Java Patch Plugs 27 Security Holes

A new version of Java is available that fixes at least 27 security vulnerabilities in the ubiquitous software.

To see which version of Java you have installed, visit this link and click the “Do I Have Java?” link under the big red “Free Java Download” button. The newest version that includes these 27 fixes is Java 6 Update 19.

It seems Java’s built-in updater has gotten better about notifying users in a more timely fashion about available security updates. On one of my Windows 7 test machines, I received a prompt today to install the update. If you didn’t get that prompt yet and want to force an update, go to the Windows Control Panel, click the Java icon, then on the window that pops up click the “Update” tab, and then the “Update Now” button.

Updates are available for Windows, Linux and Solaris systems. Apple maintains its own version of Java and generally doesn’t release Java security updates until about six months after the fixes are made available for other operating systems.

If you don’t have Java, then you probably don’t need it. My personal philosophy is that if I don’t need it, I don’t install it or keep it. Java vulnerabilities increasingly are being targeted in automated exploit kits that are sewn into hacked and malicious sites, so by all means if you don’t have a use for it, I say get rid of it. Eliminating unnecessary programs helps reduce what security wonks call the “attack surface” of a system: You’re basically bricking up potential windows and doors into your computer. At any rate, if it turns out you do in fact need Java for some reason, you can always reinstall it.

By the way, the Java installer has for the past seven or so versions removed older versions of the software, but if your Java install is really old, you might find that your PC has several Java versions listed in the Add/Remove Programs panel. If that describes your situation, you should uninstall those older versions.

One final gripe: I’m tired of seeing major software companies use security updates as a way to install more third-party software. Adobe does this with its updates, and this Java update — like so many before — preselects the “Yahoo! Toolbar” to be installed. Broken record alert: If you don’t need it, don’t install it. It’s just one fewer program you have to worry about updating.

Оставьте комментарий