Every day as I turn on my computer I confront a roadblock. A Windows message dialog box pops up asking if it’s OK to run jusched.exe. Windows doesn’t say, but I know this is the Java updater. It’s looking for permission to check and see if Oracle has issued a new Java version (or subversion).
Enter “Java security” into Google for an eye opening revelation. Java is so insecure it’s commonly used as an easy pathway to infect your PC.
From PC World: A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.
“We observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed,” FireEye researchers Darien Kindlund and Yichong Lin said Thursday in a blog post.
I’m pretty sure Helaine’s laptop was infected twice a few years ago through a Java vector!
Here’s the takeaway. Even after 17 updates (two more since the PC World article ran), Java 7 has more holes than Swiss cheese. Each update must be downloaded and installed. And, as the screencap on the left shows, each encourages you to also download and install McAfee software. In the past the Java updater has promoted Ask.com.
“Install the Ask Toolbar and Make Ask my default search provider”
Oracle, the current owner of Java, makes money by promoting products like Ask.com and McAfee. There is a financial incentive for Oracle to keep pushing out updates, even if they continue to leave Java vulnerable!
Every time the jusched.exe box appears I get a little more ticked off. If Java can’t be made secure, let’s move to something else. If Oracle must continue sending out updates, let them bite the bullet and refrain from using it as an advertising platform.
Java has become software with bad manners!