indicate JView Profiler (kb 903235) MS05-037 re Javaproxy dll. I don't think it was an actual fix, but it set a kill bit.
Sincerely, Libra |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
 ·Comcast
 ·AT&T Southwest
| reply to KachiWachi
I might be mistaken here but if one installs SP2 on a WinXp machine it removes JVM. I do know that a slipstreamed WinXP/SP2 cd does not install JVM. So if MS removes it you would think removing it would be the smart thing to do.
Is is my understanding the MS no longer supports JVM and only retains support for vendor/software specific backwards compatibility. Even MS's own site recommends installing Java. |
|
FoMoCo
466 C.I.D.
join:2001-01-10
Grand Rapids, MI
| reply to KachiWachi
I installed the latest then un-installed what I thoughts was the older version.Looked again and theres this in the pic.Is it ok to remove the 3 java 2 run times?
--
When life becomes a drag - floor it - Galaxie 500 |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
·Comcast
·AT&T Southwest
| Yes those are the vulnerable versions. The Java installer leaves much to be desired. If I was you I would just uninstall it all, reboot and then reinstall the latest 5 v6 update again. Just to be sure nothing in the new installation gets uninstalled. For me I always uninstall the older version before installing the new one. |
|
PatC
join:2004-10-21
| reply to KachiWachi
Following a recent settlement Microsoft are now able to issue security updates for their Java VM until Dec 31, 2007. Originally support was due to end in September 2004.
Source: »www.mvps.org/marksxp/WindowsXP/java.php |
|
Hoss
Sauters A Walrus
join:2000-10-05
Tulsa, OK | I won't use Sun's Java..it mucks up my dual monitor display at the house and locks some of my programs up tight.
So until they make it as seamless and MS made their VM, I'm stickin with the Virtual Machine. |
|
KachiWachi
join:2004-02-12
PA, USA | reply to KachiWachi
It is my understanding that the MS JAVA is based on Sun JAVA. As to what version...I don't know.
This is the reason I brought it up. Maybe something to look into further? |
|
KachiWachi
join:2004-02-12
PA, USA
| reply to KachiWachi
I was correct in my previous post.
»www.java.com/en/download/help/testvm.xml reports MS Java as version 1.1.4.
"Because Microsoft's JVM is based on Sun's outdated version 1.1.4, the majority of users may not have full access to the technology's capabilities." »news.com.com/2100-1001-271758.html
Good article on Java and its history »en.wikipedia.org/wiki/Java_progr···language |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25 | reply to KachiWachi
Java, not JAVA.
I'm picky. It is Java, not JAVA.  |
|
KachiWachi
join:2004-02-12
PA, USA | reply to KachiWachi
Re: Updating JAVA - MS/Sun
I know...you'll see I corrected that in my last post. I won't worry about the others...  |
|
sawman
Premium
join:2002-04-25
BC KS
·Mediacom
| I have two listings in add/remove programs. J2SE Runtime environment 5.0 update 6 and Java 2 Runtime Environment SEv1.4.2_04. The first is Sun and the second MS? Thought I'd uninstalled ms java but is this a phantom listing to regedit out?
Latest Sun java update slows the hell out of opening IE with it's BHO in conjunction with Webroot's SpySweeper. I currently have the BHO disabled in SpySweeper till they solve the problem. Any word? |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
4 edits | reply to KachiWachi
I Think it's IMPORTANT to Note that the UPDATE everyone is talking about is a DEVELOPER update NOT a normal consumer update, more info in this thread:
»Java 2 Platform Standard Edition 5.0 Update 6
One suggestion to be safe, is to CHECK what configuration settings are checked as well as what APPLICATIONS/APPLETS are registered in Java, some can be dangerous, default settings would vary IF you updated from the developer area vs the Consumer area ("As They Call it").
The Method to do this is:
1. Right click on the Java applet, and choose "Open Control Panel".
2. Just for Safety, click on the Network Settings button and make sure it is set to use browser settings.
3. Click on the Settings Button then click on the View Applications button, make sure you check BOTH the User and System Tabs ("They should be empty normally"). Close that window.
4. Click on the Applet Button, By default the ALLOW Cache check box is CHECKED ("I would un-check it") look and see if you see anything from ODD sites. Close that window.
5. On the control panel, I would click delete files, all check boxes should be checked.
6. Don't MANUALLY Update, especially from the DEVELOPER AREA!
7. On the control panel, click on the UPDATE page, it should be SET to automatic updates, you can click the Advance button to make sure as well that the Auto-Updates box is checked, you can even click on the Update Now button. Make sure that the notify me BEFORE and after download selection is checked as well.
8. To check if you have more than ONE version, click on the Java Tab, this will list the currently INSTALLED versions. if you see more than one, go to add/remove programs in your system control panel and remove the others.
9. On the Java Tab, click BOTH the view buttons, and make sure they are selecting the CURRENT versions, on the Java Applications view button, there is BOTH a user and system tab, this is WHERE people have gotten in trouble before, because User might be using an OLDER version compared to SYSTEM, but by removing the older version, this solves the problem.
10. On the Security Tab check the CERTS, ("Normally it should be empty"). Make sure you check BOTH the User and System tabs.
11. The ADVANCED tab, very very important, make sure that under Miscellaneous that "Place Icon on tray is selected, otherwise a web page can invoke Java and you will NEVER know.
Under security UNCHECK ("It's checked by default") "Allow User to grant permissions to content from UNTRUSTED Authority" because this is WHY the last exploit was ALLOWED to happen.
The other options can be modified based on how tight you want security. Make sure when you are done, you click the APPLY button, then the OK button.
Hope this helps
Security = Configuration!
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
sawman
Premium
join:2002-04-25
BC KS
·Mediacom
| Thanks ZOverLord. In the Java Application Runtime settings the user tab had 1.5.0_06 and 1.42_04 enabled. System tab just the 1.5.0_06. Disabled the 1.4.2_04 but the remove button remained greyed out and in add/remove programs it has no change/remove button. I have MS KBQ314481 to remove program listing if that's all that's left. Seem to remember going through ms java removal some time ago. Would like to see it gone from java control panel too. TIA |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
4 edits | Your Very Welcome, I would go back to the Java Control Panel and check after you Remove the OLD version, call me Paranoid There may be DIFFERENT defaults between each version.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
sawman
Premium
join:2002-04-25
BC KS | Well crap, that didn't work. Couldn't find it in the current program listing in registry. Where is it getting posted from? That was a long list to wade through twice! |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN | They have a BUG just make sure it's NOT checked |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
| reply to sawman
Here is a trick, go into the java/bin folder and right click on jpicpl32.cpl and choose "Open With Control Panel" it resets it properly.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
Libra
Premium
join:2003-08-06
USA
| reply to ZOverLord
That is very good information, ZOverlord. I usually uncheck to show java in the systray - but I'm changing that now.
Would you know if, under Advanced, "use TSL 1.0" should be checked? I'm pretty sure I have that checked in IE.
Thank you.
Sincerely, Libra |
|
