Tuesday, December 11, 2012

Java 1.7 Update 10 (AKA Java 7u10)
Is Available From Oracle

On November 29, 2012, Oracle released Java 7u10 (v1.7 Update 10) for Mac. I discovered it by accident. Apparently, inevitably, suitably, few Mac users now bother with Java.

Here is where you can get the latest version of Java 7:


Venture back through my previous posts for rants about how much Java sucks, how it's the most dangerous software you can install on your Mac, how a drive-by Java malware infection zombied ~600,000 Macs this past summer and how you should never run it except on specific trusted websites. If you don't need Java, either turn it OFF in your web browsers or uninstall it.


I) Release Notes

Oracle buried its 7u10 release notes under three layers of links. But I have spared you frustration and provided it here:


Mac Relevant Highlights:
This update release contains the following enhancements:
- Additional Certified System Configurations
- Security Feature Enhancements
. . .
For JDK 7u10 release, the following additional system configurations have been certified: 
Mac OS X 10.8
. . . 
The JDK 7u10 release includes the following enhancements: 
The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel.... 
The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument. 
New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.
. . .
Known Issues. . . 
Area: deploy
Synopsis: System level disable switch does not work on Mac OS_X (10.8) platform. 
On some systems running Mac OS X Mountain Lion (version 10.8), applying system level switch from the Java Control Panel to enable or disable Java does not work even though the correct credentials have been provided. 
The workaround is to delete the file /Library/Application Support/Oracle/Java/Info.plist and then reinstall the JRE. . . 

II) Visible changes in this version:

The Java System Preferences pane is still Mac illiterate, opening its own separate 'Java Control Panel' application. What is Oracle's problem?! (0_o)

1) The 'General' tab now has an 'About...' button.

2) The 'Security' tab has a new GUI. Sadly, it is reminiscent of Windows. But at least it's simple. Here is a screenshot:

As you can see, I recommend setting the 'Security Level' on 'Very High'. 

Do NOT use the 'Medium (recommended)' setting unless your web browser is specifically at a trusted website. When you're done with that website, REMEMBER to set Security back to 'Very High' and just leave it there. I also recommend turning Java OFF in all your web browsers. This is the only way to stay verifiably safe from Java drive-by malware.

Stay safe!

No comments:

Post a Comment