Oracle rapped for sneaking 3rd-party apps into Java update

After getting flak for a security flaw in its Java software, Oracle is getting flak again - this time for rolling out a fix but with a third-party toolbar.

 

Security vendor Sophos said the update to Java will attempt to install a third-party toolbar and change a user's default search engine.

 

"Yes, Oracle has chosen to enable the option to install the Ask Toolbar and meddle with your search engines. Why? Because of profit. They earn more commission, the more people they get to install the third-party software," it said in a blog post.

 

It advised computer users to be "really careful" in installing the Java update, lest they "accidentally" install unwanted software like the Ask Toolbar.

 

The update comes in the form of a wizard that lets users click "Next," but has a check box allowing the installation of the third-party toolbar by default.

 

"IT managers may be able to handle underhand tricks like these, but what hope does the average computer user who will - most likely - just be automatically hitting 'Next'?" Sophos said.

 

Sophos noted Oracle and Ask are not the only parties guilty of tricks like this.

 

It cited as similar earlier examples CNET's attempt to serve an Nmap network tool with a Babylon toolbar, and Adobe trying to sneak McAfee software along with its Flash updates.

 

"Of course, McAfee's software is considerably more useful and desirable than the Ask Toolbar. But it should be my conscious and informed decision as to whether I want to install it or not. For vendors to pre-select options to install unconnected third-party software in an installer is just wrong," it said.

 

"Oracle and others are choosing to pre-check the box - that's a conscious decision on their part because they know that more people will install the bundled software (or 'foistware' as it's becoming known) as a result," it added. — TJD, GMA News