Newsletter Archives

  • Recently updated topics you may have missed

    It’s possible you may have missed recent security updates that have been made to Chrome, Firefox, Thunderbird, Java and Flash Player. The following topics have now been updated with the US-Cert alerts, with links:

    Chrome Security Update: US-CERT (Browser)

    Mozilla Security Update: US-CERT (Firefox)

    Mozilla Security Update: US-CERT (Thunderbird)

    Oracle Security Update: US-CERT (Java etc)

    1000002: Links to Flash update resources

    Subscribers to those topics should have received emails with details of the new posts. However, we have had some reports that some people are currently not receiving those emails. If your subscription emails aren’t working, please let us know.

    Also updated recently is AKB3000005: On the subject of Botnets, which was posted last month, but promptly disappeared in a backup-reset of the site.

  • New third party program updates

    Randy the Tech Professor has a list of the latest versions of important programs that you may be running:

    Chrome, Java, Opera, Foxit, Skype, Flash Player, Acrobat Reader.

    Here’s Randy’s listing.

  • Java and Chrome updates

    Reader WL posted this in response to the Third Party Updates entry. It’s important, and I wanted to repeat it here, so everybody can see it. Thanks, WL!


    Two more updates

    Java JRE 8u40 is the latest.

    Yep, it seems like Oracle changed the installer, so it does NOT remove previous versions. Unless you know you need a specific previous version, remove all of them (e.g. Windows Control Panel | Programs and Features, then uninstall previous versions). Or at least use the Java Control Panel to disable previous versions (Java tab, to “View and manage Java Runtime versions and settings for Java applications and applets.)

    The Chrome browser has a MAJOR upgrade from 40 to 41, currently 41.0.2272.76 on March 3, with 51 security fixes and lots of changes.

    I think this update introduces one new bug; relaunching after update caused my main/regular Chrome window to lose half its tabs (out of 10 tabs) – never had this happen before. To be safe, you may want to bookmark your tabs before relaunching (or look at your history to recover visited sites). Further restarts didn’t lose any more tabs, so the bug may be in the relaunch function.

    BTW, after years of bitching by users, Chrome finally offers “normal” standalone/offline installers. Yes, Google did have crippled ones in the past, but strongly discouraged their use – and “dead-ended” those installations by TAKING AWAY THEIR ABILITY TO UPDATE! Not anymore:

    Alternate (offline) Google Chrome installer (Windows)

  • Third party patches

    Just in from Randy the Tech Professor…

    This year is off to a big start! TWO Adobe Flash patches, an Adobe Air patch, and of course an Oracle Java patch. The remaining patches are for Chrome, Firefox, Thunderbird, and Seamonkey.
  • Java Update: Patch It or Pitch It

    Another great, short column from Brian Krebs, for every Windows user.

    Note that he’s talking about Java inside your browser, not standalone Java, which is working just fine on servers, in particular.

    Krebs on Security.

  • Java Updates

    EP writes:

    Oracle has released Java 7 update 15 and Java 6 update 41 here:

    in other words, they’ve released new fixes for the security fixes that were released earlier this February.

    More on these new Java releases mentioned on these Oracle sites:


    I think we’re all better off uninstalling Java altogether.  and don’t forget to advise users removing Java to check for the deployjava1.dll and npdeployjava1.dll files in either the \Windows\system32\ or \Windows\syswow64\ folder.  Those two files are part of Java and should be deleted manually if they remain after uninstalling Java since Google Chrome detected those files as Java plugins when I typed “chrome://plugins” in the Google Chrome browser address bar.

    (Thanks, EP!)

  • Java gets updated again

    I just received this question from DS:

    Hi Woody thanks for all the great advice. I us FF and java is disabled but I am receiving the update notice again. Seems I just updated a couple weeks ago. Should I just o ahead and update? Usually easier thank trying to completely remove it, never use. Thanks 

    Java has been updated three times in the past six weeks. On the one hand, that’s a lot of patches. On the other hand, they really need to fix all of the bleeping security holes.

    The smartest thing to do is to simply uninstall Java: go into Control Panel, click to Remove a Program, and get rid of Java (all versions) and anything else that might have “Java” in the name.

