Published in News

Java is installing Adware

by on06 March 2015

Don't Ask Don't Tell

Rich Trouton, a Mac systems administrator who runs the Der Flounder blog has discovered that a Java installer is installing adware, in the form of the Ask Toolbar.

Basically when you install Java you get an application to install the god awful Ask Toolbar with the box checked by default. It is nothing new in IT land but it is an indication of how short sighted a company is ifit is prepared to annoy its customers for what amounts to chump change.

Rahul Kashyup, chief security architect, Bromium told Fudzilla that it’ not uncommon for few large brands such as Oracle, Adobe to ‘bundle’ packages along with their software. In fact Oracle has been doing this for some time now.

Just like how many large PC manufacturers bundle ‘bloatware’; popular software companies seem to be driving on the same concept.

The add-on is known to get installed as a BHO (Browser Helper Object). Due to its dubious nature of installation and capabilities this is regarded as a ‘PUP – Potentially Unwanted Program’, a term used by the cyber security industry to navigate legal notices by the creators of such software.

Unfortunately some large brands are using their credibility to package such software. People need to be vigilant to avoid installing such undesired bundled software."

Fraser Kyne, principal systems engineer, Bromium said that the announcement is good news to those who spend all their time patching Java. They will finally have an excuse not to do it. All they have to tell their boss is upgrading to the new version of Java places their organisation at risk of malware.

“The sad truth is, for many organisations the concept of moving to a recent version of Java is light years away anyway. Adware concerns just add more weight on top of other security concerns, which are then balanced against the very real cost of modifying the application estate,” he said.


Rate this item
(6 votes)

Read more about: