If you’re installing a critical security update on your computer, caused by the software vendor’s sloppy code quality, you probably wouldn’t dream that your software vendor is trying to make some money out of the inconvenience.
And yet that’s exactly what Oracle seems to be up to with its (sadly necessarily frequent) security updates for Java.
As Ed Bott explains in this excellent article, when the world was rushing to install an essential Java security update last week, the software vendor attempted to install a third-party toolbar and change your browser’s search engine.
Yes, Oracle has chosen to enable the option to install the Ask Toolbar and meddle with your search engines. Why? Because of profit. They earn more commission, the more people they get to install the third-party software.
You wanted to install the latest version of Java because you wanted to protect yourself against potential attack by cybercriminals. But you have to be really careful not to accidentally install unwanted software like the Ask Toolbar at the same time.
IT managers may be able to handle underhand tricks like these, but what hope does the average computer user who will – most likely – just be automatically hitting “Next”?
(Oh, and if you want to know why you might want to avoid installing the Ask Toolbar, check out this analysis by Ben Edelman).
It’s not just Oracle/Ask who are guilty of tricks like this of course.
You may remember the brouhaha that erupted after CNET served up its download of the tasty Nmap network tool with a disagreeable side-dish of the Babylon toolbar.
And then there’s Adobe – a company not unfamiliar with the need to issue regular security updates for its Flash and Acrobat products.
I’ve lost count of the number of times in the past Adobe has tried to sneak McAfee software onto my computers.
A quick search of Adobe’s community forums reveals the bundling hasn’t been popular with their users:
Of course, McAfee’s software is considerably more useful and desirable than the Ask Toolbar. But it should be my conscious and informed decision as to whether I want to install it or not. For vendors to pre-select options to install unconnected third-party software in an installer is just wrong.
I think it’s wrong for software companies to take advantage of users’ eagerness to install a security update in this way.
Oracle and others are choosing to pre-check the box – that’s a conscious decision on their part because they know that more people will install the bundled software (or “foistware” as it’s becoming known) as a result.
It’s an underhand trick designed to make them money, and customers deserve to be treated better than this.
Let us know what you think, by taking this quick poll.
[polldaddy poll=”6849827″]
Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.
