TechSpot

Remove Java at your own risk

By jobeard
Aug 13, 2008
  1. I've seen this over and over again
    I know we all mean well, but just to make it clear
    There are perfectly valid reasons to not only have a back level version but also several version of Java installed!

    Sure, the user may not be aware and it's very considerate to point out the issue.
    It is irresponsible to arbitrarily remove any version of Java! Make the recommendation,
    have the versions verified, ask if there is a reason for the back level install -- but please stop there.

    Java has at least three kinds of deployment for every Release (eg 1.6, 1.5, 1.4)
    1. The basic and minimal Run Time Environment (RTE)
    2. A standard System Development Kit (SDK)
    3. and an Enterprise version of the SDK
    The RTE and SDK may co-exist.

    The multiple versions co-existing is an intentional architectural feature to avoid
    problems with applications which have not been updated to the newest RTE behaviors.
    The application can be made immune from the revolving door of RTE maintenance
    by specifying the location of the version to be loaded when the program starts.

    If you make a naive recommendation to Delete Java xxx, you may well just have
    killed some user application
    .

    Error on the side of caution -- elect the physician's creed "Do no harm" :)
     
  2. CCT

    CCT TS Evangelist Posts: 2,653   +6

  3. jobeard

    jobeard TS Ambassador Topic Starter Posts: 9,322   +621

    it all depends. I have two applications that are built on Java that are extremely usefull to me.

    One is FileAssurity, which implements PGP security on a file/file basis which is important to me on a laptop.

    (hint: I hate the MS EFS implementation).

    How do you feel about .Net? It's all junk as far as I'm concerned.

    I'm sure we all have preferences and experiences, but my favorite line is
    When in Rome, do as the Romans do.​
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    My standing is:

    I've never removed my old versions myself
    I've never stated for the user to remove their older versions

    Reasoning:

    The java update doesn't do it (nor does .Net <- thankfully)
    I have never confirmed that the older versions actually cause any harm

    Regarding some programs pointing to the original or older versions:

    I can see that. I also feel that it basically safe guards any possibly faulty, new update
    I would like an exact example of this though. Which program(s)? If even 1 is confirmed, then I would concede that the removal is unwarranted
    (we need an example)
     
  5. jobeard

    jobeard TS Ambassador Topic Starter Posts: 9,322   +621

    There's no finger pointing intended but to make the point I needed an example of
    what frequently occurs when the Hijack log gets analyzed.

    From that log, it is impossible to determine if Java is required by the user and the
    only statement that can be said with certainty is
    "There is a version installed that is back level".

    I think I made the point -- best wishes to all and keep up the good work :)
     
  6. tipstir

    tipstir TS Ambassador Posts: 2,392   +107

    Jobeard is right to remove it. I use the freeware tool revo uninstaller http://www.revouninstaller.com/ to remove all the java client 4, 5, 6, anything in the registry and any files get deleted. Current is 7-- that stays in there. There is a lot of software that uses Java now from P2P, SAGETV, UltraVNC and I think OpenOffice. My SAGETV didn't load because it didn't know which version of Java Client was loaded. Once removing the client-updates prior fixed the issue.
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Of course he was stating not to remove it, you are aware?
     
  8. jobeard

    jobeard TS Ambassador Topic Starter Posts: 9,322   +621

    Yes, I'm advocating to leave JAVA alone :)

    fyi: You can control the JAVA version being loaded by adding these to your environment variables:

    Code:
    JAVAHOME='C:\Program Files\Java'
    JAVAV=jre1.6.0_03                <<<< I'm a tad down level too :)
    [B]JAVARTE[/B]=%JAVAHOME%\%JAVAV%
    
    notice that JAVARTE glues together the two variables preceding to specify the JAVARTE location.

    Changing only JAVAV then relocates which one is launched.

    Now add to your PATH variable %JAVARTE% somewhere in the list and it's all good to go.

    ... but we're getting way of the topic ...
     
  9. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    Joebeard

    I hear what you’re saying but would make the following case to continue the practice of having users remove old versions
    1. I don’t believe the typical person posting for help in the forums will have the System Development Kit installed. If they do have SDK installed they are most likely someone who doesn’t need being told what to uninstall
    2. It’s certainly true that some apps are tied to a particular Java release. But (what I’ve seen to date)
      • It’s a small percentage of people who run such apps
      • If an app requires a specific Java version it should generate a clear error message indicating the problem and required version. (Is then clear the older version need be reinstalled). If the app error isn't clear, that's pretty poor reflection on the the software provider.
    3. Instead of refraining from advice on uninstalling old versions, one can simply mention the small chance of an older version causing an error message which the needs the version reinstalled
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    In Environmental Variables, I have:

    Variable: QTJava (ie %QTJava%)
    Value: C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip

    Is that right?

