Oracle has just given you another reason not to install Java on your Mac

JavaWe all know that, when it comes to security holes, Java is the big "swiss cheese".

If you run Java on your computer you are increasing your attack surface, as malicious hackers will often exploit vulnerabilities in Oracle's software to infect your computer.

This isn't just a problem with Java, of course. But the sad truth is that Java - when enabled in the browser, particularly - has a pitiful track record when it comes to exploitable vulnerabilities.

So it's no surprise that many people don't like to run Java on their computers, if they can at all help it.

Well, now those kind fellows at Oracle have come up with another reason why Mac users may not want to install Java on their Mac.

Because, as Ed Bott of ZDNet reports, Oracle is now bundling adware in the default installation of Java for Mac.

With the latest release of Java for the Mac, Oracle has begun bundling the Ask adware with default installations as well, changing homepages in the process.

The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac running that latest release of OS X, the installer added an app to the current browser, Chrome version 41. (In a separate test, I installed Java using the latest version of Safari, where it behaved in a similar fashion.)

Java for Mac installing Ask Toolbar

I think it's great that Oracle is showing its contempt for its users in this way. The company's transparency should be applauded. They're clearly saying that they don't care about whether folks might not want ads sneakily inserted into their search results, and their default home page changed. Instead, they're openly declaring that they care much more about making a few bucks from pushing the Ask adware.

It's good to know where we all stand.

MacAnd perhaps our only surprise should be that it's taken so long for Oracle to act dirty with Mac users, as they've been pushing unwanted software onto Windows users alongside their Java installs for years.

The Ask.com adware isn't as serious a threat as Superfish, the man-in-the-middle adware installed on Lenovo PCs. But my guess is that the vast majority of people would never want it on their computers.

All I wanted was the Ask Toolbar

Of course, you can choose not to install the Ask adware, or remove it if (in your hurry to ensure that you were running the latest patched version of Java) you accidentally overlooked that Oracle was going to plant it on your computer.

And if you want to avoid Oracle pushing third-party apps on you in future when you update Java, you can follow these instructions.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

5 Responses

  1. Simon Plummer

    March 6, 2015 at 12:12 pm #

    This doesn't appear to be just on Mac – I spotted the dreaded 'Ask toolbar' option during update on Win 7.

    • Graham Cluley in reply to Simon Plummer.

      March 6, 2015 at 12:17 pm #

      Yes. They've been doing that for a long time on Windows. It's clearly worked so well for them that now they're trying on Mac too.

  2. Tom Hill

    March 6, 2015 at 3:00 pm #

    There is the option to turn off sponsor add-ins in the java control panel.

  3. M. Possamai

    March 7, 2015 at 8:52 am #

    I really don't get this…
    Why does a million dollar company need to push an ask toolbar through our throats? For a few extra bucks?

    They never should have bought it from Sun…
    It sucked then, but it sucks even more now. .
    It's not enough that you can't trust Java itself.. They even managed to ruin the setup.

  4. JoB

    April 28, 2015 at 6:57 am #

    Hi there!

    I'm not a massive tech person but I normally more or less understand these kind of things, however I'm having a hard time with the Java update thing…

    It's been almost 2 months my computer has been asking to update Java, I finally did it about a couple of weeks ago. And then it asked me to do it again, and again. I feel like it is a virus. And it I dont do it (which I know stopped) my youtube keeps planting.

    Could someone please enlighten me, as on what it is, and whether I should trust this Java update?

    Cheers,

    Jo

Leave a Reply