Re: Java - JRE, SDK Java Web Start



Good question, first off :)

Hey Jfvanmeter,

How does everyone feel about java being installed by
vendors in a propriety path i.e. program
files\mysoftware\bin\jre\1.4.0\ and never patching
it.

I ran an enterprise scan to looking for javaws.exe
and found it in 175 unique paths. Should they be
held accountable for the patching of java when they
install it?

Indeed, the person who installs is accountable for it,
provided the SLA says so. ;)

Say if they provide support/after-sale support or
something along those lines, then they're supposed to
patch/install updates regularly.

I had one vendor who installed java 1.3 and 1.4, and
when I ask them about it. There statement was ?you
don?t have the modules that require those versions
you can just delete them?

Tell them, that "This is the dumbest thing I've ever
heard" in all of my computing career. ;)

How does everyone patch Java that is not installed
in its default location?

AFAIK, it doesn't matter whether you install in your
root drive or not. All that matters is you patch it,
and the patch will be designed by Sun mostly to work
in almost all conditions, or else, this would be a big
deal to debate on, in their mailing list.

PS: How this patch thing works is, it retrieves your
settings/install settings from windows registry,
before it even starts to go further. Since you just
press update/or next->next->finish, you can't see this
going on in the background.

Cheers :)
Kish

Kishore
Penetration Tester
Smart Security
T.Nagar , Chennai
Phone: 91 98841 80767



____________________________________________________________________________________
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/



Relevant Pages

  • Re: [Full-disclosure] Getting Off the Patch
    ... those that |install whatever patch| comes their way. ... Sometimes patching is the right solution, ... security standpoint, it either has to be controlled or trusted. ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Getting Off the Patch
    ... where patching is not used? ... mom would raise an eyebrow to hear that firm XYZ may not necessarily patch. ... server because of this specific patch missing. ... Not blindly execute it and install the patch using an automated update ...
    (Full-Disclosure)
  • Re: patched FPW 2.6 divide by zero error.
    ... > Since all other options did not do the job I descided to DL and install ... > I'm confused as to why the original patch stopped working(could an OS ... It's a long time since I did this but from memory, patching from 2.6 to 2.6a ... There will be a reason I kept hold of both the patches, ...
    (microsoft.public.fox.programmer.exchange)
  • Java - JRE, SDK Java Web Start
    ... Should they be held accountable for the patching of java when they install it? ...
    (Vuln-Dev)
  • Re: US DST Time Change for 2007
    ... start and end of DST requires a reboot patch? ... requirement for patching and rebooting an operating system when this ... type of change occurred.Any process already running before you install the patch will not see ...
    (comp.unix.solaris)