Tech Alert: Update Java NOW

[lolmac]

How recently did you install an update to Java?

If your answer is "Last week" or "Last month" or "Huh?  What's that?" or, in fact, anything other than "Yesterday" or "Today", go thou and update.  Now.  Then come back here and I'll tell you why, but seriously, DON'T WAIT.

http://www.java.com/en/download/inc/windows_upgrade_xpi.jsp

It usually comes as a

Comments

[flywoman]

Hate to be a bother, but where can we download the patch for Macs?

[bookblather]

Right here.

[lolmac]

Not a bother -- I should have thought to include this link too:

http://java.com/en/download/manual.jsp

That's the general download page. The Mac download is the second main section. I've edited the post to include this.

[lolmac]

That's probably caused by slightly different administrative settings, with the work computer set to run out and grab updates much more frequently than the default setting. That's one of the reasons I decided to do this post -- a patch is worthless if it's not applied, and at least half a billion computers are running Java that only updates once a month, or even less.

This particular exploit only targets the most recent version of Java, so computers running older versions were safe -- but there are other exploits aimed at the older versions, so the safety is pretty much illusory.

[lolmac]

My general philosophy is along the lines of "Don't be the slowest camper" or possibly "Get well above the lowest-hanging fruit, but don't worry too much about getting up to the highest branches."

It's not a bad approach -- there are, after all, over a billion campers in total, and several hundred million of them are incredibly clueless. I can't do anything to save most of them, but I can try to help my corner of the campground. If the rest of the campers are lion bait, well, it keeps the lions fed. (Cynicism on the hoof . . . )

[blackmare]

Here via alternatealto's link, and I just had to say that as a native of Florida, I am tempted to add you to my f-list based on your icon alone.

Also, I am away from home and using an iPad right now, so updating ... does this apply to mobile devices?

[lolmac]

I adore you! You asked a question that required me to go learn the answer. I don't have an iPad or iAnything, so I hadn't researched that side. Now I have!

The answer: Steve Jobs hated Java, and no iWidget will run it without some kind of unsanctioned workaround. The workarounds do exist, but this is one good reason not to do it.

I hope you have an anti-malware scanning app on your iWidget, though. That's another vector that's being targeted a lot by the malware goons.

Re the icon: you can actually blame alternatealto for that one, in fact, since she originally sent me the link to the source image!

Friend at will if you like, and be very welcome! The lolmac journal is all LOL images for MacGyver, Stargate, etc., and is updated every weekday; this journal is where the personal stuff goes. I'm an expat, having come from the Pacific Northwest to the alien country of Florida. I originally started this journal to let my LJ friends know where my partner and I were during the cross-country drive, and continued it afterwards.

Beth

[dbskyler]

Apparently it's only an issue if you're running Java SE 7? I have a Mac, and I ran the check recommended below by Macworld, and I'm running SE 6, so I should be fine.

http://www.macworld.com/article/1168358/java_security_threats_what_you_need_to_know.html

Obviously it's still a major concern that the flaw exists and is being exploited, but I thought I'd pass on a ray of hope for the slightly-behind-the-times people like me.

[lolmac]

Well, I just did my third ETA update, thanks to fine feedback such as this! That is a GREAT article.

The professional consensus is that, for PCs at least, it's riskier to run the older versions, which have their own vulnerabilities. Even if you have a Mac, there's room for concern: one of the more serious attacks earlier this year targeted Macs running Java, as mentioned in the article you linked. The very bright side is that, as detailed in that same article, the new generation of Macs have some very nice safeguards built in. So yay Apple!

[thothmes]

Thank you for the sage words of advice, and the fascinating reading that you linked to in giving them. The five computers in the house are now all nicely updated and winnowed of their old versions, and I've (no doubt) insulted the IT intelligence of my offspring in the Philly area by letting them know too.

Middle Daughter (who has strenously resisted parental efforts to teach her about computer security vulnerablilities and best practices, because she and her little friends know allabout computers, unlike some of us fogeys who don't know a thing about navigating Facebook, so she doesn't need to heed our warnings, right?) has had her email hacked today. She wouldn't listen to me and do anything about it, so I just sent Beloved Husband in to put the fear of God (or at least hackers) in to her. Let's hope she'll listen to him.

*headdesk* *headdesk* *headdesk*

[lolmac]

*headdesk with you*

Gaaah. One of the biggest issues in my professional life, at present, is dealing with the fallout from clients whose emails have been hacked . . . we're one of the subsequent targets, and it's part of our job to keep our compromised clients safe from fraud and theft.

[thothmes]

And this kind of willful ignorance is also why she is not allowed to use the computer I'm on now. I've password protected her out.

Knocking down my 2 TB drive and making it non-functional was its own consequence. She lost most of her music, which she'd uploaded to the drive, and then left the original CD's in a friend's truck, where her then-boyfriend stole them.

The only thing I lost and didn't have backed up was my TurboTax files, because I had hard copy instead, and didn't like the idea of my tax files sitting around where they could be easily hacked.

Paranoia is our friend!

[campylobacter]

That's teenaged logic for you: knowing how to use 30% of Facebook's user interface features 90% of the time = understanding admin-level security issues for operating systems & web browsers. >___<