Leave a comment

Java was lying to us for years about security updates

Java was lying to us for years about security updates
Photo courtesy of Shutterstock

Think back three years and you might remember the "Javapocalypse." For months, hackers were findings major security flaws in the widespread Java program that came by default on most computers, and using them to launch attacks against millions of computers worldwide.

Java's developer, Oracle, took a beating in the press until it finally started getting its act together and started releasing regular updates to close the security flaws. The updates helped, and so did people realizing that they didn't even need Java anymore and uninstalling it. Aside from a few recent scares, all has been fairly quiet on the Java front since then, with Adobe's Flash taking the security nightmare spotlight. Now, though, Java is now back in the news, but for a surprising reason.

Back when Java was undergoing attack after attack, and updates were arriving every week or two, we warned you about a serious problem with the way Java updates worked. With most programs, when you install an update it replaces the previous version of the program. With Java, however, all the old versions stayed on your computer.

Even when Java started automatically removing recent versions with Java version 7, it still wouldn't clean out the oldest versions of Java. That meant even though you had the newest version of Java, hackers could still attack your computer via the old insecure versions. At the time, we told you how to manually remove older versions of Java.

It seems that the Federal Trade Commission has finally noticed the same problem, only a few years late, and is taking action. It charged Oracle with "deceiving" consumers about how safe they'd be after installing Java updates.

Oracle has agreed to settle, and that settlement requires Oracle to create a tool that uninstalls every older version of Java on a computer. You can find that tool on the Java website.

The FTC is also making Oracle put up a notice on its website for two years, and launch a massive social media campaign explaining the danger to consumers and telling them how to fix it. With Java still installed on an estimated 850 million computers, this is probably a good thing.

If you still have Java installed, this would be a good time to revisit whether or not you really need it. The number of sites and programs that require it is shrinking so you might not need it anymore.

While you're at it, you should try disabling Flash and see if you can live without that as well. It will definitely make your computer safer from a lot of online threats.

Next Story
Facebook helped identify this weird Egyptian artifact
Previous Happening Now

Facebook helped identify this weird Egyptian artifact

Get 3 months of unlimited streaming music for $1
Next Happening Now

Get 3 months of unlimited streaming music for $1

View Comments ()