Slashdot Mirror
Weekly Microsoft Critical Security Issue
An anonymous reader sent in linkage to a zd story discussing the latest Windows Security Patches including an especially nice hole letting Java apps gain total control of your machine and assist you in reclaiming disk space by, say, reformating your drive.
OK, so I hate MS for building unsafe software. But this time, I have to give them credit. I woke up this morning to my computer telling me that there was a critial update waiting to be installed, and it was this one. I read about the vulnerability on the web *after* installing the patch, so I am kinda glad that MS shoves updates down my throat.
It's MICROSOFT'S JAVA IMPLEMENTATION.
The problem is NOT Java.
The problem is (and always has been) Micro$oft's purposely broken version of Java.
In the second paragraph:
The three warnings, all issued on Wednesday, involve the Microsoft Virtual Machine for running Java applets on Windows
So it's Microsoft's VM implementation...
Actually the court order is to put Sun's version of the JVM into Windows - exactly to fix this type of stupid problem.
Big difference. Apps have total control by default, while applets are supposed to be harmless.
If you don't want to run Windows Update, or don't want to use Internet Explorer 5+ in order to use Windows Update, here is a list of recent security related patches that you can download individually.
Of course, you should realize that you have already signed your soul over to Microsoft by having Windows on your machine. You might as well close your eyes and agree to the EULA for Windows Update.
Anyone who needs Java, for applets, webstart, applications, should install Java directly from Sun. You'll get the latest and greatest implementation (for Windows anyway) and it will integrate seamlessy with IE so you'll never notice any difference (other than the time to download the damn thing).