Subscribe to our How to Remove Old & Dangerous Versions of Java
Sun Java has become a popular attack target for hackers and criminals as it can be found on almost every PC.
Sun have responded by regularly releasing new versions that patch newly discovered vulnerabilities.
Unfortunately when you install a new version of Java the old one is not deleted. Sun does this just in case some old applications won't work with the latest Java version. In my experience, this is a rarity.
JavaRa is a free utility that will permanently remove all old and vulnerable versions of Java from your PC. Usage couldn't be simpler: just download it and run it.
http://raproducts.org/
Afterward, double check that all versions are gone by running a free online scan with Secunia Software Inspector. This will not only check for old versions of Java but old and vulnerable versions of many other programs as well.
http://secunia.com/vulnerability_scanning/online/
Thanks to regular contributor Lex Davidson for suggesting this item.
Gizmo
Delicious
Digg
StumbleUpon
Please rate this article
If you follow the recommend practice of running Secunia Personal Software Inspector (PSI), then that will identify and warn you to remove old, unsafe versions of java (as well as other unsafe programs).
Not really. For instance, 6u14 is already blacklisted by PSI but developer tells you that "Users who have Java SE 6 Update 13 have the latest security fixes and do not need to upgrade to this release to be current on security fixes."
Ok, but is there any harm in installing 6u14 now, and if everything works OK, installing 6u13? Too soon is better than too late!
I meant *uninstalling* 6u13, sorry!
http://secunia.com/vulnerability_scanning/personal/
Hello,
If you are a serious computer user Gizmo is an angel for you. He works on the principle of Yagya which means living in a way similar to the natural cycles. May the Lord keep him hale & hearty. I am sure he is a favorite of the divine forces.
This particular software is wonderful.
thanks
Shandilya
Hi
I have a dell xps desktop that came with version 1.6.0.0 of java pre-installed (the website that checks what version of java is running on my pc only listed it as 1.6.0-oem).
If I upgrade from 1.6.0.0 to 1.6.0.13 (from Sun's website), will the newer version's "patch-in-place" feature effectively "remove" the older version OR do I still need to run JavaRa then check with Secunia PSI?
Thanks in advance.
Hello Everyone,
It is in response to query about software to unistall older versions of Java software.
I do not know if anybody already mentioned the following software
Software title: JavaRa 1.12
Developer: Paul McLain
For the latest version, visit http://raproducts.org/
This program is free software.
The software is tiny with options
1. to check update for java
2. Remove older versions
etc.
After removing older versions it will represent you with
****JavaRa 1.12 Removal Log in text file format.******
download size of zip file is: 68 Kb
after unzipping its approx. : 400 KB
No need to install the software as it is self-executing.
I have been using quite often after every java update since about an year without any problem.
I have checked the software with latest updated avast antivirus, Spybot search and Destroy and SuperAntispyware software and the software is clean.
I hope it helps.
Cheers
Nehal Trivedi
The article itself writes about JavaRa ... did you even read it ?
Anupam Shriwatri, India
No relation, but speaking of "Gizmo" there is a program that has been redisigned to use only the currently installed Machine version of Java (PRIOR TO the recent past, they dropped their own version in their folders)
The Link to http://raproducts.org/ does not seem to work!
Try:
http://www.softpedia.com/get/System/System-Miscellaneous/JavaRa.shtml
JavaRa: Make sure you install the .exe in the same folder as Java.
Currently for me, this would mean I need to install JavaRa in 8 seperate locations; The normal Windows locale, Booksmart, Lunascape5, GIMPshop/GKT+ (windows version), surprisingly Arduino (the oldest by far, version 1.4 !), TalkShoe, processing-1.0.1, Wolfram Research's Mathematica Player (and probably Mathematica itself?).
Ya, Mathematica - that surprised me too.
Al the comments listed are very feasible and all worked in the past. I downloaded the new version and it deleted all of the old versions on my computer. I was not sure if it had deleted them, but secunia did inform that they were removed. To double check I ran my javara and there was nothing there, so it appears that sun have indeed incorporated a removal program for old sofware.
Technically, there's no uninstaller built-in. What the installer now does is to update the pre-existing C:/Program Files/Java/jre6 directory with the new 6u12 content, and that's why Secunia doesn't detect previous versions. But this doesn't work with a static configuration. Anyway, let's see how feasible this is from now on...
#2 Rizar,
Have you tried using Duplicate Cleaner?
This may be too simple and a little naive, but say you install Java in two different places, then use Duplicate Cleaner to hard-link the 'proprietary' copy back to the generic one, thus the system thinks it's got two copies while your harddrive holds only one in real space terms.
Let me know if it works.
G
If you have 2 or more versions of Java installed Duplicate Cleaner will not detect any duplicates because the files are different. Not only that, but removing the old Java's just by deleting some files leads to corrupt installs and an inability to uninstall. Then there's the registry...
BY FAR the only thing to do is: Locate ALL versions of Java where installed for program compatibility, then COPY the most recent verion of the JRE/JDK DLLs ON TO the other older copies. This does work, and only in very rare circumstances will it not, but by then you are probably running an otherwise very secure machine that wouldn't even be connected to a network, let alone the internet (IOW for proprietary reasons).
Java installed affects the registry NONE WHATSOEVER, so that is not an issue. Well, it is not put in any part of the registry that would affect the running of java or any program needing java.
Ah, that sounds like a good solution.
I actually sold off the encyclopedia fairly quickly after I didn't like how it was setup and when I saw that its online prices went high enough to make it worth selling (and they took it out of most stores for some reason).