    Once it’s removed, try to live without it. Some of you will have specific programs that require Java – and if you hit one, the program will demand that you install Java. At that point you can decide if you want to allow Java back onto your machine.

    There are many different flavors of Java, but you’re bound to encounter two on a Windows PC. First is Java itself – the program behind, oh, parts of LibreOffice, and many other applications. That program is reasonably secure, if you keep up with the Java updates.

    The second flavor of Java is the kind that works inside your browsers. If you decide to re-install Java, immediately disable it in all of your browsers. I have detailed instructions in the (free) Top Story for Windows Secrets Newsletter, January 24.

    If you absolutely, positively must have Java enabled in a browser, I guess it’s best to use Internet Explorer – simply because disabling Java in IE alone is a massive task. So if you must, must, must use Java inside a browser, install and enable Java in all browsers, use the instructions in the Windows Secrets Top Story to disable it in Firefox and/or Chrome, update IE to version 9 or 10, and get all of the IE patches applied, before you start IE.

    Then use IE to get at the site that demands Java. Close down IE after you go to the site and do your thing. Don’t use IE for anything else. And be careful.

  • More questions about disabling Java

    Following my Windows Secrets Newsletter Top Story on disabling Java in Internet Explorer (which is a bear), my inbox overflows…

    Q: I use Norton as my AV provider and have recently received an email from them saying that they are on top of this and as long as I’m running Java 7-11 I’m ok. How “ok” am I?

    A: With all due respect to Mr. Norton <ahem>, you’re most assuredly not OK. Remove Java if you can (see Susan’s article in Windows Secrets Newsletter). If that won’t work for you, disable Java in all browsers (see my article). And if that won’t work for you, disable it in Firefox and IE, but keep it going in Chrome.

    Q: Subject: Java Security Alert / Java is now uninstalled from both my Vista and Win 7 machines. Just wonder if this is the better way to take care of the problem. Would like to have your opinion. Thanks.

    A: Absolutely. Uninstall if you can.

    Q: Subject: JAVA disable is where? Woody, My Java (32-bit) in the Control Panel, security tab, only shows a button for Certificates. I couldn’t find a tab/window that looked like your example.

    A: Susan nailed this one: Check to see if you have ANOTHER java installed too. I found I had both 6 and 7 and once I removed 6 the tab showed up.

     Q: Firefox has already blocked Java. It was disabled for me. FYI

    A: Mozilla started doing that as a service to Firefox users with older, vulnerable versions of Java – back in August

    Q; Subject: Security alert: Remove Java from your browsers If it is true that “many — if not most PC users — are running Firefox or Chrome” why not just use IE as the browser that you keep Java on. I only use IE when Firefox won’t work. So for me that is the solution. If someone still uses IE as their main browser and wants to remove Java from it, the easy way to do it would be to first remove Java from all browsers, then add it back to your secondary browser that explicitly asks you for permission to run a Java program.

     A: Alas, it doesn’t work that way. IE is the most vulnerable browser for Java security breaches. If you remove Java from your machine, then click to install Java inside a browser, it gets installed for all browsers.

    Q: Hi Windows Secret. In Denmark the following advise from the locak CERT: Choose Tools, click manage add-ons, right-clik Java(tm) Plug-in SSV Helper & Java ™ Plug-in 2 SSV Helper and disable both.. Nice and Simple..

     A: Unfortunately, that doesn’t work! I’m surprised CERT Denmark hasn’t updated their advice….

     Q: I had removed Java from my pc and disabled it in Firefox. Do I need to re install and go though the procedure in the last newsletter?

    A: If Java is completely removed from your PC – it doesn’t appear in the Remove Programs list – you’re home free.

  • Disabling Java in Internet Explorer

    It’s no easy task.

    InfoWorld Tech Watch.

  • Battle lines drawn in the War against Java

    And it’s about time…

    InfoWorld Tech Watch.

  • Microsoft hits Java where it hurts

    Really, it’s time to get rid of JRE/JVM. No excuses.

    InfoWorld Tech Watch.

  • Tim Cook wins where Steve Jobs failed

    He got Larry Ellison to start cooking — if not eating — his own dogfood.

    InfoWorld Tech Watch.