Oracle has just given you another reason not to install Java on your Mac

Graham Cluley

JavaWe all know that, when it comes to security holes, Java is the big “swiss cheese”.

If you run Java on your computer you are increasing your attack surface, as malicious hackers will often exploit vulnerabilities in Oracle’s software to infect your computer.

This isn’t just a problem with Java, of course. But the sad truth is that Java – when enabled in the browser, particularly – has a pitiful track record when it comes to exploitable vulnerabilities.

So it’s no surprise that many people don’t like to run Java on their computers, if they can at all help it.

Well, now those kind fellows at Oracle have come up with another reason why Mac users may not want to install Java on their Mac.

Because, as Ed Bott of ZDNet reports, Oracle is now bundling adware in the default installation of Java for Mac.

With the latest release of Java for the Mac, Oracle has begun bundling the Ask adware with default installations as well, changing homepages in the process.

The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac running that latest release of OS X, the installer added an app to the current browser, Chrome version 41. (In a separate test, I installed Java using the latest version of Safari, where it behaved in a similar fashion.)

Java for Mac installing Ask Toolbar

I think it’s great that Oracle is showing its contempt for its users in this way. The company’s transparency should be applauded. They’re clearly saying that they don’t care about whether folks might not want ads sneakily inserted into their search results, and their default home page changed. Instead, they’re openly declaring that they care much more about making a few bucks from pushing the Ask adware.

It’s good to know where we all stand.

MacAnd perhaps our only surprise should be that it’s taken so long for Oracle to act dirty with Mac users, as they’ve been pushing unwanted software onto Windows users alongside their Java installs for years.

The Ask.com adware isn’t as serious a threat as Superfish, the man-in-the-middle adware installed on Lenovo PCs. But my guess is that the vast majority of people would never want it on their computers.

All I wanted was the Ask Toolbar

Of course, you can choose not to install the Ask adware, or remove it if (in your hurry to ensure that you were running the latest patched version of Java) you accidentally overlooked that Oracle was going to plant it on your computer.

And if you want to avoid Oracle pushing third-party apps on you in future when you update Java, you can follow these instructions.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

5 Replies to “Oracle has just given you another reason not to install Java on your Mac”

  1. This doesn't appear to be just on Mac – I spotted the dreaded 'Ask toolbar' option during update on Win 7.

  2. I really don't get this…
    Why does a million dollar company need to push an ask toolbar through our throats? For a few extra bucks?

    They never should have bought it from Sun…
    It sucked then, but it sucks even more now. .
    It's not enough that you can't trust Java itself.. They even managed to ruin the setup.

  3. Hi there!

    I'm not a massive tech person but I normally more or less understand these kind of things, however I'm having a hard time with the Java update thing…

    It's been almost 2 months my computer has been asking to update Java, I finally did it about a couple of weeks ago. And then it asked me to do it again, and again. I feel like it is a virus. And it I dont do it (which I know stopped) my youtube keeps planting.

    Could someone please enlighten me, as on what it is, and whether I should trust this Java update?

    Cheers,

    Jo

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES