Spyware, Viruses, & Security forum

Resolved Question

Java 7 update 11

by michhala / January 16, 2013 3:21 PM PST

What is the general consensus about keeping Java 7 update 11 on your PC while security experts say bugs still remain?

My thanks.....Miki

michhala has chosen the best answer to their question. View answer »
Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Java 7 update 11
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Java 7 update 11
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Best Answer as chosen by michhala

Collapse -
Opinion
by bob b / January 17, 2013 1:29 AM PST
In reply to: Java 7 update 11

If you "really" need java then use two browsers.

One browser with java and one without.

Use the without browser for GP surfing.

When you go to that site that needs java switch to the with browser.

If you don't "really" need java......bin it.

Collapse -
(NT) Thank you to Bob and Grif for your solutions
by michhala / January 17, 2013 6:24 AM PST
In reply to: Opinion
Collapse -
One more thing, Bob and Grif
by michhala / January 17, 2013 6:51 AM PST

Would keeping the Java 7 update 11 only on the 64-bit IE9 work as a 2nd browser? -- I currently only use the 32-bit, but I have it on both. Apology in advance if this is a dumb question, but I AM a blonde Happy

Miki

Collapse -
Have You Checked That The 64 bit IE9 Functions Right?
by Grif Thomas Forum moderator / January 17, 2013 8:11 AM PST

Many are unhappy with IE9 64 bit.. Although it may work exactly as you want, I would make sure that the 64 bit version works for the websites you need it for....PLUS....I would also check to make sure that leaving Java enabled in the 64 bit version actually disables it in the 32 bit IE9. Since there's only one Java control in the "Start-Control Panel" section, enabling it there may cause both IE9 versions to work..

Of course, since you probably have both 32 bit and 64 bit version of Java installed in "Programs and Features", you might try uninstalling the 32 bit version of Java there, which should prevent the use of Java in the 32 bit version of IE9.. Give it a try.

Hope this helps.

Grif

Collapse -
More info
by michhala / January 17, 2013 8:56 AM PST

Grif -- You are correct in that I have 32 bit and 64 bit versions installed in Programs and Features.

I have two of the Java 7 update 11 listed in Programs and Features -- one listed as 64-bit. I also show two as disabled in my add-ons. I have two Java Control PaneIs on my HD files -- one in X86 Program files (32-bit) and the other in Program Files. In Start-Control-Panel section, clicking the Java icon brings up one Control Panel. All show as enabled. Evidently, Java is not totally disabled -- possibly disabling through Control Panel (deselect the box marked Enable Java Content in the Browser) will do the trick. The two disabled Java in add-ons are probably result of option I elected during install (from their website).

I tried IE9 64-bit out on a few websites and it seemed O.K. I will also try your suggestion to uninstall 32 bit version to see if things will workout. I was hoping that a simple disabling in add-ons would be the answer since enabling as needed would be so simple.

Thanks a bunch......Miki

Collapse -
ADDENDUM - Will this be enough protection?
by michhala / January 17, 2013 6:49 PM PST
In reply to: More info

Received following email from Norton:
"You are protected against the latest Jave vulnerability.
You may have recently seen some of the extensive news coverage, including statements from the United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulneraility leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites.
Rest assured, because you have a Norton security software product installed on your computer, you're protected against the Java bug (CVE-2013-0422), as long as you have not disabled the automatic updates feature.
We also recommend that you apply Oracle's recently released security patch and make sure you are running the most updated version of Java."
Learn more about Java Zero-Day vulnerability
http://community.norton.com/t5/Ask-Marian/What-s-All-the-Buzz-About-Java-Fixing-The-Vulnerability/ba-p/892757

Collapse -
No
by bob b / January 17, 2013 11:05 PM PST

Java seems to be a nice fat target for the bad guys.

No anti product will protect you from an undiscovered exploit.

Yes....norton may protect you from the exploit in question but what about tomorrows exploit?

So back to my orig post.......do you "really" need Java?

Collapse -
You're Gambling On Two Things
by Grif Thomas Forum moderator / January 18, 2013 3:39 AM PST

You're gambling that Norton and Oracle stay ahead of the malware writers.

See the links below which Norton "says" is proof that you won't get infected because they're ahead of the game with IPS signatures...:

http://www.symantec.com/connect/blogs/additional-protection-recent-java-zero-day

http://www.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kit

And here's Oracle's assurance blog saying much the same:

https://blogs.oracle.com/security/entry/security_alert_for_cve_2013

So......if you want to be totally secure against Java exploits, you uninstall Java... The second option is to disable Java in the browser of your choice, or possibly uninstall it completely. If you feel safe enough because both your AV company and Java have taken the indicated steps, and maybe you don't visit dicey websites, then you might choose the second option. Obviously, the second option is more risky, but it may be the best one for you, specially if you use a lot of programs/websites that require Java.

Hope this helps.

Grif

Collapse -
And Is The Gamble Worth It?.. See This...
by Grif Thomas Forum moderator / January 18, 2013 3:44 AM PST
Collapse -
Thqnk you, Grif and Bob
by michhala / January 18, 2013 10:39 AM PST

I was 99 per cent sure of what your answers to my protection question would be....but thought it a good idea to be sure and to also get your information out there.

I do not visit "dicey" websites, and I have no idea which of my regular websites require Java and how to tell if they do. I have a feeling my bank and credit card sites might require Java. With this in mind, I disabled Java in the X86 folder and it tested on their website as not working. This is the browser I use. That said, when I tested the remaining Java on my 64 bit browser, the Java website said I had an old version of Java and did not recognize my 7 update 11. I might uninstall Java from 64 bit IE9 and reinstall just to see if I can keep a working Java on the 64 bit to use as needed. Although the 32 bit and 64 bit folders on my HD each has its own Control Panel, the Java Control Panel in the Start-Control Panel feature shows as disabled.....so I am thinking both browsers are linked together as far as Java is concerned.

Finally -- with the 32 bit IE9 disabled, I find I have no need for the Java, I will certainly remove from my computer.....or install another browser ie Firefox. QUESTION: Will Firefox install with both 32 and 64 bit, too? (have never used browser other than IE)

Thanks again, gentlemen....Miki

Collapse -
Firefox
by bob b / January 18, 2013 9:46 PM PST

I think the normal release flavor is 32 bit.

There is a 64 bit flavor but you have to go muck around in that developer stuff.

We peons don't go there.

Collapse -
(NT) Yep, The 32 Bit Is Standard For Firefox
by Grif Thomas Forum moderator / January 19, 2013 12:41 AM PST
Collapse -
Bob and Grif- thanks for your patience
by michhala / January 19, 2013 7:08 AM PST

I have tried as many of my websites as possible, including banks, and have not yet found any that required Java except when using Google with a "Doodle" heading, wherein I receive a notice saying, "JavaScript void" and a frozen page.

So....to summarize -- I completely removed Java from my IE9 64 bit and am about to do the same for 32 bit. Java has come full circle.....I first learned of Java on the Cnet virus forum many years ago, and I am now officially removing it via that forum. Happy

You both have been very patient with all my questions.....thank you for the Firefox into.....Miki

Collapse -
Doing fine without Java installed. but....
by michhala / January 27, 2013 7:33 AM PST

...have a question. Every now and then, the "Javascript void" message appears on a website.....since there are no remains of Java on my computer, what is its purpose for being and does it indicate I am missing something important?

My thanks, again.....Miki

Collapse -
Jscript void
by bob b / January 27, 2013 10:21 PM PST
Collapse -
Thanks, again, Bob
by michhala / January 28, 2013 7:07 AM PST

Appreciate the info and the Javascript link....miki

Collapse -
Answer
Still, Having Current/Most Secure Version Is Best, If Needed
by Grif Thomas Forum moderator / January 17, 2013 4:23 AM PST
In reply to: Java 7 update 11

Oracle/Java will continue to "attempt" to keep up with the vulnerabilities and the current Java 7 Update 11 fixes the most recent vulnerability.. As with other programs where vulnerabilities are found, (almost all of them nowadays), it's always best to keep the most recent/secure version so when its use is required, the program is as safe as it can be at that time..

Still, Java is not the safest thing on the planet and "bob b" gives good advice.. If you don't need it, dump it.. If you do need it (some of my banking sites won't work correctly without it), then look for safe ways to use it, such as two different browsers, or by switching it on/off when necessary.

Hope this helps.

Grif

Collapse -
(NT) Thank you to Grif and Bob for your solutions
by michhala / January 17, 2013 6:23 AM PST
Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.