Oracle's upcoming Java updates will leave XP users less protected
July 4, 2014
Oracle Corporation, the keeper of the keys to Java software, has announced that the next quarterly security update to Java will occur on July 15, 2014. This just happens to coincide with Microsoft's Patch Tuesday. On that date, a new major revision will be released, version 8.x, which will not install on Windows XP computers. With that release, full support of the current version 7 will cease, except for companies with more than 1000 user seat licenses who pay for custom support packages.
The wording about the end of Java support for XP, on Oracle's FAQ page for Windows XP is a bit confusing. I have researched this and learned that others have received possible clarification for Oracle spokespersons. It appears that Java 7 will receive security patches until July 2015. But, get this, they will not be testing them on XP operating systems! There is a disclaimer on the FAQ page stating that XP users may download updates to Java 7 at their own risk!
Here's how Oracle words the notice:
As of April 8, 2014 Microsoft stopped supporting Windows XP and therefore it is no longer an officially supported platform. Users may still continue to use Java 7 updates on Windows XP at their own risk, but support will only be provided against Microsoft Windows releases Windows Vista or later.
For the bravehearted XP users among you, the official Java download page is here.
Do you really need to keep or install Java at all?
If you use certain software programs that require Java, you must maintain the latest version of Java that runs on your operating system. But, since very few websites actually use Java "Applets" anymore, there is little reason to keep the Java plug-in active in your browsers. It is simple to allow Java to run in a desktop application, while disabling it in all web browsers, by going to (Start >) Control Panel > Java > Security. Under the Security tab is an option labeled: "Enable Java content in the browser." Uncheck that option, click Apply, then OK, then restart any open web browsers.
The Java Applet in Control Panel contains an Update tab. Use it to check for updates manually, then set it to check automatically, on a daily basis. Although Oracle maintains a once per quarter update schedule, they often push out an unexpected, "out-of-band" security update to fix "zero day" vulnerabilities in Java that are being exploited in the wild (actively and widely).
If you find that an important website requires Java support, re-enable the Java plugin, but set the security slider on the Security tab page to High. Make sure you have the latest version of Java, which at this moment (until the July 15th updates) is version 7, update 60.
If you don't use programs, or websites requiring Java support, and you find that it is installed, uninstall it completely, including any lingering old versions. This is done on Windows computers via Control Panel > Add/Remove Programs, or Programs and Features, depending on your version of Windows and view setting in Control Panel.
If you operate as an administrator in Windows, you are putting your computer about 92% more at risk than if you were a standard, or Power user, or Limited User.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.