On 16/05/2013 02:25, Wesley Furr wrote:
> In doing reading about some of the malware that is out there that I've run
> across (we're talking Windows systems here), it has been noted that several
> of the serious ones often use Java as an attack vector. I'm honestly not a
> Java expert...but presumably it summons the java browser plugin and then
> takes advantage of it that way...and all that takes is to get them to visit
> a malware-ridden web page.
> Again, I'm talking about Windows. To update in Windows, you have to
> actually click the pop-up in the system tray that says "please update
> me"...and most average users don't pay any attention to things like that.
> Then after you click on it, you have to say yes, please install the update.
You don't. There are three settings:-
1. As you describe
2. Download then prompt. This is what I have on mine.
3. Download and install. Modern windows systems set this by default. For
most "users" this is sensible. Recent versions set this as a default
However Java has its own updater which has similar options. These days I
run with Java disabled in the browser. It doesn't seem to break much...