Oracle Uses Java To Install Adware On Macs, PCs

Tom Jowitt,

Superfish take two? Oracle is now bundling Ask.com adware on Mac computers via the Java installation

Oracle is at the centre of a fresh adware controversy after installing Ask.com adware on Mac computers, via the default installation of Java.

Oracle is known to have done the same thing to Windows users for years now, by bundling adware with its Java installer for Windows PCs.

Adware Controversy

But Oracle’s decision to bundle adware in with the Macintosh installation of Java was revealed in a blog posting by Mac administrator Rich Trouton, who is based in Virginia.

java-flaw-lHe pointed out that Oracle used a standard installer package to install Java 7 and Java 8. But with the release of Java 8 Update 40, Oracle has changed how Java 8 for Macs is installed. Indeed, Oracle has now switched to using an application to install Java.

“You will be prompted to set Ask.com as your browser homepage, with the choice to do so checked off by default,” Trouton wrote. “If left checked, Safari’s homepage will be set with a search.ask.com URL and a Safari extension will be used to install an Ask.com toolbar.”

“If you didn’t change the option of setting Ask.com as your browser homepage, it’ll then ask you to install the Ask.com toolbar as a Safari extension,” he warned.

Ask.com is controversial as it can hijack a browser’s search requests and return ad-laden results. It pays millions of dollars so that its toolbar is distributed by companies such as Oracle, and it can also be somewhat tricky to remove. If users are not paying attention during an installation, they can easily discover it has been included in the installation.

Sneaky Superfish

Of course, Ask.com is not as potentially dangerous as the SuperFish adware. Last month was revealed that Lenovo had pre-installed Superfish, an advertising program, on some Lenovo laptops.

Lenovo had begun to bundle Superfish ad software with some of its laptops in September of last year, using it to alter users’ search results. It said it removed the software from its products in January due to user complaints over the intrusiveness of the tool.

That triggered the US Government to warn the general public to remove Superfish because it said it introduces a security vulnerability.

The hacker group the Lizard Squad apparently retaliated against Lenovo for Superfish, and took down its main corporate website in late February.

Are you a security guru? Try our quiz!