Java now installing adware
Published March 4th, 2015 at 11:34 AM EDT , modified March 4th, 2015 at 11:34 AM EDT
Rich Trouton, a Mac systems administrator who runs the Der Flounder blog, discovered yesterday that a Java installer is installing adware, in the form of the Ask Toolbar. (He first wrote about it on JAMF Nation, but has published additional information in his Der Flounder post today.) Fortunately, in the course of trying to duplicate his findings, it appears that this installer is a bit finicky, and may not always install the toolbar properly.I had a slight bit of trouble finding the troublesome installer at first. My search initially took me to Oracle’s site, where I downloaded Java 8 Update 40 and found that it was just a simple installer package, with no nasty hitchhikers. My second stop – to Java.com – hit paydirt, though, with the Mac installer downloaded from that site being the application described by Trouton.
On running that installer, I initially saw exactly what Trouton described. At one point in the install process, I was asked whether I wanted to install the Search App by Ask. The box was checked by default, and I left it that way.
However, from there, my experience differed a bit. I never saw the alert Trouton described asking if I was sure I wanted to install the toolbar, and no toolbar was visible in any browser. A bit of searching the file system turned up an Ask Safari extension was present, but for some reason hadn’t been installed properly.
After much experimentation and frustration, I found that the installer is a bit fragile. It turns out, something goes wrong with the process if Safari isn’t open during installation. By leaving Safari open, I found that the extension was installed, and saw the toolbar appear in Safari. However, I never did see that install confirmation alert, even then. Clearly there’s still something different between my installation and Trouton’s, but I haven’t figured out what that might be yet.
Unlike other adware installers that I have seen, this also seems to only install the toolbar into the default browser. So, I repeated the process for both Chrome and Firefox, and found that it was installed in each of those as described, but only for the one that was the default browser. (Interestingly, my test system had a rather outdated version of Firefox – version 28.0 – which caused the install to fail again. I had to update to 36.0 to get the toolbar to install.)
Despite the fragility of the adware install process, this is still going to be a problem for many people installing Java. Oracle should be ashamed of themselves! Since Java has repeatedly posed security problems in the past, and Oracle has now shown a willingness to infect their own users with adware, I strongly recommend avoiding Java if at all possible. For those who must have Java, Trouton has posted information in his Der Flounder article on how to run the Java installer only, found inside the adware-riddled Java 8 Update 40 application, which should install Java without the toolbar.
For those affected by this Ask Toolbar, I have added detection of the Ask browser extensions and support files to my AdwareMedic app and my Adware Removal Guide. And thanks to Rich Trouton for bringing attention to this issue!