java2

How do you install java2 into windows xp please?

cate wrote:
> How do you install java2 into windows xp please?

Download it... Install it.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

My 2 cents ... Don't install it. Sun refuses to acknowledge that the
security of a system can/will most likely be compromised due to
elevation of privleges in java applets. This issue has appeared
*repeatedly* with their Java Runtimes.
Here's the latest one:
http://sunsolve.sun.com/search/docum...=1-26-102995-1

Also, when a system is updated with the latest JRE to resolve security
issues the older, vulnerable version is left behind. Sun claims that
files in the older, vulnerable versions are replaced, thus mitigating
any security issues and that the vulnerable versions can not be called
by malicious coders.

If that is so, then why do they include this at the bottom of all their
security bulletins ? -

> Note: When installing a new version of the product from a source other than a Solaris
> patch, it is recommended that the old affected versions be removed from your system.
> To remove old affected versions on the Windows platform, please see:
>
> * http://java.com/en/download/help/uninstall_java.xml

To further confuse matters, on their 'consumer' download pages there is
no mention that older 'affected' versions should be removed, in fact,
they recommend KEEPING them - http://java.com/en/download/faq/5000070400.xml

> Can I remove older versions of the JRE after installing a newer version?
>
> The latest version of the Java Runtime Environment (JRE) contains updates to previous
> versions. There might be some applications or applets written and tested against a
> specific version of the JRE.
>
> It is recommended that you keep older versions of the JRE on your system. If you are
> running low on disk space, you can uninstall older versions of the JRE.

Notice that they say 'updates' without further explanation.
And, the amount of disk space consumed by the older versions can grow
quite large. I've seen systems with SEVEN different versions installed.
That's over 1 Gigabyte of wasted space.

Any software that is properly written for specific apps or applets
SHOULD be backward compatible. e.g. all such apps or applets written for
the JRE 6 version should work with any subsequent JRE 6 version.

Here's a list of vulnerabilities with Sun's java since June 29th ONLY:

A Security Vulnerability in the Java Runtime Environment May Allow an
Untrusted Applet to Circumvent Network Access Restrictions
2007-07-18
Sun Java JRE/JDK Processing of XSLT Stylesheets in XML Signatures
Vulnerability
2007-07-11
Java JRE/JDK JSSE DoS and Untrusted Applets Network Security Bypass
2007-07-11
Sun Java Web Start JNLP File Processing Buffer Overflow 2007-07-10
Sun Java Web Start Untrusted Application Arbitrary File Overwrite
2007-06-29

The last 2 are Critical vulnerabilities. The first one may be, but Sun
never fully disclosed if it is.

Caveat emptor !

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============



cate wrote:

> How do you install java2 into windows xp please?

i have a java issue with pogo.com games, not found or not working, I have
tried everything, what do I do? kslatimer

"MowGreen [MVP]" wrote:

> My 2 cents ... Don't install it. Sun refuses to acknowledge that the
> security of a system can/will most likely be compromised due to
> elevation of privleges in java applets. This issue has appeared
> *repeatedly* with their Java Runtimes.
> Here's the latest one:
> http://sunsolve.sun.com/search/docum...=1-26-102995-1
>
> Also, when a system is updated with the latest JRE to resolve security
> issues the older, vulnerable version is left behind. Sun claims that
> files in the older, vulnerable versions are replaced, thus mitigating
> any security issues and that the vulnerable versions can not be called
> by malicious coders.
>
> If that is so, then why do they include this at the bottom of all their
> security bulletins ? -
>
> > Note: When installing a new version of the product from a source other than a Solaris
> > patch, it is recommended that the old affected versions be removed from your system.
> > To remove old affected versions on the Windows platform, please see:
> >
> > * http://java.com/en/download/help/uninstall_java.xml
>
> To further confuse matters, on their 'consumer' download pages there is
> no mention that older 'affected' versions should be removed, in fact,
> they recommend KEEPING them - http://java.com/en/download/faq/5000070400.xml
>
> > Can I remove older versions of the JRE after installing a newer version?
> >
> > The latest version of the Java Runtime Environment (JRE) contains updates to previous
> > versions. There might be some applications or applets written and tested against a
> > specific version of the JRE.
> >
> > It is recommended that you keep older versions of the JRE on your system. If you are
> > running low on disk space, you can uninstall older versions of the JRE.
>
> Notice that they say 'updates' without further explanation.
> And, the amount of disk space consumed by the older versions can grow
> quite large. I've seen systems with SEVEN different versions installed.
> That's over 1 Gigabyte of wasted space.
>
> Any software that is properly written for specific apps or applets
> SHOULD be backward compatible. e.g. all such apps or applets written for
> the JRE 6 version should work with any subsequent JRE 6 version.
>
> Here's a list of vulnerabilities with Sun's java since June 29th ONLY:
>
> A Security Vulnerability in the Java Runtime Environment May Allow an
> Untrusted Applet to Circumvent Network Access Restrictions
> 2007-07-18
> Sun Java JRE/JDK Processing of XSLT Stylesheets in XML Signatures
> Vulnerability
> 2007-07-11
> Java JRE/JDK JSSE DoS and Untrusted Applets Network Security Bypass
> 2007-07-11
> Sun Java Web Start JNLP File Processing Buffer Overflow 2007-07-10
> Sun Java Web Start Untrusted Application Arbitrary File Overwrite
> 2007-06-29
>
> The last 2 are Critical vulnerabilities. The first one may be, but Sun
> never fully disclosed if it is.
>
> Caveat emptor !
>
> MowGreen [MVP 2003-2007]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
>
> cate wrote:
>
> > How do you install java2 into windows xp please?
>

