23rd January 2013, 19:59 #1
A close look at how Oracle installs deceptive software with Java updates !
A close look at how Oracle installs deceptive software with Java updates
"Summary: Oracle's Java plugin for browsers is a notoriously insecure product. Over the past 18 months, the company has released 11 updates, six of them containing critical security fixes. With each update, Java actively tries to install unwanted software. Here's what it does, and why it has to stop.
Java is the new king of foistware, displacing Adobe and Skype from the top of the heap.
And it earned that place with a combination of software update practices that are among the most user-hostile and cynical in the industry.
In coordination with Ben Edelman, an expert on deceptive advertising, spyware and adware, I've been looking at how Oracle delivers Java to its customers and who it has chosen to partner with. The evidence against Oracle is overwhelming.
When you use Java’s automatic updater to install crucial security updates for Windows , third-party software is always included. The two additional packages delivered to users are the Ask Toolbar and McAfee Security Scanner.
With every Java update, you must specifically opt out of the additional software installations. If you are busy or distracted or naïve enough to trust Java’s “recommendation,” you end up with unwanted software on your PC.
IAC, which partners with Oracle to deliver the Ask toolbar, uses deceptive techniques to install its software. These techniques include social engineering that appears to be aimed at both novices and experienced computer users, behavior that may well be illegal in some jurisdictions.
The Ask.com search page delivers inferior search results and uses misleading and possibly illegal techniques to deceive visitors into clicking paid ads instead of organic search results.
I’ve spent the past weekend installing and updating Java on an assortment of physical and virtual test PCs to see exactly how the Java updater works.
full story: A close look at how Oracle installs deceptive software with Java updates | ZDNet
24th January 2013, 04:04 #2
Strangely, I did not face this 'foistware' issue when I installed the latest Update 11.