I think it was the Britannica (blue box cover) if anyone has it around to try.
Rizar
OMG...!!!
Care to elaborate?
Hm, I haven't read Rizar post...
I have seen a couple of applications that were unable to function with newer versions of Java where I work. They were both proprietary software apps written for in-house use.
With that in mind, it may be helpful for some if you listed a safe location to download an copy of older versions should they delete the only interface (unbeknownst to them) that allows their widget app to work and need to revert back. Just a friendly suggestion.
"I work for the State, I'm here to help."
Filehippo is a nice safe place usually:
http://www.filehippo.com/download_java_runtime/
Sometimes applications come with Java placed in a sub-directory and require it to be in a certain location. I had an encyclopedia that did this and would not scan for java already installed somwhere else, but then I just copied a newer java to the necessary directory and it still worked; of course, then you have to keep java in multiple places. Annoying.
IF Java Quick Starter service is running (and it should always be running), ANY program requiring Java will first encounter the currently running Java version in memory (due to the the JQS service), and that WILL be the most currently installed local machine running version (JQS doesn't start any other version). The program Booksmart or GIMPshop for instance do this - although they don't check for other locations of java when their "proprietarily located versions fail - they don't need to.
Yeah, good point, update Java is not always the way to go. Besides, I believe most of their updates are bug fix releases, not security releases, so updating, unless you have a really old version, is not mandatory.
Actually, in fact, the last 5 releases of Java have been widely published by Sun as being MAJOR security with MINOR bug fix releases.
The last two releases of Java do now uninstall the previous version. However, this feature is not retroactive. If memory serves me correct, all versions prior to version 6 update 10 must be un-installed manually.
Seymour
As described in "Patch-in-place" below, they are overwritten and therefore will not exist further.
That is correct.
It appears the "patch in place" (which leaves no previous version) did begin with 6u10
JavaTM Runtime Environment Windows Installation for JavaSE 6u10
For those who need an older version for particular software, there is an option to choose a different download directory (static configuration) on the initial install screen.
Patch-in-place is a new 1.6.10 feature, to solve problem like http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6593761 , but older 1.6.x versions already had the ability to remove previous installed versions. How do you explain I have no previous JRE installed ? I didn't remove them manually.
From the link you provided it seems this did come in 6u4.
That is why I always say "It appears" or "it seems" first.
So it seems. ;)
Yes, that's also my experience, but I believe it started with JRE 1.6.4. (if memory serves me correctly). No need for a third party tool to do this.
Definitely a very important security issue. The only time I (almost) got infected with a trojan was when I had an old version of Java installed. Nowadays I actually just leave Java disabled in all my browsers, since there's actually very few sites I legitimately need to use it with.
And of course to top things off, each of those old versions of Java can take up over a hundred megs of hard drive space! (Not much of an issue with today's gigantic drives, I suppose.)
And let's not forget the hopelessly confused naming scheme. It went from Java 2 SE 1.4 to Java 2 SE 5.0, and now Sun still calls it Java 2 SE 6.0 Update 12 when the version number is 1.6.12 !
My question is, why should you update from 1.6.x to 1.6.12 ? Certainly not for security purposes, Secunia says 0 vulnerabilities open.
Secunia is ambiguous. There are almost certainly security vulnerabilities (or at least bugs) in 1.6.0, 1.6.1, 1.6.2, etc. that have all been fixed as of 1.6.12. I would interpret Secunia's page as indicating that there are 0 vulnerabilities open in the most recent version of 1.6.x.
Yes, I agree, THAT page is definetly ambiguous, but then the question becomes: how do we track Java security fix releases ? That is the question.
Solution is to track security fixes on http://java.sun.com/javase/6/webnotes/ReleaseNotes.html :
1.6.6 - Bug fixes.
1.6.7 - This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 238687, 238628, 238965, 238966, 238967, 238968, and 238905.
1.6.10 - This feature release does not contain any new fixes for security vulnerabilities to its previous release, Java SE 6 Update 7. Users who have Java SE 6 Update 7 have the latest security fixes and do not need to upgrade to this release to be current on security fixes.
1.6.11 - This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 244986, 244987, 244988, 244989, 244990, 244991, 244992, 245246, 246266, 246286, 246346, 246366, and 246387.
1.6.12 - This feature release does not contain any new fixes for security vulnerabilities to its previous release, Java SE 6 Update 11.
Clearly, not all releases contain security fixes. 1.6.6 was not mandatory for me, but 1.6.7 and 1.6.11 are. I will update 1.6.5 to 1.6.12. Case closed.
To clarify, If you have version 1.6.9 NOW, then you will upgrade to 1.6.13 TODAY, you certainly would not need to install 1.6.10 through 1.6.12 to catch up (there sometimes can be that confusion for some ppl out there).
That all depends on what version you are updating. Now at version 1.6.13, btw.
Exactly what is a "old and dangerous" Java version?
This is confusing. I have installed JRE 1.6.5, and every time I open Secunia PSI I get a high level threat (4). If I follow online reference, http://secunia.com/advisories/32991/ , I see that 4 threat rating belongs to JRE & JDK, ALL TIME versions, so I scrool down to JRE 1.6.x, http://secunia.com/advisories/product/12878/ , and the threat rating, by miracle, is gone: 0 out of 11 unpatched security advisories. So, why on earth do I need to upgrade to the latest 1.6.12 ??? That's an option as far as I can tell.
I have been using this program for quite a while now and it does the job.
Current version is 1.13
Worked nice and quickly
I used it for 12 months. Useful et very good!
Post new comment