You’d have thought that Oracle would have learnt to leave well alone when it comes to packing Ask.com toolbars into Java downloads, considering the furore that erupted when the issue first came to light on Windows. Annoyingly, for those who thought they were safe on Mac, that doesn’t appear to be the case. Users who rushed to grab 8u40 discovered too late that, at some point in the past month, the adware has been optimised to default download to Mac OS X (note: this is an issue tied into the JRE-only installer and doesn’t affect the JDK).
Oh @Java updates… I’m not sure trying to get people to install the “Ask toolbar” weekly is good for your reputation 🙁
— Mike Donahue (@DonahueMJ) March 9, 2015
Any hapless Mac OS X user who clicked through the permissions section in the latest 8u40 release (and who hasn’t done that?), found their browser homepage had been re-set to Ask.com. A Q&A relic of the nineties formerly known as AskJeeves.com, aside from being about as useful as a chocolate teapot, this unwelcome addition represents a cynical industry practice which does nothing to refute the reputation for insecurity Java has gained in certain quarters. So widespread is this distrust, Minecraft people Mojang have even started quietly offering a ‘standalone‘ version of Java for those who use it exclusively to play the game.
— Marvin (@planetsizebrain) March 9, 2015
Whilst removing the Ask toolbar is an easy procedure, it’s an irksome task for anyone to have to go through as a result of downloading software they believed to be trustworthy. As Richi Jennings comments, “At best, this thing is irritating adware. At worst, it’s a Trojan that tracks all the sites you visit.”
Given the recent revelations about underhand tactics by PC makers Lenovo, the timing is especially unfortunate. In this case, it was revealed that Lenovo PCs were shipping out infested with third-party adware landmine ‘Superfish’, which worked by kicking out any secure SSL connections users made and shunting in its own secure certificate – leaving unsuspecting Lenovo PC owners potentially vulnerable to “man in the middle” attacks. The company was forced to publicly apologise – and now claims to be turning practices around.
Apparently Oracle did engage on the Ask.com issue with a group of Java Champions last year – but unfortunately, when it comes to so-called ‘crapware’, it seems that money talks. Whilst users continue to sign up to Change.org petitions and howl their indignation on Reddit, Oracle keeps making a commission on every bit of rubbish it choses to pollute its downloads with that you might accidentally click. This might be the first time Oracle has extended the practice to Mac OS X, but rest assured, it likely won’t be the last. So, in conclusion, enjoy Java 8u40 and all the cool new benefits it brings…but when it comes to installation, be very careful where you click!