ItsGeekToMe.co

The official home of It's Geek to Me on the web!

Issue #378: Oct 19-25, 2014

Q: Thanks to your recent guidance, I have firewalled Bill Gates’ imps and corrected the problem they caused by sending me stuff they think I should have but which I have no idea why I need it. You’ve probably forgotten (Geek Note: No, I haven’t. See I.G.T.M. #365, July 20, 2014) but don’t worry about it. Your advice was good and it fixed my ‘puter. However, (it seems there is always a however), now JAVA is bothering me. Hmmm, I wonder if the JAVA geek is really Bill Gates in drag. Anyway, I received a notice from JAVA Gates that he wants to update the JAVA script on my ‘puter. “Sure, sez I, go for it.” Well, the next time I fired up “Old Betsy” my virus troll started screeching about a “Trojan Virus” that rode along with the JAVA script~!! the virus-troll quarantined the Trojan but I did a virus scan anyway, loosening all the gnomes and trolls to scamper through the system looking for “ghoulies and ghosties, and long-necked beasties” but they found none. Then I did a re-set back before the JAVA download and fired the old girl up again. Sure enough, the JAVA auto notice came up, I said ok, it downloaded, and a few minutes later my virus-troll began yelling at me~!! So, there is a virus in the JAVA download. I fixed my ‘puter and then emailed JAVA, telling them of this incident and the repeat, and they emailed me back, slathering all kinds of excuses but never resolving the issue. Sounds like some of our current political appointees. Anyway, I am now concerned about JAVA downloads. How can I scan a download BEFORE I accept it? My virus-troll is very unhappy with Cerberus my firewall dog allowing nasties to scamper by. What can I do to preclude this Trojan interloper gaining entry?

– Wayne T.
Fort Walton Beach, Florida

A:  I really enjoy answering your letters, Wayne.  First of all, they’re so much fun to read, but more importantly, they’re so long that I don’t have to write much to fill-out my column space for the week!

Fortunately (or unfortunately, depending on your perspective) Bill Gates is probably not the source of your trouble this time. If there is anyone entitled to the moniker “The Java Geek” it would be a gentleman by the name of James Gosling, who, along with Mike Sheridan and Patrick Naughton conceived of it way back in 1991 when they were working at Sun Microsystems.  Sun has since merged into Oracle Corporation, so it is not even a product that flows out with Microsoft updates.

Java (not to be confused with JavaScript – they are not the same thing) is actually a type of programming language. It is what’s called “cross-platform” meaning that code written in Java will run on any computing platform, regardless of its architecture.  That means programs written in Java are not specific to Windows, or Mac, or iOS, Android, Linux, etc. – they run on any device.

Because of this flexibility, Java is very popular for web-based applications, where part of the program resides on an Internet server, and the other part, called a “Java Virtual Machine” (JVM) resides on your local device. The server feeds the program to your system, where it is executed locally.  Some developers like using Java because it can save them a lot of work.  Instead of having to write different versions of a program for each potential device type that might connect, the cross-platform nature Java takes care of it.  The problem is, that software can be written to do absolutely anything.  The “anything” in that statement includes malicious activity associated with malware.  You don’t really get an opportunity to review Java code before it’s executed (and who would be able to recognize malicious code anyway?).  So, if you hit a website that is feeding-out malicious Java code, you are at risk.

One easy solution is to just get Java off your computer.  Unless you’re using a program or web service that specifically requires it, you can simply go to Control Panel->Programs and Features and remove it.  Without the JVM, Java code can’t run, and malicious code that can’t run can’t do any damage.  I seriously doubt that any malware was in your Java update.  What may have happened in your case was that you had malicious Java code on your system, but did not have the JVM installed.  The notice you got from “Java Gates” was probably trying to get the JVM installed or updated.  Once installed, the malicious Java code was able to execute, triggering all the other alarm bells you described.  If you really think the problem is in the update, then don’t use the update.  Go directly to java.com.  They have links that will help you determine whether you have Java, and if so, whether you need an update.


Leave a Reply

May 2024
S M T W T F S
 1234
567891011
12131415161718
19202122232425
262728293031  

Search the site

Archives

Copyright Notice

All content on this site is Copyright © 2007-2024 by Jeff Werner – All rights reserved.