A Critical Update For Java That You Must Install


For the past few weeks, security experts have warned that recently-discovered security flaws in Java were so dangerous that you should uninstall Java from your PC.

Oracle, the company behind Java, has now issued an update for the system.  It corrects 50 separate security problems, many of which could have allowed hackers to gain remote access to your PC.

If you deleted Java, it's now safe to reinstall.  If you didn't uninstall Java, you really should uninstall your current version and then head to www.java.com to get the latest release.




Please rate this article: 

Your rating: None
Average: 3.6 (26 votes)


ZDNET have published an article on an additional forthcoming patch for Java (due to be released on 2013.02.19), "Oracle to re-release Java SE patch with extra helping of fixes" -- http://www.zdnet.com/oracle-to-re-release-java-se-patch-with-extra-helpi... .

In the corporate world you may be stuck with older versions of JRE since that's what vendors certify there products with. And some are slower than others at moving forward. You get real fun when one has updated but others haven't. Then you can get conflicts if one vendor requires one version and another vendor specifies a different version.

There are so many people having problems finding the offline installers for Java 7 Update 13 which is the latest one. Here are the direct download links for Java 7 Update 13 which includes more than 50 fixes.

[Edited out. Direct download links not permitted.]


I also recommend ninite.com for installer files. All the good stuff and none of the junk is installed - plus you can use the installer file as an updater as well.

I uninstalled Java completely from all of my home and office computers over a year ago, and really haven't missed it. There are very few websites I regularly use which won't function as a result, and the only one I miss is the current orbital location function provided on some of the NASA mission webpages.

I'm with you concerning a complete uninstall of Java. However, I want to ask you several questions? I am not a computer geek so tell me what Java does and why would I need it. When you uninstalled did you use an appcleaner to get rid of it? If I uninstall Java, will I turn on my Mac only to see a blank screen that does nothing? Your assistance would be greatly appreciated.


Java is a programming language. Some web sites, and some of the facilities that some web sites provide, as well as some stand-alone downloadable programs are written in Java. Because of the way that Java works, you need to install something called a Java Runtime on your computer if you want to run any program that was written in Java. It's the Java Runtime that you will have had on your PC, and which you need to keep patched so that it has the latest security fixes. You uninstall it just like any other application, ie from the control panel. As to whether you need Java installed, it depends on whether you want to run any programs, or access any web sites, that require it. If you uninstall it, the worst that will happen is that you'll receive a warning from sites that need it. You won't be faced with a blank screen. Hope this helps.

I can't tell you anything about how it works with Macs, as I'm strictly a Windows user. In my case, I did not require the use of an appcleaner for the most part, although in one of my office machines there was some leftover stuff from an older version of Java which showed up in a deep Secunia scan that I ended up having to remove with Revo Uninstaller.

Now, as to what it does and why you might need it, that will depend in part on what sort of things you do with your computer (whether a Mac, or something running Windows or Linux). If you're strictly a casual user and Websurfer, removal might not produce too much in the way of dysfunctionality -- you may discover websites which present a message to the effect that "Java is required" for it to function, and normally there will be a forwarding link to Oracle's website. If you don't experience that too much on any of the sites you regularly use after uninstalling it, and certainly not for any sites of critical importance to you (e.g., banking, etc.), then judge for yourself whether it's really something you must have or can get by without.

In my case, the only site with a specific function based on Java that was worth having IMHO was the orbital plotting for specific NASA missions, but I can live without it and the peace of mind from removing a potentially major security risk because of Oracle's slow patch response more than made up for the loss.

Here are links to the relevant Wikipedia articles on the Java platform and programming language which might help identify in advance whether its removal might impact something of importance in how your system is used or configured. They aren't that geeky to read.



An alternative to using Oracle's automatic browser installer (and risk also receiving some unwanted crapware) is to manually download & install the appropriate full off-line Java Runtime Environment (JRE) executable(s), which are clean; the current version (released 2013.02.01) is Java SE 7u13.

Java SE Downloads may be found at http://www.oracle.com/technetwork/java/javase/downloads/index.html; under "Java Platform, Standard Edition," choose the DOWNLOAD tab under 'JRE,' accept the license agreement and save the appropriate installer(s) to the HDD.

PLEASE NOTE: some systems may still have legacy versions of the Java RTE that will not be automatically replaced by installing a new version, and it is crucial that ANY previous versions still extant be manually removed. A very convenient way to both remove previous versions of the Java RTE and install the current version is to employ the free utility JavaRa from SingularLabs (recently updated to v2.1) -- http://singularlabs.com/software/javara/ (Windows 7 & 8 users must run the program as Administrator to be able to uninstall previous versions). (For a review of JavaRa, please see the Softpedia entry at http://www.softpedia.com/get/System/System-Miscellaneous/JavaRa.shtml .)

For the full Oracle Security Advisories, please see Critical Patch Updates and Security Alerts -- http://www.oracle.com/technetwork/topics/security/alerts-086861.html.

Finally, many will find Brian Krebs' excellent security blog entry on this update most worthwhile -- https://krebsonsecurity.com/2013/02/critical-java-update-fixes-50-securi....

Looks as if Oracle doesn't want you accessing the installers directly - i get a 404 - Page Not Found error from that link.

You are quite right!

Apparently, the semicolon became part of the URL (the first time THAT has happened...); the correct URL, therefore, is http://www.oracle.com/technetwork/java/javase/downloads/index.html . Thank you for bringing that to my attention!

I was also remiss in not mentioning that a much less complicated (and more direct) way to acquire a clean installer of the JRE for Windows is through Softpedia -- http://www.softpedia.com/get/Programming/SDK-DDK/Sun-Java-JRE.shtml .

I just got it at Filehippo, actually.

I just (Feb 8) recieved an update from Oracle but there was no mention security issues. Does anyone know if this latest download included the fixes?

Oh, and you are correct eikelein, I had to uncheck the box to avoid getting the Ask toolbar and having my default browser changed to Ask.

Keep up the GREAT work.

Robert, Why not send the readers to Oracle's website so they can see how Java really works and who all has it. Plus there is more downloads on security there. Using JRE is okay, but the JDK version has JRE and auto updates yours security protocols. I have been involved with Java since I first encountered the service in Windows 3.0 Back the SunMicroSystems had it. I also encountered it while I was in the USAF working on planes and ground support equipment. Long History made short.

Robert, I truly love your tireless work for the TechSupportAlert community, thank you.

But here I have to comment:

If you send people to www.java.com you should tell them too that the version they will get there DOES contain an unwanted add-on installer like McAfee Security Scan or the like.

90% of my customers at least will NOT catch that and will not deselect the check mark that triggers the installation of this gunk software.

I rather download Java and other "staples" like Adobe Reader from Filehippo.com. I never got a "gunked up" software from them.

As usual, it's user beware.