I am a former software developer and have used Java extensively.

The Java Runtime Environment (JRE) is the portion of Java installed by users, to run Java application. As developers, we needed to keep multiple JREs installed for performance and compatibility testing of our apps, which might be run by customers with older versions of the JRE.

The presence of multiple JREs is not exactly an inherent virus risk, especially if you have a good antivirus.

However, I would agree with MrsD's point that it is best to have only one, unless you are a developer, tester, etc.

I would go further and suggest that when you want to install a new JRE, you first uninstall any older one(s), and then install the new one.

------------------------------------------------------

A JRE, like any other program, can be infected by a virus. Similarly, it can have a specific kind of bug - a "security vulnerability" - that can be exploited by viruses to harm your system or gain unauthorized access to it, whenever that program runs.

Moreover, a JRE is a particularly powerful type of program, because it runs other programs.

Therefore, even with a single JRE installed, if that version has a security vulnerability, a virus could launch a Java application that exploits it - to gain unauthorized access or do other things - without even infecting the JRE itself. with multiple JRE's installed, a virus can still "look for" a specific JRE version known to have a vulnerability, and "choose" to use that specific one to launch a malicious application.

Similar "vulnerabilities" are found with Windows all the time... a good portion of the updates Microsoft releases are patches for these. However, while we do not need multiple versions of the same system component installed, that is not always true of a JRE (as in the case of developers.)

As such, when a new JRE is installed, it is a new installation in its own right, not a true "update."

~ waves ~