Forum Thread: Old and insecure Java software embedded in Belkin UPS software

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Belkin Corporation
And, this specific program:
Nostromo Array Programming Software 2.x

This thread has been marked as locked.
PazivalRM Old and insecure Java software embedded in Belkin UPS software
Member 21st Aug, 2009 06:07
Ranking: 1
Posts: 17
User Since: 7th Jul, 2009
System Score: N/A
Location: AU
I have purchased a Belkin UPS 600va (Australian model) to guard against the frequent Sydney blackouts. It comes with very clunky software, and an almost unreadable help file written in dreadful English that looks as if it translated badly from Chinese.

But the real problem is that the software contains an old and obsolete version of Java seemingly embedded in the programme. Secunia identifies it as Sun Java JRE 1.6.x / 6.x.

I've updated Java to Java 6 Update 16, and rescanned, but I can't delete the obsolete version of Java as Secunia tells me to do, because it is not visible in the Vista "Uninstall" menu, nor in the jv16 power tools uninstall menu - it seems to be embedded somehow in the "Belkin Automatic Power Management Software". Not even Javara seems to be able to find it.

I rang a technical bloke at Belkin Australia, but he was most unhelpful. He impatiently told me to update Java and forget about the old versions. That is clearly wrong advice, and seems to confirm the impression that I gained from the software - Belkin doesn't understand what it is doing and can't write software.

Secunia reports the installation path of the old Java software to be within the Belkin programme files, at
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\java.exe

Does anyone know how to deal with this problem? (I'm using Windows Vista, properly updated, on an ACER machine.)


PazivalRM RE: Old and insecure Java software embedded in Belkin UPS software
Member 21st Aug, 2009 06:11
Score: 1
Posts: 17
User Since: 7th Jul 2009
System Score: N/A
Location: AU
To clarify, this concerns
Belkin UPS 600 VA
which was not listed on the Secunia website under Belkin software. For some reason the "specific program" Nostromo Array Programming Software 2.x got attached to the thread, but this is wrong.
Was this reply relevant?
+0
-0
This user no longer exists RE: Old and insecure Java software embedded in Belkin UPS software
Member 21st Aug, 2009 06:38
Use Windows Explorer (Windows key +E) then navigate to C:\Program Files\Belkin Automatic Power Management Software\jre\bin\ then either rename java.exe to java.old or send it to the Recycle bin to restore in case of a problem.

I have an APC Back-UPS ES 350 due to small power blips that seem to happen infrequently but annoying when they do.

I had to go to APC's site to get the management software for Vista as what shipped was for XP and did not work correctly.
Was this reply relevant?
+0
-0
PazivalRM RE: Old and insecure Java software embedded in Belkin UPS software
Member 21st Aug, 2009 07:05
Score: 1
Posts: 17
User Since: 7th Jul 2009
System Score: N/A
Location: AU
Thank you - it worked.

I renamed all the "filename.exe" files "filename.old" in the subdirectory
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\
and after a reboot the Belkin software works still just the same as it did before. The Secunia scan now tells me that all is OK with Java. Belkin must be using the most recent installed Java rather than its downloaded Java files.

Surely a large computer firm like Belkin can do better than send out software like this!
Was this reply relevant?
+0
-0

This thread has been marked as locked.