back to article Big Java security fixes on the way – but not so fast, Windows XP users

As if running Windows XP after Microsoft withdrew support wasn't risky enough, XP users who have Java installed may soon have even more to worry about. Oracle is due to issue its next Critical Patch Update – the massive, quarterly fix-it fests that deliver security updates across the company's entire product line, including …

  1. Rob Foster 1

    Java Updates ?

    I am firmly of the opinion that the only reason that Java is ever updated is to provide me with yet another "opportunity" to install the Ask Tool Bar.

  2. Anonymous Coward
    Anonymous Coward


    I thought only dodgy porn sites still used it.

    I browse with it switched off, and rarely find the need to enable it.

    (WinXP user)

    1. Anonymous IV

      Re: Java???

      Are you referring to Javascript? This is an entirely different animal from Java (the language) or the Java Runtime Environment (JRE) (what unfortunate users get to install)..

      More useful will be when LibreOffice finally manages to escape from any dependency on the Java Runtime Environment.

    2. Anonymous Coward
      Anonymous Coward

      Re: Java???

      Java is not a browser only technology. You may be so unlucky to have to use some Java application, like Eclipse or some Oracle tools like SQL Developer.

      Sure, then you can disable it in the browser and become far less vulnerable, but there are some server remote management applications like Dell's iDRAC that requires ActiveX or Java in the browser to use their remote console capabiities (which are ok if you don't like a walk or worse a drive to a server room far away).

  3. Chairo

    Oracle is no longer testing Java on XP

    Wow, and I thought they never bothered to test it on any platform, anyway...

    Mine's the one with the many patches and the holes everywhere.

  4. Paul Crawford Silver badge

    Upgrade to Vista?!

    Too cruel a punishment for holding on to XP! Really, if upgrading go to 7 and do not pass TIFKAM.

    Or, unless you really need it, uninstall Java. Most home users simply don't.

  5. Jess

    Noscripts, if you *actually* need java

    Noscripts also stops plugins, so using this should provide a good level of protection.

    Security risks will usually come from java apps running slyly in the background, rather than (reputable) apps you actually want to use.

    Limiting its execution to where you know you want it used is a sensible precaution.

  6. Tom 7

    Big Java?

    is that on with NSA built in?

  7. Velv

    I don't install Java on my own machines, but I'm required to use it on the corporate machines.

    In my experience Java is rarely backward compatible, with 6 being widely deployed in multiple companies I deal with.

    So it really makes little difference if Oracle supports versions prior to 8 or not, those versions are going to remain widely in use. Oracle may think it can claim "we told you to use the latest version", but ultimately it is going to need to shoulder some of the responsibility for the impending major security fail rooted in older versions since the new version doesn't work.

  8. PeterM42

    Java..... a 4-letter word.

    It is more buggy than an ant's nest - DISABLE, UNINSTALL, DELETE.

  9. Anonymous Coward
    Anonymous Coward

    And yet again we are NOT clearly told...

    ...if this is about the "stand-alone" Java **JRE/SDK** or the **browser plug-in** or both.

    "...a dizzying 91 per cent of all web-based exploits throughout 2013 targeted Java." seems to point at the plug-in, but the context of the article is not unequivocal.

    Why is it that even IT media seem to be generally unable to make that distinction in their reports on "Java" security issues?

  10. Anonymous Coward
    Anonymous Coward

    Sleep well

    The combination of Java5/WinXP is used prevalently in your favourite bank, but you can sleep soundly in the knowledge that your savings are safe because they'll never own up to shareholders or customers.

  11. OmgTheyLetMePostInTheUK

    XP? Whats that??

    After all these years, is there anything that Windows does WELL that XP did not?

    My new computer runs on Windows 8.1, and while I think nearly everyone on a desktop would agree that "metro" is a stinking pile of crap, even the rest of the thing just seems so disjointed that its not even funny.

    Why do I need to look in 3 different places to get all of the info on my wireless connection such as the band its connected to, the speed data is moving though that connection, and how much data has gone through that connection over time?

    Its almost like someone tossed the OS into a blender, ran it for hours and hours, and then took the mess that came out, and ran links to all the bits.

    If I look at internet connection(s), I should see everything about it (or them), and all my options for it (or them) should all be there.

    If I look at printers, all printers should be listed, and all options that can be preset should be lised.

    If I look at storage, everything about storage should be there. Hard drives, SSDs, Optical, memory sticks, external drives and so on.

    But apparently this is too much for Microsoft to understand. Windows is almost 30 years old, and Microsoft still does not understand this concept.

  12. Anonymous Coward
    Anonymous Coward

    Java is the work of the Devil

    'Void' or 'void' that is the question...

    Nuff said?

    And once upon a time I thought that Coral-66 was bad...

  13. sdfox7

    Anyone still using Java these days deserves to get hacked.

    Next to Adobe Flash Player, Java likely has the worst security record of ANY software on ANY platform. Anyone still using Java these days deserves to get hacked.

    Countless publications have said that if you don't need it, don't install it. If you don't know if you need it, you probably don't.

  14. AllYourLicenceBelongToUs


    Abandon 2000? XP?

    More FUD!!! Been running both exploit-free for more than a decade!

    Java, like Flash, has been a sandboxed turd rarely run.

    Same goes for .NET crapps.

  15. drb

    I just had to laugh after reading the article. Cisco pointing out a high percentage of attacks against java yet they require java for their SDM and CPP.

  16. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like