navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Java jre 1.6.x / 6.x multiple copies

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as resolved.
bwawsc Java jre 1.6.x / 6.x multiple copies
Member 19th Jun, 2010 19:36
Ranking: 3
Posts: 19
User Since: 17th Jun, 2010
System Score: 97%
Location: US
I've seen a number of posts about multiple copies of the Java jre, and the advice given is always to clear out all the old copies, leaving only one. This advice is over simplistic. Some programs require their own separate installation of Java (some because they want to control what version of Java they use, some for other reasons I don't pretend to understand). These programs will install their own copy, usually in their own directory space. You can update Java all day long and it won't touch these additional copies. Deleting them is usually a bad idea also, as the program that installed them expects to find its own copy of Java right where it left it and will usually fail - often with a cryptic and incomprehensible error message.

This is a common enough problem that it seems as though Secunia would want to contact the vendors of the software that does this for specific advice (a couple of examples: IBM for Lotus Notes, Blurb for BookSmart). I was able to trick BookSmart into using a common installation by editing a couple of configuration files, but it will break again after the next update of BookSmart. Lotus Notes insists on using its own copy, since many things depend heavily on the version of Java.

Java used to leave old versions in place when it was updated, but current releases do pretty well at un-installing the copy being updated, leaving only one. Secunia's advice needs to be updated to reflect this more complex environment.

--
Bill Walton

Post "RE: Java jre 1.6.x / 6.x multiple copies" has been selected as an answer.

mogs

RE: Java jre 1.6.x / 6.x multiple copies
[+]
This reply has been minimised due to a negative Relevancy Score.
bwawsc RE: Java jre 1.6.x / 6.x multiple copies
Member 19th Jun, 2010 19:51
Score: 3
Posts: 19
User Since: 17th Jun 2010
System Score: 97%
Location: US
on 19th Jun, 2010 19:46, mogs wrote:
In my experience, Secunia does a phenomenal job of detecting/informing/advising of vulnerabilities. The choice to disregard/fail to update, being left to the user.


Well, sure - I'm new so I don't have much experience with it, but so far this Java thing is the only one that seems completely off base...


--
Bill Walton
Was this reply relevant?
+0
-0

mogs

RE: Java jre 1.6.x / 6.x multiple copies
[+]
This reply has been minimised due to a negative Relevancy Score.
bwawsc RE: Java jre 1.6.x / 6.x multiple copies
Member 19th Jun, 2010 20:32
Score: 3
Posts: 19
User Since: 17th Jun 2010
System Score: 97%
Location: US
on 19th Jun, 2010 19:58, mogs wrote:
Well unless you have a specific vulnerability that needs resolving; haps tis best to see how things resolve themselves before trying to find fault/"step into the fray" ? For all the problems that Java has presented over the last year or so, that I've seen.....there are very few outstanding ? Regards

Wow. Pretty thin-skinned, aren't you? I wasn't aware that this forum was only for resolution of specific vulnerabilities. I started using the PSI program a few days ago, I had multiple instances of Java installed, and I spent hours trying to make sense of what I saw - both in the program interface and in this forum. I'm reporting the results of the time and effort I put in, and suggesting an area of possible improvement. To be flamed for "finding fault" is a little startling. Is it because I'm a newby? I should watch bad advice being given for several months, and see if it stops on its own, and if it doesn't, then step into the fray?

So far, none of the responses you've given have been relevant to the original post, which had to do with A) confusing information about Java in the PSI program interface, and B) bad advice about Java in the Forum.

--
Bill Walton
Was this reply relevant?
+0
-0

mogs

RE: Java jre 1.6.x / 6.x multiple copies
[+]
This reply has been minimised due to a negative Relevancy Score.
bwawsc RE: Java jre 1.6.x / 6.x multiple copies
Member 19th Jun, 2010 21:04
Score: 3
Posts: 19
User Since: 17th Jun 2010
System Score: 97%
Location: US
Last edited on 19th Jun, 2010 21:06
on 19th Jun, 2010 20:48, mogs wrote:
I can't see that I wrote anything to warrant nor justify a " Wow" nor a "BOO ". I merely gave you my advice/opinion....again tis your choice to take it or leave it. The thickness of the skin is'nt as great on my finger as other parts of my anatomy.....I'm not a Mr Thumb !! Regards.

Well, it appears to me the opinion was that everything is fine, and the advice was for me to shut up and quit badmouthing the product. I assume by "BOO" you mean the thumbs down - on my monitor it's displayed as Relevant or Not Relevant. Since your responses were completely off topic, I chose "Not". I've left the thread open in case anyone else who has something useful to say about the original topic (not this wandering flame-war) wants to respond.

--
Bill Walton
Was this reply relevant?
+1
-1

mogs

RE: Java jre 1.6.x / 6.x multiple copies
[+]
This reply has been minimised due to a negative Relevancy Score.
bwawsc RE: Java jre 1.6.x / 6.x multiple copies
Member 19th Jun, 2010 21:28
Score: 3
Posts: 19
User Since: 17th Jun 2010
System Score: 97%
Location: US
Last edited on 19th Jun, 2010 21:28
on 19th Jun, 2010 21:19, mogs wrote:
haps tis best to see how things resolve themselves before trying to find fault/"step into the fray" ?
Shut up (for example).


--
Bill Walton
Was this reply relevant?
+2
-1

mogs

RE: Java jre 1.6.x / 6.x multiple copies
[+]
This reply has been minimised due to a negative Relevancy Score.
Anthony Wells RE: Java jre 1.6.x / 6.x multiple copies
Expert Contributor 19th Jun, 2010 23:43
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 19th Jun, 2010 23:49
Hello Bill ,

Welcome to the Forum :))

If you check out this thread :-

http://secunia.com/community/forum/thread/show/448...

near the very end , scroll right down , @ottichris-primary raises the same point that you do . Emil Petersen a Secunia official gives his reply :ie: Secunia will be looking into the listing of old Java versions as "zombies" in the "new" version of PSI .

I am not sure that it will satisfy entirely the extended population of Java and the problem of "embedded" versions of Java ; you may want to comment there or wait to see if Secunia pick up this thread when they get back to work on PSI on Monday .

Obviously , you are not the only person concerned .

If you have any other comments , feel free ; we try to avoid flaming as best we can and everyone can express an opinion , however wisely .

Take care
Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+