MS' Java?

Discussion in 'Internet Explorer' started by Phillip Pi, Oct 5, 2007.

  1. Phillip Pi

    Ant Guest

    It is interesting that Sun's JRE keeps releasing new builds with fixes
    compared to MS'.
    --
    "Fall in those single lines like army ants..." --unknown
    /\___/\
    / /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
    | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
    \ _ / Remove ANT from e-mail address:
    ( ) or
    Ant is currently not listening to any songs on his home computer.
     
    Ant, Oct 9, 2007
    #21
    1. Advertisements

  2. Phillip Pi

    Leonard Grey Guest

    Regarding the FAQ you referenced, which was last updated in 2004, there
    is a clear message:

    "The MSJVM is obsolete code that is no longer enhanced or developed.
    Microsoft will continue only to provide security updates to help our
    customers maintain a safe computing environment."

    However, according to the FAQ, the last security update to MSJVM was in
    2003: "From 1999 to 2003, Microsoft issued 10 MSJVM security updates. A
    cumulative patch is available on the Windows Update Web site."
    Nonetheless, security threats have continued to advance.

    "Customers are encouraged to take proactive measures to stay informed
    about this and other obsolete software and move away from the MSJVM
    before December 31, 2007."

    It is hard to fathom why anyone would still be interested in using or
    developing for MSJVM.
     
    Leonard Grey, Oct 9, 2007
    #22
    1. Advertisements

  3. Phillip Pi

    Fuzzy Logic Guest

    Changes/upgrades have been made to Java and these are not supported in the,
    very old now, MS Java. I would recommend removing MS Java and installing
    the latest version from Sun.
     
    Fuzzy Logic, Oct 9, 2007
    #23
  4. Hi Leonard,

    Thanks for the feedback, some additional comments inline below:

    You'll get no argument from me on this statement, I simply wanted to point
    out that the withdrawal of the MSJVM was specific to Windows XP SP1a and not
    SP2:
    http://support.microsoft.com/kb/813926/
    "Windows XP SP1a is the same as Windows XP SP1 except that the Microsoft
    virtual machine (VM) is removed in SP1a."

    And also to point out that there are no known attack vectors with regard to
    the MSJVM on a fully patched Windows XP SP2 machine that I'm aware of.
    Actually, I believe the last security update that affected the MSJVM was in
    July 2005.
    Security Update for JView Profiler (KB903235)
    A Kill bit for ActiveX Compatibility in IE involving Javaprxy.dll was added
    to the following Registry Key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
    Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
    Interesting that MS would encourage the casual user to take proactive
    measures, and at the same time remove from public distribution the MSJVM
    Removal Tool.
    Availability of the Microsoft JVM Removal Tool
    http://support.microsoft.com/kb/826878
    "The MSJVM Removal Tool has been removed from Microsoft download servers to
    protect casual users from the irreversible effects that the tool has on
    their systems."

    Although the MSJVM Removal Tool is still available for download from
    MajorGeeks:
    http://www.majorgeeks.com/download.php?det=4158
    With the following caveat taken from the above MS site:
    "Editors Note: The MSJVM Removal Tool is no longer hosted on Microsoft
    download servers. Because the MSJVM Removal Tool affects the whole system,
    and because these effects are not reversible, it was decided that this
    utility would be made available only to system administrators, to network
    administrators, and to other IT professionals."
    My guess would be that some applets created to work specificly in the MSJVM
    won't work with the Sun JVM. The majority of Java applications and applets
    that run on the MSJVM also run on the Sun JRE. However, if the application
    or applet was compiled using any MSJVM-specific features, it will not work
    with the Sun JVM unless it is recompiled.

    Having said that, and more to the point. There are millions of machines out
    there that have the MSJVM installed on them. It was installed with Windows
    XP and Windows XP SP1, while the install disks for SP1a and SP2 do not ship
    with the MSJVM-upgrading previous installs of XP or XP SP1 with those disks
    does not remove the MSJVM from those machines.

    Again, thanks for the feedback.

    Donald Anadell
     
    Donald Anadell, Oct 10, 2007
    #24
  5. Phillip Pi

    Leonard Grey Guest

    Hi Donald:

    Thank you for correcting me, about the service pack (it was indeed SP 1a
    that first lacked MS JVM) and the time of the last security update to
    the MS JVM.

    I can't say for sure, of course, but my guess is that there are no known
    attack vectors on the MS JVM because, from an attacker's point of view,
    there's more bang for the buck elsewhere.

    I don't doubt that there are millions of unpatched computers out
    there...mine, for example. I'm typing this at work, where we are still
    using SP 1 company-wide, (no money in the budget to support SP 2, I am
    told,) and relying on security at the network level (firewall, etc.) and
    very restrictive GPO's.
     
    Leonard Grey, Oct 10, 2007
    #25
  6. Leonard: Out of curiosity, what money is needed to support SP2?

    --
    Tom [Pepper] Willett
    "You're a daisy if you do!"
    ----

    | I don't doubt that there are millions of unpatched computers out
    | there...mine, for example. I'm typing this at work, where we are still
    | using SP 1 company-wide, (no money in the budget to support SP 2, I am
    | told,) and relying on security at the network level (firewall, etc.) and
    | very restrictive GPO's.
    | ---
    | Leonard Grey
    | Errare humanum est
    |
    |
     
    Tom [Pepper] Willett, Oct 10, 2007
    #26
  7. Phillip Pi

    Leonard Grey Guest

    Tom, we have more than 700 computers of different ages with different
    configurations as well as internally developed software. Have you any
    idea of the burden that bringing these computers and this software
    sufficiently up to date for an OS upgrade places on a small, urban
    hospital with very limited resources?
     
    Leonard Grey, Oct 10, 2007
    #27
  8. Phillip Pi

    claudinei Guest

     
    claudinei, Aug 17, 2009
    #28
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.