Wednesday, March 4, 2015

Java Installs Adware With Plugin,
Part Of Growing Mac Adware Attacks


Sadly, like a lot of customer adverse companies, Oracle is now packing adware with its Java plugin installer. Beware!

My colleague Thomas Reed caught up with the situation and has done some testing to see what's going on. I recommend reading his 'The Safe Mac' article found here:

Java now installing adware
Despite the fragility of the adware install process, this is still going to be a problem for many people installing Java. Oracle should be ashamed of themselves! Since Java has repeatedly posed security problems in the past, and Oracle has now shown a willingness to infect their own users with adware, I strongly recommend avoiding Java if at all possible. For those who must have Java, Trouton has posted information in his Der Flounder article on how to run the Java installer only, found inside the adware-riddled Java 8 Update 40 application, which should install Java without the toolbar. 
For those affected by this Ask Toolbar, I have added detection of the Ask browser extensions and support files to my AdwareMedic app and my Adware Removal Guide. And thanks to Rich Trouton for bringing attention to this issue!
Rich Trouton's article on the Java adware problem can be found here:

Oracle’s Java 8 Update 40 – The Good, the Bad and the Ugly
You will be prompted to set as your browser homepage, with the choice to do so checked off by default. If left checked, Safari’s homepage will be set with a URL and a Safari extension will be used to install an toolbar.

Thomas Reed found that the Java installer will install a corresponding plugin depending upon which web browser you have set as your default. With regards to Safari, he found that it also had to be running at the time for the adware installer to work, if it worked at all.

Needless to say, DON'T fall for the adware installation! You don't want that crap on your Mac. If you do get skewered, grab a copy of Thomas' free/donationware Adware Medic and get rid of it.


The Windows community has been getting hammered with adware for many years. Now the adware rats have caught up with the Mac community and are infesting the stuff into everything possible. I wrote an article last year, over at MacSmarticles, about the ruination of VersionTracker after CNET/CBS made it just as bad as the rest of their website. It is now nearly impossible to download anything from the CNET site without having adware foisted at you by its installers. The same thing is going on at just about every other downloads website. I gladly point out that is an exception as well as These are the only two download websites I trust at this point in time.

Recently, the computer manufacturer Lenovo has been slammed by the computer community for infesting their computers with crapware that included a diabolical adware program called Superfish. The adware was built on a code foundation provided by the company Komodia. Their awful software features:

- Faked security certificates used to allow the software to spy on your SSL/TLS, HTTPS connections over the Internet.
- A private encryption key that is protected by the password "komodia". That password doesn't just work in Superfish, but in ALL Komodia software that makes use of spying on HTTPS web streams. The number of affected applications is expected to be near 100.

It has also been discovered that other programs pull the same security trickery:

EFF unearths evidence of possible Superfish-style attacks in the wild
Crypto-busting apps may have been exploited against visitors of Google and dozens more.
by Dan Goodin

One such program is PrivDog, provided by Internet security certificate provider Comodo Group, who have already suffered scandal by releasing nine fraudulent certificates faking themselves to be the likes of Google, Yahoo, Skype and Windows Live. This gives Comodo two black eyes.

Then add to this situation the fact that at least two anti-malware applications have been found to perform the same faked security certificate trick as a method for catching malware being downloaded to your computer. They are provided as 'deep inspection' features of their software, which I obviously suggest you TURN OFF. Those two anti-malware programs are Malwarebytes and Avast. I found out about Malwarebytes via word-of-mouth and am waiting for solid verification.

No doubt, other such questionable software, crapware and adware will be uncovered in the coming months and some of it will run on Macs.

The message: 
Be Careful What You Install.


No comments:

Post a Comment