This week’s Patch Tuesday updates included a security update that will block old, insecure versions of Java and other outdated ActiveX controls. Java has been a huge security problem for years and this is an overdue way to keep it from being exploited by the bad guys. (Microsoft’s security record is good overall but in this case it’s behind Chrome and Firefox, which have had similar blocklists for several years.)
In its announcement, Microsoft pointedly noted that Java exploits accounted for between 84% and 98.5% of all Internet Explorer attacks by exploit kits (bundles of malware sold commercially) each month in 2013. Oracle tries to keep up with the bad guys by releasing updates on an erratic schedule (the current version is Java 7.0 Update 67, released earlier this month), but it violates our trust in two ways: (1) it does not remove older versions when major updates are released, so many computers still have version 6 installed alongside version 7, and (2) every update is accompanied by an attempt to install adware.
The adware is unforgivable and Java’s security flaws are even worse. Microsoft’s move will help improve the situation but I still encourage you to remove Java unless it is required by some program. The easiest way to find out: uninstall every Java entry in Control Panel / Installed Programs. If a program needs it, it will alert you the next time you try to run the program. In that case, install the current version of Java from here – and make sure to avoid the adware!
The Internet Explorer patch will consult a constantly updated Microsoft list of outdated ActiveX controls. If a web page attempts to run an old version of Java , you’ll see a warning message and a link to install an updated, safer version.
The Java-blocking update was installed on your computer this week but it will not take effect for 30 days. Microsoft announced the change on August 6 and intended to make it effective on Patch Tuesday, August 12. At the last minute it postponed the implementation until September 9, to give enterprise customers time to test and tweak Group Policies if necessary.
This will help keep you safe but there are two proven ways that are even more effective:
• Subscribe to Bruceb Remote Management and install the agent on all your computers to get the latest updates for Java and other utilities installed automatically.
• Follow the Rules For Computer Safety.
Be careful out there!