Every day as I turn on my computer I confront a roadblock. A Windows message dialog box pops up asking if it’s OK to run jusched.exe. Windows doesn’t say, but I know this is the Java updater. It’s looking for permission to check and see if Oracle has issued a new Java version (or subversion).
Enter “Java security” into Google for an eye opening revelation. Java is so insecure it’s commonly used as an easy pathway to infect your PC.
From PC World: A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.
“We observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed,” FireEye researchers Darien Kindlund and Yichong Lin said Thursday in a blog post.
I’m pretty sure Helaine’s laptop was infected twice a few years ago through a Java vector!
Here’s the takeaway. Even after 17 updates (two more since the PC World article ran), Java 7 has more holes than Swiss cheese. Each update must be downloaded and installed. And, as the screencap on the left shows, each encourages you to also download and install McAfee software. In the past the Java updater has promoted Ask.com.
“Install the Ask Toolbar and Make Ask my default search provider”
Oracle, the current owner of Java, makes money by promoting products like Ask.com and McAfee. There is a financial incentive for Oracle to keep pushing out updates, even if they continue to leave Java vulnerable!
Every time the jusched.exe box appears I get a little more ticked off. If Java can’t be made secure, let’s move to something else. If Oracle must continue sending out updates, let them bite the bullet and refrain from using it as an advertising platform.
Java has become software with bad manners!
I fully agree, Geoff! Unfortunately one on line game site my wife and I like still has Java-based games. But I am glad I dumped McAfee…it became bloatware.
Java sucks and so does the crap they try to get you to install along with it just to make a quick buck. Unfortunately I too have to have it installed for a few things but if it ever becomes possible for me I’m dumping it the second I can along with flash.
As I type this I have a blinking icon asking me to allow this to be updated. I close it many times and it keeps reopening. Drives me crazy. Even when I do update, within 2 days it’s back. Hate it.
One thing I’ve found that helps this kind of thing is WinPatrol. Any program that wants to put in it’s own scheduler is caught by it and it asks if I approve. I generally say no, nnd the installer thinks it’s done, but those registry changes to start things every time don’t happen. If there’s a serious update required for Java or anything else, another application I use, Secunia PSI, tells me and I put it in myself. Secunia and WinPatrol are both free and I don’t have every companies updater, quick starter, or messenger using up resources just because I turned on the computer.
I’m not a computer geek butI find it a royal pain to have things I don’t want installed with my updates. Went through that the other day when I had to update Java yet again. They wanted to install the Ask.com toolbar and make it my default. I said no. Somehow it got installed anyway. I had to manually uninstall it. McAfee is on there too and I want to get rid of that since I already have three security programs on my computer.
Such a pain.
{With apologies to Foreigner}
HOT JAVA! Check it and see,
It’s got a version of 103,
C’mon baby can you update more often than this?
It’s Hot Java, Hot Java…