Java installs adware. If you allow it. Relax people.

06. March 2015 Security 6

Java is now bundled with an Ask.com toolbar. The web is blowing up about it. “Beware”, “Adware”, “shady”, “Sneaking” and other terms are used. Is this just a hype or is there something to these claims? Let’s find out.

I set up a brand new Virtual Machine, installed all the latest updates, the latest browsers, the latest versions of Flash Player and Little Snitch. I downloaded the latest version of Java directly from it’s source; oracle.com. When the download is selected it leads to the Java.com website (https://www.java.com/en/download/). The latest version at the time is Version 8 Update 40.

Adware is free software sponsored by ads. Toolbars are usually a form of adware. I use free software that is sponsored by ads on my Mac and my iPhone, nothing wrong with adware. When Adware starts to act like spyware and injecting ads in places it should not be, then there’s a problem.

I ran the Java installer and found clear mention of the Ask.com toolbar with two options:
– Set Ask as my default search provider
– Set Ask.com as my browser home page and new tabs page

If these boxes are unchecked, you guessed it, just Java is installed. But let’s behave like the typical user and click “Next” as fast as we can, completely ignoring all the information the installer provides.

The toolbar is installed in Safari and both the default search and home pages are changed to ask.com. Firefox users (as we should all be imo) get a warning stating a 3rd party is attempting to modify Firefox. You must allow it to be activated. If you do not allow this, the add-on will be installed but de-activated by Firefox. It does however change your default home page and search engine.

Here is what I’ve found:
– If you READ the installer information this toolbar will never make it on to your system.
– If you did manage to just click “Next” and get the toolbar installed, Firefox warns you about it and you must provide additional approval to activate the toolbar. Safari users are stuck with the toolbar immediately.
– Your new Ask.com homepage clearly shows links to how you can reset your homepage or remove the toolbar. They do not try to hide it.
– The toolbar does not inject ads anywhere they should not be.
– There are no additional processes running because of the toolbar.
– No dubious server connections are made by the toolbar.
– Tt takes 10 seconds to reset your home page, search engine and uninstall the toolbar in Safari.
– It takes 19 seconds to reset your home page, search engine and remove the toolbar from Firefox.
– It takes a minute to delete the few files left in the Library folder.

So, is it the worth the hype? Absolutely not. Clickbait mostly in my opinion.

Oracle did not do anything “shady”. Oracle did not “sneak” this toolbar in there. Does Ask.com suck as a search service? Absolutely. Is it annoying to have to reset and uninstall the Ask.com materials after you failed to properly read an installer? Sure, but that’s on you. Is there data theft, ad injection, horrible unspeakable things happening? No. As with all installers, read the information that’s provided. Don’t brainlessly click things you shouldn’t be clicking and you can avoid most of this stuff.


6 thoughts on “Java installs adware. If you allow it. Relax people.”

  • 1
    xpf on March 15, 2015 Reply

    While the Java/Ask.com toolbar seems not as malicious or deceptive as adware installs through other download managers, such as those on download.com or certain Sourceforge projects, it’s still unwanted, and I don’t trust it. Millions of not-so-skilled people will have trouble to remove it.

    Yes, I think people have the right to just blindly click through without anything else than their desired software installed. Pre-enabled checkboxes for adware are dishonest!

    Before, Oracle told us the lame excuse that the adware for Windows Java is due to old contracts which have to be served. Now they extend this practice to Mac, signalling they’re about to continue and make it worse! R.i.P., Java!

    • 2
      Jay on March 15, 2015 Reply

      I agree, people have the right to blindly click through. People also have the right to leave their house or car unlocked. Either way the consequences are usually predictable and entirely up to the person. I have not had a need for Java in a very long time and only know a handful of people that do. For those that don’t need it I always recommend to un-install it completely. Safer that way.

  • 3
    xpf on March 17, 2015 Reply

    You might leave your home or car unlocked for a moment, if you’re in a small village where you can trust others. That’s the problem, people still trust major brands like Java. Of course, you will not leave home or car open if you’re in a really bad gangland neighborhood. Similar to a shady download portal or warez site, where you will execute programs with great care or not at all. Anyway, a thief is still a thief, even if you are careless!

    The exploitation of trust is a big problem with some old brands and software tools, which have been reliable for many years, but turned to the dark side recently. This is the case for Java, even more for some SourceForge projects like FileZilla, whose developers now make money with really malicious adware installers (where you can’t avoid adware installs even if you’re careful).

    Furthermore, good legal systems will rate “contracts” by dark patterns and deceptive fine print traps invalid, so you can’t make a valid contract for adware, spyware, hidden fees or subscriptions just by negligence and not reading fine print!

  • 4
    Andrea on June 4, 2015 Reply

    Hi, found your site while searching for info on best protection against malware/adware/viruses for my MacBook Pro. I appreciate all the information you publish. Now I have to ask a couple questions that will reveal my age. 1) How do I know if Java is even on my computer, and if it is, how do I get rid of it? 2) You mentioned Firefox as preferable in your opinion. Can you explain why, and how it differs from Safari?
    I really despise all the damn ads that follow me all over the internet. If I shop for shoes, I see those shoes on every site I visit. I clear cookies periodically, but that does not seem to be enough. Will installing Intego help with that at all, or is that really just for malware? Is there a security program that handles both malware and adware that, in your opinion, is a good program? Ok, I guess that was more than a couple questions. Thanks for your time!

    • 5
      Jay on June 4, 2015 Reply

      Hi Andrea,

      Ther are a few ways to see if you have Java installed. Open your system preferences and see if there’s a Java icon at the bottom. To manually remove Java go to your hard drive, open the Library folder and look for the Internet Plug-Ins folder. In there you should see a file named “JavaAppletPlugin.plugin”, delete that. There are some more trace files on your system but removing the plug-in should be enough to disable it to the point where it’s harmless.

      As for why I prefer Firefox, have a look at This Post and This Post. A lot has changed since those posts were written but Firefox is still on top when it comes to speed, privacy and security (if configured properly).

      The add-ons and plug-ins described in those posts will help you get rid of those annoying ads as they block the tracking and advertising contents in most websites. Intego and other AV solutions are useless against ad tracking, using good browser plug-ins are the best way. If you want to go a step further, stop using Google search engine and switch to DuckDuckGo or Startpage.

      • 6
        Andrea on June 6, 2015 Reply

        Jay, thanks for your time and input.

Leave a Reply

Your email address will not be published. Required fields are marked *

*