We all know that, when it comes to security holes, Java is the big “swiss cheese”.
If you run Java on your computer you are increasing your attack surface, as malicious hackers will often exploit vulnerabilities in Oracle’s software to infect your computer.
This isn’t just a problem with Java, of course. But the sad truth is that Java – when enabled in the browser, particularly – has a pitiful track record when it comes to exploitable vulnerabilities.
So it’s no surprise that many people don’t like to run Java on their computers, if they can at all help it.
Well, now those kind fellows at Oracle have come up with another reason why Mac users may not want to install Java on their Mac.
Because, as Ed Bott of ZDNet reports, Oracle is now bundling adware in the default installation of Java for Mac.
With the latest release of Java for the Mac, Oracle has begun bundling the Ask adware with default installations as well, changing homepages in the process.
The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac running that latest release of OS X, the installer added an app to the current browser, Chrome version 41. (In a separate test, I installed Java using the latest version of Safari, where it behaved in a similar fashion.)
I think it’s great that Oracle is showing its contempt for its users in this way. The company’s transparency should be applauded. They’re clearly saying that they don’t care about whether folks might not want ads sneakily inserted into their search results, and their default home page changed. Instead, they’re openly declaring that they care much more about making a few bucks from pushing the Ask adware.
It’s good to know where we all stand.
And perhaps our only surprise should be that it’s taken so long for Oracle to act dirty with Mac users, as they’ve been pushing unwanted software onto Windows users alongside their Java installs for years.
The Ask.com adware isn’t as serious a threat as Superfish, the man-in-the-middle adware installed on Lenovo PCs. But my guess is that the vast majority of people would never want it on their computers.
Of course, you can choose not to install the Ask adware, or remove it if (in your hurry to ensure that you were running the latest patched version of Java) you accidentally overlooked that Oracle was going to plant it on your computer.
And if you want to avoid Oracle pushing third-party apps on you in future when you update Java, you can follow these instructions.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.