Play another game. Seriously. Did you not read my post ?
Here's another security risk from Sun:

Ghosts Of Java Haunt Users
http://www.bleepingcomputer.com/blog...showentry=1333

And the latest one:

Evilgrade: Exploit toolkit pwns insecure online updates
http://blogs.zdnet.com/security/?p=1576

> A security research outfit in Argentina has released a malcode distribution toolkit capable of
> launching man-in-the-middle attacks against popular products that use insecure update mechanisms.
>
> The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and
> DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog.
>
> The first version of the toolkit ships with exploit modules for several widely deployed software,
> including Apple’s Mac OS X and iTunes, WinZip, Winamp, OpenOffice and * Sun Java *.

Demo video here: http://www.infobyte.com.ar/demo/evilgrade.htm

Still want to play pogo and put your system at risk ?
It's your choice.


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



kslatimer wrote:

> i have a java issue with pogo.com games, not found or not working, I have
> tried everything, what do I do? kslatimer
>
> "MowGreen [MVP]" wrote:
>
>
>>My 2 cents ... Don't install it. Sun refuses to acknowledge that the
>>security of a system can/will most likely be compromised due to
>>elevation of privleges in java applets. This issue has appeared
>>*repeatedly* with their Java Runtimes.
>>Here's the latest one:
>>http://sunsolve.sun.com/search/docum...=1-26-102995-1
>>
>>Also, when a system is updated with the latest JRE to resolve security
>>issues the older, vulnerable version is left behind. Sun claims that
>>files in the older, vulnerable versions are replaced, thus mitigating
>>any security issues and that the vulnerable versions can not be called
>>by malicious coders.
>>
>>If that is so, then why do they include this at the bottom of all their
>>security bulletins ? -
>>
>>
>>>Note: When installing a new version of the product from a source other than a Solaris
>>>patch, it is recommended that the old affected versions be removed from your system.
>>>To remove old affected versions on the Windows platform, please see:
>>>
>>> * http://java.com/en/download/help/uninstall_java.xml
>>
>>To further confuse matters, on their 'consumer' download pages there is
>>no mention that older 'affected' versions should be removed, in fact,
>>they recommend KEEPING them - http://java.com/en/download/faq/5000070400.xml
>>
>>
>>> Can I remove older versions of the JRE after installing a newer version?
>>>
>>>The latest version of the Java Runtime Environment (JRE) contains updates to previous
>>>versions. There might be some applications or applets written and tested against a
>>>specific version of the JRE.
>>>
>>>It is recommended that you keep older versions of the JRE on your system. If you are
>>>running low on disk space, you can uninstall older versions of the JRE.
>>
>>Notice that they say 'updates' without further explanation.
>>And, the amount of disk space consumed by the older versions can grow
>>quite large. I've seen systems with SEVEN different versions installed.
>>That's over 1 Gigabyte of wasted space.
>>
>>Any software that is properly written for specific apps or applets
>>SHOULD be backward compatible. e.g. all such apps or applets written for
>>the JRE 6 version should work with any subsequent JRE 6 version.
>>
>>Here's a list of vulnerabilities with Sun's java since June 29th ONLY:
>>
>>A Security Vulnerability in the Java Runtime Environment May Allow an
>>Untrusted Applet to Circumvent Network Access Restrictions
>>2007-07-18
>>Sun Java JRE/JDK Processing of XSLT Stylesheets in XML Signatures
>>Vulnerability
>>2007-07-11
>>Java JRE/JDK JSSE DoS and Untrusted Applets Network Security Bypass
>>2007-07-11
>>Sun Java Web Start JNLP File Processing Buffer Overflow 2007-07-10
>>Sun Java Web Start Untrusted Application Arbitrary File Overwrite
>>2007-06-29
>>
>>The last 2 are Critical vulnerabilities. The first one may be, but Sun
>>never fully disclosed if it is.
>>
>>Caveat emptor !
>>
>>MowGreen [MVP 2003-2007]
>>===============
>> *-343-* FDNY
>>Never Forgotten
>>===============
>>
>>
>>
>>cate wrote:
>>
>>
>>>How do you install java2 into windows xp please?
>>

On Jul 31, 10:35*pm, kslatimer <kslati...@discussions.microsoft.com>
wrote:
> i have a java issue with pogo.com games, not found or not working, I have
> tried everything, what do I do? *kslatimer

Ask on a Java group like com.lang.java.programmer or
com.lang.java.help.

> "MowGreen [MVP]" wrote:
> > My 2 cents ... Don't install it. Sun refuses to acknowledge that the
> > security of a system can/will most likely be compromised due to
> > elevation of privleges in java applets. This issue has appeared
> > *repeatedly* with their Java Runtimes.
> > Here's the latest one:
> >http://sunsolve.sun.com/search/docum...=1-26-102995-1

Given that Java is auto-updating, security bugs relating
to 6 micro-versions back, do not count for much.

> > Caveat emptor !

'Buy' Ubuntu. Whether or not you install Java, it will be
miles safer than Windows.

--
Andrew Thompson
http://pscode.org/