Thursday, October 14, 2010

Java now a major malware target

Users of Java should make efforts to keep their Java installations updated on their computers. As noted in the blog posting Java: A Gift to Exploit Pack Makers, it has become a major target of interest for malware writers / exploiters.

A Java update released on 10/10 was reported in the posting Java Update Clobbers 29 Security Flaws. This posting tells you how to update your installed version to the current Java 6 Update 22. Your installation may update automatically if you have it set up to do so. I recommend checking and updating it right away. I also concur with Brian's suggestion to avoid the extras that want to install themselves when updating Java. Don't rush through the installation screens without looking for the optional extras that require you to "opt out".

On Windows PCs Java is not loaded until needed to run a Java applet, such as the popular addonChat used by my ham radio friends. When loaded, you will see a Java icon in the tool tray.


If you want to make sure that Java (and other programs) are updated on a timely manner to avoid security flaws, you can choose one of the following tools that are also mentioned in Brian's first posting mentioned above:

I use the Secunia Personal Software Inspector continuously, and run the File Hippo tool occasionally.

John