What’s worse than stale coffee? Stale Java.

If you own a computer, you’ve probably seen this message before: Java Update Available. You know that leaving outdated software on your computer can make it more vulnerable to viruses and malware, so you’ve always agreed to the updates. Unfortunately, the FTC says keeping Java updated didn’t necessarily keep it secure.

Oracle’s Java SE software has been installed on more than 850 million computers. Many websites rely on Java to enable interactive features, like browser-based calculators, online games, chatrooms, and 3D image viewing.

According to the FTC, for years, updating to a new version of Java didn’t automatically remove all the old versions. Oracle eventually changed this practice, but even then, Java updates removed only the most recent version. That left many computers with multiple outdated versions of the software.

Why does it matter? Earlier versions of Java had serious security risks that hackers could exploit to steal login information for people’s financial accounts, and to gather other sensitive information through phishing attacks. As long as these older versions remain on a computer, hackers could continue to exploit them.

Today, the FTC announced a proposed settlement that would require Oracle to notify Java users about the problem and provide tools to fix it. To remove old versions of Java from your computer, visit java.com/uninstall, or follow one of the steps below:

Comments

I don't have Java for Internet Explorer or Firefox. Is it necessary then to have it and all updated?

Frankly consumers should be replacing old PCs that even MS is no longer supporting. This seems rather petty.

It is petty, beyond belief. I used to teach Java @ U.Wash. Recently, Java applets are so locked down due to recent security concerns, that you can't even write a "Hello, World" applet that runs in a Java sandbox, without signing it. Oracle isn't perfect, but we don't need some dumbnut in the FTC making things worse. How about doing something really useful, like the numerous telephone scam calls we receive every day? I don't care if they're overseas. If we can get Osama Bin Laden without the help of the host government, we can certainly get the overseas scammers to wonder each night whether they will wake up in jail.

I feel that the FTC is tone deaf. As a java developer, there is a reason for all the outdated software. Old software will often ONLY run on Java 3 or 4, or 5. Yes, there is security vulnerabilities, but usually it is not an issue because my software that runs Java 3 is different from what is running on a web browser (which should be patched and up to date as possible). I do not think the FTC really thought about this and even asked the community if Oracle did anything wrong (they did not, IMO). This may be more political grandstanding (see we took on those EVIL corporations). Now bundling the ask.com toolbar, that would be something worth fighting over.

I agree that, while attempting to do the right thing, this may make some matters worse. If it automatically removes old Java instances, the new install procedure may "break" older apps --which are dependent on those instances -- without the user knowing why.

Wow,how irresponsible of Oracle. I had to get a factory reset done on my laptop after having problems with it right after doing a Java update. Now I know why. I would like to send them the bill.

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.