    I do not have %JAVARTE% or %JAVAHOME% or %JAVAV% (nor does that work in Start Run as an environmental variable)


    This is a specific question, meant for the forums (Possibly Windows OS)
    And therefore does not need to be answered here. Sorry about that !
    .
     
  11. jobeard

    jobeard TS Ambassador Topic Starter Posts: 9,322   +621

    Agree on the SDK issue but I was making a point for multiplicity of occurrances.

    I agree in principle to most of what you say except FEW applications of any language are able to diagnose
    the the code they are dependent upon or have dynamically loaded.

    Failures of loading the wrong JRE results in strange error messages that just do not
    relate to the root cause. It is really nasty to diagnose these errors unless one has seen it before.

    btw: Java Applets would be suspect in System Security or Malware issues, not the JRE itself.
    Asserting that the JRE is suspect is exactly like saying MSVCRT40.DLL is suspect and
    should be deleted (DON'T even try this or you're headed for a Recovery Reinstall)

    It is entirely possible that deleting a back level RTE (or in Java terms a JRE) may
    not only fail the application but also put the user in a condition that the older version is no longer available and thus the application is dead.

    IMO, it is a service to note the down level condition and It is malicious to remove it -- noting the condition should be sufficient.

    Our community here is unlikely to encounter real Java Users, but the issue bugs me in principle --
    [rant=on]
    As a developer I have many tools that are likely to not have been seen by very many participants at T.S.
    I shutter at the caviler attitude of delete software without justification.

    wacking someones system without justification just sticks in my craw
    [rant=off]​

    Again, elect the maxim "Do no harm" should apply :)
     
  12. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    I hear your frustrations and rants but wonder if a developer’s system installation of software/tools isn’t just much more sensitive to this issue then the installation to be found on the computer of most people posting questions to the forums. (I don't really know for certain one way or the other)

    Point taken. But some piece of software (application or dependent) knows what it’s trying to load and I’d guess can put out the error message. Of course, that doesn’t mean it actually creates such message which would still leave an issue for the user.

    Hmmm, i think a different slant on Java Applets, JRE and security actually supports the uninstalls: Consider that Sun’s latest and greatest JRE release is always fixing security vulnerabilites of older releases. A Java applet can be suspect AND be invoking an OLD Java version specifically to take advantage of a security hole in an older release. So removing old Java versions actually enhances machine security. (I’ll note I’m no java expert but think this would be true?)

    I’m guessing Sun is aware that just such problem might occur if they didn’t provide a download of all old versions which they do and can be found here
     
  13. jobeard

    jobeard TS Ambassador Topic Starter Posts: 9,322   +621

    Went a user decides to uninstall, that's one thing. When Techspot (imo) becomes parochial
    and says DELETE the JRE, that's another.

    I'm quickly coming to the point of view that very few members understand Java.
    Perhaps the reference to MSVCRT40.DLL was obscure too. DLLs lie around waiting
    to be loaded by some application. This dll is use by all C code on windows.
    The Java JRE lies around awaiting some application or applet.
    The JRE is as benign as any DLL.

    I've made my point; We can and should remark that the JRE is down level and
    without justification, have no business giving instructions to delete it.

    No where in this thread has anyone made any form of such justification nor even
    anywhere on Techspot
    .

    I've said my piece and will not comment further on the subject.

    Do no harm :)
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This thread has gotten 'bent' in several directions. Here is my thought on this matter:
    I always instruct a user to remove earlier versions of Java. However, I always follow that with a reference to the most current version and the download site.

    It is my understanding that most, if not all Java updates have been done for security reasons. Therefore it stands to reason that leaving earlier versions on the system do allow the vulnerability to remain. Therefore I will continue to suggest removal from HijackLogs of all but the current version and I will continue to recommend download of the current version on the Java site.
     
  15. jobeard

    jobeard TS Ambassador Topic Starter Posts: 9,322   +621

    :) Stating the obvious ...
     
  16. mopar man

    mopar man TechSpot Ambassador Posts: 1,379

    I do tend to have a lot of software problems. Granted, most are due to me not being able to afford a new computer (all my parts are extremely old and reused, and my HDD's are about to go boom I believe).

    But thanks jobeard, this will probably save me or someone I know from another annoying issue!

    I probably wouldn't have noticed without the PM, so that was a great idea.
     
  17. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Quote from java.com

    http://www.java.com/en/download/faq/5000070400.xml

    Description of the Windows Installer CleanUp Utility
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...