What are the security repercussions if I remove older Java updates on client systems? They seem to take up quite...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
a bit of memory.
The Sun Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Java is a great technology, but what a pain the updates can be! People rail against Microsoft's constant flow of patches, but Java security updates are getting pretty frequent, too. What many people find irritating is the fact that new versions of Java don't automatically uninstall the older versions, which results in each previous version of Java often taking up over 100 MB of disk space. Perhaps an even greater concern is that these older, superfluous versions can pose a security problem.
It has been acknowledged by Sun Microsystems Inc. that malicious websites could possibly invoke these outdated versions of the software still present on a user's machine, even if the latest, patched version has been installed and set as the authoritative version to be used by both the user's default Web browser and the operating system.
Sun did try to prevent sites from invoking these older, insecure versions of Java, but in July of last year, security researcher John Heasman of Next Generation Security Software Ltd. outlined a method by which attackers could bypass that protection. Sun has since released JRE6 Update 10, which includes "patch in place" capability, meaning future updates will remove older versions upon installation. Having just updated my own PC to Version 6 Update 12, I can confirm this feature works. However, it doesn't remove any pre-Update 10 versions you may have on your machine.
Unless you are running older Java applications that were version-specific, you should uninstall all older versions of Java from your system. You can safely remove older Java updates manually from your PC by following the instructions on the Windows Java instructions page. If you do have any version-specific Java applications, contact the provider or developer as it is their responsibility to rectify their applet code in order to ensure compatibility with all Java versions.
Dig Deeper on Web Application Security
Related Q&A from Michael Cobb
A web shell from the JexBoss security tool was used to exploit servers through an unpatched JBoss vulnerability. Expert Michael Cobb explains how to ...continue reading
The Android Trojan Triada has the ability to replace a device's system functions with its own. Expert Michael Cobb explains how to mitigate the ...continue reading
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.