back to article UK consumers particularly prone to piss-poor patching

UK consumer patching practices have worsened still further over the last three months, increasing the threat of malware problems, according to a new study by IT security provider Secunia. Secunia estimates 12.6 per cent of UK users are running unpatched operating systems, up from 9.7 per cent the previous quarter. In addition …

  1. I ain't Spartacus Gold badge
    FAIL

    Stupid patching!

    I really hate the way that Java, Flash and PDF do their updates. On all of them, you tick the box saying automatically update. And all this does is auto-download the update, then stick a little badge in the notification area that you then have to click on to manually run the damned patch. Just leaving them there doesn't ever seem to force them to run. Certainly whenever I go to fix a friend's PC, the first things I notice are the patches hanging around in their system tray. At least I can uninstall Java most of the time.

    Why can't the bastards have proper patching? Other programs seem to manage it. It's not like they haven't got permission. Their setup checkboxes actually say they'll auto-install. And if they're worried, they could give the option that Windows Update does, of auto-install, or auto-download.

    Flash is the worst. They put an auto-updater in, but all it seems to be is a link to their website. You click on the bugger, and it downloads the package for the latest version - which you then install as normal. Surely it's not rocket science?

    Useless buggers!

    1. Saint Gerbil

      Re: Stupid patching!

      Unfortunatly a number of providers only support old versions of Java for example Xamarin requires a JDK version 6 and promptly breaks if you install any updates after.

    2. Tom Chiverton 1

      Re: Stupid patching!

      That's not how recent Flash versions auto update. Maybe the computer was really really out of date ?

      1. Fuzz

        Re: Stupid patching!

        Flash updates are hopeless.

        If the update is a point release on the same version then it will update automatically. If it's a major release (which seems to be at least every other month) then the auto update window appears. Clicking update opens your web browser and takes you to the adobe website to download a new copy of flash with whatever toolbars Adobe is peddling that month. You then have to manually install the update from the download.

        Adobe reader doesn't get updated too much, I think there has only been 8 updates since 11 was released.

        Java is the worst of the lot. UAC prompt to load the update notification, followed by a manual process to initiate the install which installs the ask jeeves toolbar even though you told it not to when you first installed. Then the new Java 8 installer doesn't automatically remove Java 7 as part of the default install. I know some people need to retain multiple versions but that should be an option on the custom install not the default.

        These people need to look at Google or Mozilla to see how auto updates should be done

        1. Dan 55 Silver badge

          Re: Stupid patching!

          Java Configuration > Advanced and scroll right to the bottom of the list. There you'll find the option to turn off Ask Toolbar installation.

      2. I ain't Spartacus Gold badge

        Re: Stupid patching!

        That's not how recent Flash versions auto update. Maybe the computer was really really out of date ?

        Tom Chiverton,

        Nope. My work and personal computers are always up-to-date. And on both I have to manually install Flash updates. As someone else said, it may be that not all releases require this, only point releases. So I'm not noticing when it works properly in the background, only when it upgrades to a new version.

        However, even this is crap behaviour - because I'm not aware of any reason to be holding out on old versions of Flash. Unlike with Java.

        Fortunately almost no-one who doesn't have a professional IT department needs Java anymore. So I can kill it with no problems. Although I believe there are countries where it's a requirement to use online banking. Which must make people feel oh so secure...

        1. Anonymous Coward
          Anonymous Coward

          Re: Stupid patching!

          "Fortunately almost no-one who doesn't have a professional IT department needs Java anymore."

          Whilst I share your opinions on the uselessness of Java, and the inadequacies of its update process, I have Markus Persson to thank for persistent demands to have Oracle's vile, antiquated bugware on some of the household machines. The man should be hunted down like a dog, and (at the very least) given a one way flight to the well known holiday destination Guantanamo Bay. And then do the same for everybody associated with Java.

        2. This post has been deleted by its author

  2. Anonymous Coward
    Anonymous Coward

    Java autoupdate

    Am I the only person for whom java's autoupdate has been borked for a while now? I just use it to alert me to new updates that I download manually, for the rare website that I actually allow to run things in java.

    1. AndrueC Silver badge
      Unhappy

      Re: Java autoupdate

      Same on my work machine. It tells me there's an update but when I run it it says everything is up to date. If I got the website it downloads a newer version :-/

      But more importantly I wish updaters wouldn't drop a new application icon on the desktop. Adobe seem to have stopped finally but iTunes still puts it there. Only the initial installation should do that (and even then the option not to would be nice).

    2. Jason 24

      Re: Java autoupdate

      Mines been borked in so far as every time I click the icon in the tray it says "failed to download install files" and I have to go to the damn website and do it manually.

      Has anyone ever tried to access ASDM after a java update (for the noddy monitoring stuff, not programming it!!)? Being told that java run time is not installed, but go direct to the path of the .jnlp file and it runs fine?

      1. Dan 55 Silver badge

        Re: Java autoupdate

        Have you got a proxy which limits file download sizes?

        1. pixl97

          Re: Dan 55

          No, He's probably a standard user, not an admin. On domain networks java update will not download correctly if you are a standard user and eleivate to a domain admin. You have to log in as a admin to get it to work in the first place.

  3. Anonymous Coward
    Anonymous Coward

    Most people at home simply dont care, it works. A lot of them might have been stung before with the your java needs updating screen that turns out to be fake. Or the fake flash one that i have seen around the web.

  4. Anonymous Coward
    Anonymous Coward

    It's not my choice...

    Running Java in the browser, in particular, is a recipe for trouble. Few sites actually need Java and security experts have recommended disabling Java plug-ins and browser extensions as a precaution for at least 18 months.

    It would be lovely, truly lovely, if someone could ensure the connect portal team at work could be forced to pay heed to this. We get forced to run Java in order to remote into the office, and are forced to drop security to medium, which as we all know really means "off".

    Every week the configuration with which the portal actually works (Chrome + Windows XP, or IE11 + Windows 7) shifts such that anyone on call has to keep a brace of machines ot hand, with many different browsers installed. The whole thing is horrendous.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's not my choice...

      "We get forced to run Java in order to remote into the office, and are forced to drop security to medium, which as we all know really means "off"."

      You need to get them to deploy Direct Access:

      http://en.wikipedia.org/wiki/DirectAccess

    2. wikkity

      Re: It's not my choice...

      I need this too. However I simply white list works access site, bingo, java does not run for any other site. Maybe your IT department needs to understand how java works in the browser and provide suitable instructions rather than encouraging you to drop security down.

  5. Mark 78
    Unhappy

    Why don't people patch Java?

    Could it possibly be that some software which requires Java state that it doesn't work on the newest versions? We've got several packages that require different versions (e.g. Must be Java 7 but prior to u35). It causes a real pain especially when a user needs 2 separate versions installed.

    Also I find JRE to be one of the worst updates to package up for rolling out via SCCM, as it does not remove old versions automatically, so can cause days of pain trying to ensure that an old version is removed before the new one goes on. You end up just saying, "sod it, they can keep whichever version was installed with their software as at least that works."

    At least Adobe make it easy to roll out updates silently via SCCM. (despite all their other problems......)

    1. Anonymous Coward
      Facepalm

      Re: Why don't people patch Java?

      Do home users have sccm?

    2. Anonymous Coward
      Mushroom

      Re: Why don't people patch Java?

      I have to agree, in order to runJava on one particular instance now I have to run the piece o'crap with elevated privileges (forget Chrome and FF).

      It then tells me that I shouldn't run it and I should upgrade to the latest version, which I ignore.

      Then it tells me I won't be able to connect to this site in future versions.

      So you tell me to update, but then tell me a future update will stop me connecting, FFS.

  6. Anonymous Coward 101

    I got rid of Java because I couldn't be arsed with the fucking updates (no, I do not want the Ask Jeeves toolbar). I can't say I have missed it.

    1. jason 7

      I no longer install it on any machines I build or rollout. I go on the principle if someone needs it they will shout.

      I've dumped a lot of stuff over the years Air/Shockwave etc. etc.

      Flash is the last holdout.

      1. Vinyl-Junkie
        Windows

        Auto-patching...

        At home I use the free version of Avast! anti-virus on Windows 7; this includes a tool which auto-updates a number of security critical programs, including Java, Flash and Adobe Reader. I know a new patch has been released when I get a pop-up from Avast! saying "a program was updated - please click here for details".

        Simples....

  7. Anonymous Coward
    Anonymous Coward

    I blame Minecraft

    Is there anything else that requires Java to be installed on home users' boxes these days?

    Perhaps we could petition Microsoft/Mojang to do silent java-update in their game launcher.

  8. Anonymous Coward
    Coat

    Don't Worry

    It's just Java Jive

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like