navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Cont. Java Update 24-26 Issues

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Sun Microsystems
And, this specific program:
Oracle Java JDK 1.6.x / 6.x

This thread has been marked as locked.
STV0726 Cont. Java Update 24-26 Issues
Member 7th Aug, 2011 10:42
Ranking: 1
Posts: 6
User Since: 13th Oct, 2010
System Score: N/A
Location: N/A
I uninstalled Java, did all of the tasks as Maurice described in JavaRa, and I still cannot install a fresh copy of Java. Installation just hangs.

Help is appreciated! Sorry for the delay! Things got busy this past month!

mogs RE: Cont. Java Update 24-26 Issues
Expert Contributor 7th Aug, 2011 12:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@STV0726 Even if you were to manage to fully update to 26; there are two Secunia advisories...both Highly Critical, concerning Java which still pertain/apply ; as follows, at :- http://secunia.com/advisories/45173/
http://secunia.com/advisories/44784/
Is it a prog worth having on your pc in the first place...at present ?
I uninstalled and left it off some time ago....and have been unable to find any news concerning a patch....Jersey_Devil asked in an earlier thread.
There's some further reading here:-

http://news.softpedia.com/news/Security-Researcher... but again, no news of a fix.

As you've been too busy until now to look into the matter...it would mean your system has possibly been open/vulnerable.....I'd be inclined to have a good scrub/security scan, with emphasis on firewall permissions.....even when I uninstalled Java....the firewall hadn't been closed to it...still stuck.
Sorry I can't be more helpful......regards,

--
Was this reply relevant?
+4
-2
STV0726 RE: Cont. Java Update 24-26 Issues
Member 13th Aug, 2011 23:37
Score: 1
Posts: 6
User Since: 13th Oct 2010
System Score: N/A
Location: N/A
Hello there and first off thank you for your response. Please allow me to further elaborate on my general security strategy for it seems you have assumed my computer was left vulnerable.

Firstly, the computer in question with the Java problem was almost exclusively powered down. I can't get an infection when my computer is turned off and in the closet. I use this net book for taking notes in college courses and since it is summer I have not had to use it.

Secondly, even if I had the computer on and connected to the internet, I keep a tight security setup that leaves very little attack surface or attack vectors for exploits. This is my basic strategy:

I do use Microsoft Security Essentials and always keep it updated with regular full scans. More importantly, I use the tools built into Windows to create a default-deny environment. Although this netbook only has the Starter edition of Windows 7, I can use parental controls for software restriction purposes. I only use an administrator account when absolutely necessary. By combining the well-documented safety of using a Standard (or Limited) User Account, with the software restriction policy aspect of parental controls, it is very unlikely that any malware, or ANY executable that isn't on the administrator approved list, will run. When I first bought the computer and did all the updates, I white-listed all the safe executable on my system, and then anything that tries to download and install on my non-administrator account will be blocked seamlessly.

I also utilize the full opt-out protection of Data Execution Prevention, Structured Exception Handler Overwrite Protection, and Address Space Layout Randomization. These, according to Microsoft TechNet, are also great at blocking zero-day exploits, especially in internet browsers.

So you see, with this default-deny environment, not to mention Sandboxie as an extra shield, I don't consider it necessary to remove Java or another browser add-on just because an update isn't out yet. It would be very difficult for any exploit to have any permanent effect on my Windows due to the environment I have created.

Most of the people out there of course, do not have the default-deny environment I have, so if we are talking about security solely by Secunia usage and anti-virus, I would agree with you that Java is unsafe right now. But when is it ever truly "safe"?

If someone were to have Java outdated and run as an administrator and browse the internet with that exploit vulnerable, they can be more easily infected.

-------------------

Now back to my issue, which isn't whether or not Java makes sense to use right now, but rather, how to get it to work.

I did a lot of digging. And I mean a LOT of digging. I found someone that used Secunia too and the auto-update messed up their Java the same way it did to me. They tried JavaRa and other similar tools to no avail.

The solution is odd, but worked instantly. I'm going to do a system restore for good practice and try it again to verify, but here it is:

1. Show hidden folders for now
2. Go into your Users folder, more precisely:
3. C:/Users/UrUserName/AppData/LocalLow/Sun/Java
4. Then chose the folder with the version you want to install that is failing
5. Run the installer in there and it should work.

I would save that in a special place because if anyone else runs into this frustrating issue and spends a day on a Java Update like I did, they're gonna at least want to walk away a winner. :-)
Was this reply relevant?
+0
-0

STV0726

RE: Cont. Java Update 24-26 Issues
[+]
This reply has been deleted
STV0726 RE: Cont. Java Update 24-26 Issues
Member 13th Aug, 2011 23:43
Score: 1
Posts: 6
User Since: 13th Oct 2010
System Score: N/A
Location: N/A
Whoops. Did I double post that? I'm sorrry!!!
Was this reply relevant?
+0
-0
Maurice Joyce RE: Cont. Java Update 24-26 Issues
Handling Contributor 14th Aug, 2011 01:24
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It happens to us all - I will delete the double post for U.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
mogs RE: Cont. Java Update 24-26 Issues
Expert Contributor 14th Aug, 2011 07:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@STV0726

Sorry I wasn't of much help ( as stated at last of my previous post )....Glad you managed to figure out a resolution for yourself.
To be honest, your further elaboration confuses me even more. The reasoning seems convoluted....as you seem to be trying to blame psi when you have no use for it's warnings...it seems like you are trying to undermine Secunia when it is Java full of holes.
Most users come to the forum seeking help with patching.....to that end was my purpose in writing....create an awareness, that in the first instance I wasn't aware you already had.
I don't go to work without adequate protection either, but home isn't a bunker nor sandbox.
Anyrate, as stated previously; the main thing is that you're sorted.....good luck and regards,


--
Was this reply relevant?
+1
-1
STV0726 RE: Cont. Java Update 24-26 Issues
Member 15th Aug, 2011 08:28
Score: 1
Posts: 6
User Since: 13th Oct 2010
System Score: N/A
Location: N/A
Last edited on 15th Aug, 2011 08:30
@mogs

I do really appreciate your help so this will bug me if I don't explain myself. I am VERY sorry if my post was convoluted. More importantly, however, I am EXTREMELY sorry if it seemed as if I was speaking negatively of Secunia PSI.

So this time let me state right away that I am a HUGE Secunia PSI fan. I have promoted this product on other message boards and highly recommend it to friends and family.

I agree with everything you said; the only issue I had with your post that I am disagreeing with, is your recommendation to NOT use Java (or other patched programs) because there are still documented vulnerabilities at the present.

I use Secunia PSI to achieve a 100% System Score, however, I do NOT use it to tell me what programs I should and should not have installed on my computer. I install what I need for work, and I uninstall what I don't. I feel it is very unpractical and inconvenient to remove programs just because they have security vulnerabilities, therefore, here's my solution (and what I think most experts would advise):

I scan with Secunia several times a month to keep all of my programs up-to-date, then I utilize anti-malware software, DEP/SEHOP/ASLR, software restriction policies, and limited user accounts, to further mitigate any exploits that are not patched. This strategy has kept all the computers clean in my house for years, and I've never felt the need to remove a program that I needed just because there were known vulnerabilities, especially since those vulnerabilities wouldn't likely be able to do any harm to me with my default-deny, no-execute environment I've established.

But perhaps you just were casually saying that I need not worry about Java at the present because of the crappy state it is in security-wise. Nevertheless, I have gotten it working and up-to-date.

Lastly, I do scan my computer nightly, and it has turned up clean, because I use multiple, overlapping layers of security to ensure that no program, even with exploits, has the power to have permanent effect on my Windows.

Thank you again, though!
Was this reply relevant?
+1
-0
mogs RE: Cont. Java Update 24-26 Issues
Expert Contributor 15th Aug, 2011 11:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@STV0726

Thankyou very much for taking the time for even further explanation. As I intimated earlier the main thing is that you feel secure enough having weighed matters for yourself. Obviously it is always your prerogative as to what advice/prog you accept/use; and your tech. ability allows greater discernment perhaps than is usual. My tech. abilities are fairly limited.
Your explanation of your over-riding need to have Java working is suffice : tho' not mentioned lightly/casually ; I was writing more from the standpoint of " If you can manage without....do so".....for obvious reasons.
All that perturbed me regarding the seeming undermining of the value of Secunia....you have answered/allayed........thanks again and regards,


--
Was this reply relevant?
+1
-0
Anthony Wells RE: Cont. Java Update 24-26 Issues
Expert Contributor 15th Aug, 2011 12:29
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Just a couple of points , if I may :-

1)It is quite normal for many helpers on this Forum to suggest that If you do not need/use a "malware" targeted programme , as say Java , then to remove/delete it until/unless a programme/website shows up as needing it . If the programme in question is "essential" then it is often suggested to look at/for alternative programmes which are less attractive to the badguys . This is in the context of advisibg the average user .

2)I have high security settings and use things such as Sandboxie and also had the PSI "auto-update" screw up my Java JRE U26 update (I posted the details in the Forum) ; I was able to reset and run a manual update successfully , so it might be worth bearing in mind that a reinstall problem initiated by the PSI may have been also exacerbated/down to the idiosyncrasies of the system in question . By choice , I would use the programme's internal updater or a manual install from the vendor website (usually the preferred option of both Secunia and the vendor) , but I also keep an eye on what the PSI is doing/offering .

For Mogs , there was very little if any -ve voting to posts and Maurice has been deleting the unnecessary and spammers during your sabbatical , but I do note that you have already become a target on this thread . You know my opinion on voting but I do find it hard to see why your first post got 2 -ve's . Let's keep an eye on it .

Take care y'all .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
mogs RE: Cont. Java Update 24-26 Issues
Expert Contributor 15th Aug, 2011 14:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thanks for your input and moderation to the thread Anthony...hopes too that the originator appreciates.
Regarding the continuing contention re scoring and relevance.....here's a little ditty that I hope won't be deemed of negative impact :-

If I were a duck...proverbial wisdom might not attract ?
It might be "scientific" use of a dart ?
I can't find a prick in my dorsal fin........
.......and there's no mechanism says " It's Spring again !!" in my heart !

Do you think I'm getting better at avoiding the arguements ?!



--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+