Ask the Expert

When is it suitable to remove Java updates?

What are the security repercussions if I remove older Java updates on client systems? They seem to take up quite a bit of memory.

    Requires Free Membership to View

The Sun Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Java is a great technology, but what a pain the updates can be! People rail against Microsoft's constant flow of patches, but Java security updates are getting pretty frequent, too. What many people find irritating is the fact that new versions of Java don't automatically uninstall the older versions, which results in each previous version of Java often taking up over 100 MB of disk space. Perhaps an even greater concern is that these older, superfluous versions can pose a security problem.

It has been acknowledged by Sun Microsystems Inc. that malicious websites could possibly invoke these outdated versions of the software still present on a user's machine, even if the latest, patched version has been installed and set as the authoritative version to be used by both the user's default Web browser and the operating system.

Sun did try to prevent sites from invoking these older, insecure versions of Java, but in July of last year, security researcher John Heasman of Next Generation Security Software Ltd. outlined a method by which attackers could bypass that protection. Sun has since released JRE6 Update 10, which includes "patch in place" capability, meaning future updates will remove older versions upon installation. Having just updated my own PC to Version 6 Update 12, I can confirm this feature works. However, it doesn't remove any pre-Update 10 versions you may have on your machine.

Unless you are running older Java applications that were version-specific, you should uninstall all older versions of Java from your system. You can safely remove older Java updates manually from your PC by following the instructions on the Windows Java instructions page. If you do have any version-specific Java applications, contact the provider or developer as it is their responsibility to rectify their applet code in order to ensure compatibility with all Java versions.

This was first published in July 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: