topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday March 18, 2024, 11:36 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Java's Deceptive Installation  (Read 5063 times)

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Java's Deceptive Installation
« on: January 22, 2013, 06:35 PM »
A close look at how Oracle installs deceptive software with Java updates
 
Oracle's Java plugin for browsers is a notoriously insecure product. Over the past 18 months, the company has released 11 updates, six of them containing critical security fixes. With each update, Java actively tries to install unwanted software. Here's what it does, and why it has to stop.

That dialog box is not telling the truth.
In the background, the Ask toolbar installer continues to run, but it delays execution for 10 minutes. If you are a sophisticated Windows user and you missed the initial checkbox, your natural instinct at this point would be to open Control Panel and check Programs and Features. When you do, you will see that only the Java update has been installed. You might also check your browser settings to confirm that no changes have been made to your settings. You might conclude that you dodged a bullet and that the unwanted software wasn’t installed.

But you would be wrong. The Ask installer is still running, and after waiting 10 minutes, it drops two programs on the target system.

The only indication that this installer is running is a brief flash of the mouse pointer. A check of the Windows event logs shows that the installer completed its activity exactly 10 minutes after the Java installer finished, and the two Ask modules show up in the list of installed programs.

http://www.zdnet.com...a-updates-7000010038

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Java's Deceptive Installation
« Reply #1 on: January 22, 2013, 07:09 PM »
This bundling of 'value added software' (AKA crapware) really needs to stop - and with this sort of deceptive practice Sun should have a class action brought against them

Practically every computer I see recently has had home pages and search engines changed without consent on an almost daily basis and most users haven't got a clue why.

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: Java's Deceptive Installation
« Reply #2 on: January 22, 2013, 07:54 PM »
This bundling of 'value added software' (AKA crapware) really needs to stop - and with this sort of deceptive practice Sun should have a class action brought against them

Practically every computer I see recently has had home pages and search engines changed without consent on an almost daily basis and most users haven't got a clue why.
  Which is why I run WinPatrol Plus on my system, it puts a stop to this bullshit....

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Java's Deceptive Installation
« Reply #3 on: January 22, 2013, 09:33 PM »
Just install the developer version! No crap in there~! :D
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Krishean

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 75
  • I like pie
    • View Profile
    • Draconis Labs
    • Donate to Member
Re: Java's Deceptive Installation
« Reply #4 on: January 22, 2013, 10:25 PM »
Just install the developer version! No crap in there~! :D

No automatic updates there either, unfortunately.
Any sufficiently advanced technology is indistinguishable from magic.

- Arthur C. Clarke

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Java's Deceptive Installation
« Reply #5 on: January 22, 2013, 11:27 PM »
Just install the developer version! No crap in there~! :D

No automatic updates there either, unfortunately.

But you do get notifications automatically.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker