After updating Java 6 to Update 35 on a Windows XP Pro box, avast! threw up the warning that the JavaQuickStarterService is a “Rootkit: hidden service.” It’s hard to believe this isn’t a false positive, esp. since I did the same Java update on another PC running the same version of Windows and Java, and updated three Windows 7 PCs with Java 7 Update 7.
avast! recommends deleting JavaQuickStarterService. Has anyone else seen this? Do you think it’s safe to Ignore it? I created a Custom Scan with very intensive settings and am running it on the other Windows XP Pro PC (the one where JavaQuickStarterService is apparently not a rootkit), but that will take a while to complete.
You should at least be on Java 7. Install the latest Java 7 and then use Add/Remove Programs to uninstall the older versions of Java.
After you have done this, go to the “General Topics” section of the forum and navigate to the post “SECURITY WARNINGS & Notices - Please post them here.”
Please read the bottom notices on page 138 and the top posts on page 139 for more info on the current Java problems.
You’re probably better off turning off Java’s auto check-for-updates feature, since it’s notoriously unreliable. When a new update becomes available, you can pretty well count on someone posting that over in the Updates topic (General Topics) within hours or maybe a day at most. Java’s own (in-app) update checker has in the past often not notified of an available update for as much as several weeks afterwards.
It’s interesting. On one of the XP Pro boxes, installing Java 7 asked if I wanted to install over ver. 6 (without being that specific), and sure enough it removed all traces of ver. 6, at least as far as the “Add/Remove Programs” control panel noted. On the other XP Pro box I received no such notice, and ended up removing Java 6 updates manually from the control panel. Go figure.
I use Filehippo Update checker http://www.filehippo.com/updatechecker/ for regular application update checks and find it works mostly very well. - This, incidentally, was recommended on this forum.
It may work properly and it may not. Check C:\Program Files (86)**\Java\jre7\bin\ and make sure that there are no left over files from any previous versions of Java. The update may work fine, however, the problem is if the Java install over the previous version did not remove all the files from previous versions then your computer may still be at risk. You definitely do not want any old Java files on your computer. Odds are probably slim that this would lead to a security risk, but shortcuts while they may work in life can sometimes lead to bad unintentional consequences. Better to take the little extra time to make sure you got rid of all the bad stuff than just trust the installer to do it.
Indeed, better safe than sorry. On the XP Pro PC where the Java 7 install recognized the installation of the earlier installation, the ver. 6 files were removed, save for one zip file (“QT” something), and thus the ver. 6 directory structure was still there to be deleted. But the bin dir was empty. On other PCs (XP Pro and Windows 7), I deleted the folders that weren’t jre7.
