Dusty Cables dot com

a tech blog

Tag Archives: Sun

Old Java packages are still a security risk

October 1st, 2008. Published under Software Tools. No Comments.

This baffles me. Sun Microsystems, the company who produces Java, which is commonly used as a web browser plugin, occasionally offers updates to Java. These updates are almost always due to someone discovering an exploitable security hole and Sun patching that hole. This makes perfect sense and frankly is a necessity. However, what I don’t get is why Sun would then leave the old, insecure versions of Java installed. ALL of the old versions. I’ve seen Windows computers with ten or so versions of Java installed. What’s worse, malicious users who know how to exploit these security holes can easily access the older versions of Java still present, thereby defeating the entire purpose of upgrading Java to the most recent version. What’s with this, Sun?

The old versions of Java should be removed unless you know you have software that requires an older version. If that is the case, then you are stuck with the security issue as well. If not the case, which should be most people, then all of the old Java packages should be uninstalled. This used to be a tedious process using Add/Remove Programs, uninstalling one at a time. No longer!

Javara is a tiny utility that removes all old Java packages with the click of a few buttons. It logs all changes it makes as well. You can also use it to make sure you have the latest version of Java. I’ve recently discovered this utility and I now use it regularly. Go check it out and make your computer more secure!