Sun Microsystems has issued an update stability and security problems with its Java software. The "platform-independent" programming language is supposed to make it easier for Web users to interact with some Web sites, but keeping it up to date with security patches can be anything but easy.
Still don't get what Java is all about? Don't sweat it: you're hardly in the minority. Just know that if you are running a Windows computer, chances are you have some form of Java on your machine. And that Java security holes could give attackers an opening on your PC: Earlier this year, security experts at the SANS Internet Storm Center tracked several sites installing nasty spyware and viruses when people visited them with older versions of Java. Dan Veditz, a security researcher working on Mozilla's Firefox browser, told me earlier this week that it isn't often Mozilla receives reports of people using the browser getting whacked by some rogue spyware or virus installation through the browser, but added that usually such things take advantage of known flaws in outdated versions of Java.
I always sort of dread Java updates because it's rarely a straightforward or painless ordeal, and Sun's installation instructions are rather involved and unnecessarily confusing. When I visit the "Add/Remove Programs" list in the Windows control panel, I see that I have "J2SE Runtime Environment 5.0 Update 6" installed. The latest version released today is J2SE 5.0 Update 7. When I click on the little Java icon in the Control Panel and click on the "About" button under the "General" tab, the program pops up another name for this version: "build 1.5.0_06-b05." I clicked the "Update Now" button under the "Update" tab, but it returned the message "no updates available," even though there is a newer version out already.
Alternatively, you could visit Sun's Java version checker site, or open up a command prompt (click Start, then Run and then type "command" or "cmd") and type "java -version" without the quotes.
According to Sun, "the command only determines the default version. Other versions may also be installed on the system." The company recommends that users uninstall any old versions before installing the new one. You should be able to remove the old Java program through the Add/Remove Programs option.
Sun's Java program ships with an automatic update mechanism which for some oddball reason is activated on one of my Windows computers but not the other. In the one with the auto-updates turned on (to toggle this setting, click on the Java icon in the Control Panel, and then under the "Updates" tab put a check in the box next to "Check for Updates Automatically") I have an older version of Java still on the system. I know Sun acknowledged late last year that it was looking into the fact that its updater routinely left older (read:exploitable) versions of its software lying around (and taking up disc space at a whopping 120 mb). But it doesn't look Sun ever got around to doing anything about that.
Sun posted a notice saying it was taking its download site offline part of the day on Thursday "due to scheduled maintenance," so maybe that's the reason I haven't been able to download the update so far.
