For over six years, JavaRa has helped users of SunJava (since acquired by Oracle) remove the old bits of Java and outdated versions after a security update. Oracle has (finally) gotten their act together. As a result, SingularLabs is ceasing development of JavaRa and will no longer be providing definition updates after December 18th 2014.
Thanks to Freð ðe Vries for originally developing the program and to SingularLabs for continuing it when Fred passed over the reins.
Announcement here: Retiring JavaRa | SingularLabs (https://singularlabs.com/news/site/retiring-javara/)
(h/t: siljaline)
Then again, most people do not need Java installed on their computers. Why not uninstall it? One less update to worry about and, more importantly, one less potential vulnerability.
Notes regarding IE: The Microsoft security updates released in October included the blocking of out-dated Java Active-X controls on IE. See Out-of-date ActiveX control blocking (http://technet.microsoft.com/en-us/library/dn761713.aspx).
Thanks for the h/t ! Glad to be able to bring good things to the table here.
It's probably a good thing the software is being retired as I ran multiple passes on a machine with known SunJRE lurking and it missed a lot of items that still infest the OS but most importantly it missed a BHO (http://en.wikipedia.org/wiki/Browser_Helper_Object) loaded and running in Internet Explorer.
Screencapture of the missed IE BHO I mentioned earlier that I should have included.
Shows as being currently disabled as it should be.
I am not sure I am happy about this. What makes Oracle trustworthy now? Their say so? :blink:
This thread discusses the retirement of JavaRA software and not the trustworthiness of SunJava software which was always a pest. Corrine could chime in some background details on the latter.
Quote from: siljaline on November 18, 2014, 06:57:37 PM
Corrine could chime in some background details on the latter.
Do you mean Java, The Never-Ending Saga (http://securitygarden.blogspot.com/p/blog-page_18.html), which I updated yesterday to reflect the retirement of JavaRa? :)
I did not mean either company were evil and therefore not trustworthy. I meant, can Oracle be trusted to remain committed to this responsibility? I'm not seeing it.
Oracle bought out this division of Sun nearly 5 1/2 years ago. That's when they should have stepped up to the responsibility. But they didn't. Instead, Oracle sat on their butts and did nothing while people right and left were getting infected because of older versions, including Oracle versions, of Java were not removed as new versions were installed.
Instead, Oracle put the onus on users to remove old vulnerable versions (http://www.infoworld.com/article/2616463/java/oracle-urges-removal-of-older-java-versions-due-to-security-risks.html).
My grandson plays Minecraft on my notebook so sadly, I have to keep Java on there. But Java is not on any of my other systems, and I plan on keeping it that way.
h/t Corrine - Java, the never ending saga (http://securitygarden.blogspot.ca/p/blog-page_18.html). All posts containing that link will contain the updated information.