Re: java2

i have a java issue with pogo.com games, not found or not working, I have
tried everything, what do I do? kslatimer

"MowGreen [MVP]" wrote:

My 2 cents ... Don't install it. Sun refuses to acknowledge that the
security of a system can/will most likely be compromised due to
elevation of privleges in java applets. This issue has appeared
*repeatedly* with their Java Runtimes.
Here's the latest one:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1

Also, when a system is updated with the latest JRE to resolve security
issues the older, vulnerable version is left behind. Sun claims that
files in the older, vulnerable versions are replaced, thus mitigating
any security issues and that the vulnerable versions can not be called
by malicious coders.

If that is so, then why do they include this at the bottom of all their
security bulletins ? -

Note: When installing a new version of the product from a source other than a Solaris
patch, it is recommended that the old affected versions be removed from your system.
To remove old affected versions on the Windows platform, please see:

* http://java.com/en/download/help/uninstall_java.xml

To further confuse matters, on their 'consumer' download pages there is
no mention that older 'affected' versions should be removed, in fact,
they recommend KEEPING them - http://java.com/en/download/faq/5000070400.xml

Can I remove older versions of the JRE after installing a newer version?

The latest version of the Java Runtime Environment (JRE) contains updates to previous
versions. There might be some applications or applets written and tested against a
specific version of the JRE.

It is recommended that you keep older versions of the JRE on your system. If you are
running low on disk space, you can uninstall older versions of the JRE.

Notice that they say 'updates' without further explanation.
And, the amount of disk space consumed by the older versions can grow
quite large. I've seen systems with SEVEN different versions installed.
That's over 1 Gigabyte of wasted space.

Any software that is properly written for specific apps or applets
SHOULD be backward compatible. e.g. all such apps or applets written for
the JRE 6 version should work with any subsequent JRE 6 version.

Here's a list of vulnerabilities with Sun's java since June 29th ONLY:

A Security Vulnerability in the Java Runtime Environment May Allow an
Untrusted Applet to Circumvent Network Access Restrictions
2007-07-18
Sun Java JRE/JDK Processing of XSLT Stylesheets in XML Signatures
Vulnerability
2007-07-11
Java JRE/JDK JSSE DoS and Untrusted Applets Network Security Bypass
2007-07-11
Sun Java Web Start JNLP File Processing Buffer Overflow 2007-07-10
Sun Java Web Start Untrusted Application Arbitrary File Overwrite
2007-06-29

The last 2 are Critical vulnerabilities. The first one may be, but Sun
never fully disclosed if it is.

Caveat emptor !

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============



cate wrote:

How do you install java2 into windows xp please?

.