Oracle will continue to bundle 'crapware' with Java
Defends practice of making users opt out of Ask.com toolbar; says 'not something Oracle started'
Computerworld - Oracle will not stop bundling what critics describe as "crapware" and "foistware" with its Java installer anytime soon, a company representative intimated last week.
The practice of offering up other software alongside Java updates, including emergency security updates to patch critical vulnerabilities, again came under fire last week as new reports surfaced of deceptive installation techniques.
During a conference call with leaders of the Java User Groups (JUG) last week, Doland Smith, who heads Oracle's OpenJDK team, cited contractual obligations that prevented him from discussing the bundling deal in detail. But he hinted that no changes were in the offing.
"When you have a commercial relationship like this, not only are you dealing with your [own] corporate policies on communication, and revenue recognition and all that kind of stuff, but you also have a commercial partnership and agreement that you have to abide by and follow," said Smith during the call.
Currently, the Java installer for Windows includes an offer for the Ask.com browser toolbar. Unless users explicitly uncheck a box on the Java installation screen -- in other words, opt out -- the toolbar automatically downloads and installs, and the browser's default search engine changes to Ask.com.
That raised the ire of long-time Windows blogger Ed Bott of ZDNet, and also got the attention of Ben Edelman, an associate professor at Harvard and expert on adware, online fraud and Internet privacy.
In pieces published Jan. 22, both Bott and Edelman took aim at Oracle for bundling the Ask.com toolbar with Java.
Bott found that the Ask.com toolbar was not immediately installed, but waited 10 minutes after Java finished to kick in. "I've never seen a legitimate program with an installer that behaves this way," said Bott, who speculated that the technique was an attempt to hide the toolbar's installation from technically-astute users.
Edelman was also caustic in his criticism of Oracle and the Ask.com toolbar installation, deeming the latter deceptive. Even worse, Edelman said, was that the offer was included with critical Java updates that patched recent "zero-day" vulnerabilities being exploited by criminals.
"The Java update is only needed as a result of a serious security flaw in Java," said Edelman. "It is troubling to see Oracle profit from this security flaw by using a security update as an opportunity to push users to install extra advertising software."
By bundling adware with its security updates, Oracle is teaching users to distrust its patching process, Edelman added.
Oracle's Smith disagreed.
"It's not specifically a security issue. It's a commercial, business-side issue," he said during last week's call. "The reason it's tied with security is that it's showing up when we push out new installers on the Windows platform. Really, it's not related to security directly."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts