This article is quite techy, but probably quite useful for anyone with a Windows computer. Sorry about the techiness - read the "So, what to do about this" part at least.
I'm not a fan of Java, in any form. I hate coffee (it's too bitter for me) and the Java software environment on computers is full of security holes. If that wasn't enough, it's also a pain in the bum because it comes in 32-bit and 64-bit versions, so you have to deal with everything twice.
Java may be full of security holes, but at least it's supposed to auto-update. Unfortunately, it turns out that it only updates the 32-bit version. Auto-update for the 64-bit one doesn't exist.
I didn't spot this until today. This means I'd missed out on over two years of critical security fixes for Java. In the meantime, I was lucky not to get hit by any malware - a quick google suggests that sometimes you didn't even need to visit a webpage to get hit!
So, what to do about this:
- Firstly, I found this tool which will uninstall out-of-date versions of Java. If it doesn't find one then there's no need for the next steps.
- Second, I downloaded a new version of Java from the website. For me, the tool above removed the old 64-bit version of Java, so I downloaded and installed the new 64-bit one.
- Thirdly, I'll have to keep updating Java by hand every so often in future.
In light of this, the old advice about not running Java in your web browser rings more true than ever. How you do this depends on your browser, but don't rely on the Java control panel tool - it will only show you one version of Java, so you could still be exposed by any others!
I'm absolutely appalled that Oracle don't have an auto-updater for 64-bit Java. The presence of the 32-bit auto-updater lulled me into believing my PC was secure, when in fact it was more than 2 years out of date. If I could get rid of Java forever I would. Sadly, some apps that I use require it, so I'm stuck with it for now, as are many other people.