"In many cases, Java's built-in upgrading capability fails outright, leaving normal users stranded," says Darien Kindlund, senior staff scientist at anti-malware company .

"Ever since the mainstream adoption of 64-bit Windows 7, Java (and other add-ons, like Flash) suffer from 32-bit/64-bit 'fractionalization,'" Kindlund explains. "Just because you install a patched, 64-bit version of Java, does not mean you're fully protected, if a vulnerable, 32-bit version of Java is still installed on the system (or vice-versa)."

AlienVault's Karg notes that Java is rightly no longer part of most operating systems. "Java shouldn't come pre-installed with common OSes," Karg says "It doesn't come with Linux by default, and the latest Windows version doesn't bundle it either."

By now, a few weeks after the Flashback malware outbreak struck OSX, it's well understood that Apple releases its own Java updates, and this sometimes means Mac users don't get access to the latest version for their Windows-using counterparts.