Remove Old Versions of Java and Flash
Part of a holistic approach to workstation security includes keeping your applications up-to-date. I’ve long recommended using Secunia’s Software Inspector to determine if you are using insecure versions of software. If it detects an insecure version of software it will provide you with a direct link to the updated package, unfortunately this may not be enough.
For some reasons to major software vendors, Sun Microsystems and Adobe, don’t see the need to remove old versions of their software through the updated package. This is as unbelievable as it is unacceptable. Specifically I’m speaking of the Sun Java and Adobe Flash applications.
Java – You can install the latest version of Java and it will not remove the old version. Not only does this lead to a false sense of security since older versions of Java can be specficially called it is also a waste of disk space. Each version of Java is 100Mb+ and I routinely see 3 versions on a system. So prior to installing the updated Java package make sure you remove the old version via “Add or Remove Programs”.
Flash – Same song second verse. Flash is a program found on almost every computer but may not be listed as a standalone application, this can make removing Adobe Flash can be a bit trickier. If Flash does show up in Add/Remove then simple uninstall prior to installing the new version. If it doesn’t you can download Adobe’s Flash Uninstaller to do the job for you. Make sure you close all web browsers, chat clients, etc… prior to running the Uninstaller. If you are extra paranoid Go to C:WINDOWSSystem32MacromediaFlash (or equivalent path for your Windows installation) and delete all .ocx files.
The goal is to ensure that Secunia’s Software Inspector detects only the latest patched versions of applications.
Adobe… Sun… Fix this please.