Java Update Contains Malware

The war between wetware and hardware.
User avatar
Rob Lister
Posts: 19922
Joined: Sun Jul 18, 2004 7:15 pm
Title: Incipient toppler
Location: Swimming in Lake Ed
Has thanked: 593 times
Been thanked: 596 times

Java Update Contains Malware

Post by Rob Lister » Thu Mar 24, 2011 1:22 pm

That's the way I see it anyway. Luckily, the malware is easily removed but you have to go to add/remove programs to do it.
Starting last month, Oracle began bundling a security scanning tool called the McAfee Security Scan Plus with its Java updates for the Windows operating system. The software is installed by default with the Java update, so unless users notice and uncheck the McAfee installation box as they're updating Java, they'll end up downloading McAfee's software too.
http://www.computerworld.com/s/article/ ... geNumber=1

That's what happened to me, and after I bitched about that very thing in anohter thread (which I can't find today) with an Adobe update. I wasn't paying attention and just clicked through the installation and ended up with crap I didn't order.
Once downloaded, the McAfee software prompts the user on a daily basis to accept McAfee's licensing terms to complete the installation. The user can cancel out of this prompt, but there is no option to decline the terms. To remove the software, the user must use the Windows "Uninstall a Program" feature.
I see that as evil, not just annoying. So, what's their justification for doing this?
McAfee defended its decision to leave the Security Scan install box checked by default. "McAfee believes it’s better to be protected than unprotected, therefore we are offering this as a default," a McAfee spokeswoman said via e-mail. "A surprising number of people have computers with out-of-date security or no security at all."
Are you fucking kidding me? Who the fuck do you think you are? Get the fuck out of my house you evil bastard; get your fucking foot out of my door. And how the hell did you get into the position of making that decision anyway: I thought Oracle owned Java. Did Oracle buy out McAfee? WTF?

User avatar
Abdul Alhazred
Posts: 71428
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 3322 times
Been thanked: 1228 times

Re: Java Update Contains Malware

Post by Abdul Alhazred » Thu Mar 24, 2011 3:03 pm

Abdul's general principles when installing WindowsTM software.

1) You don't want the toolbar.
2) You don't want McAfee anything.
2) You don't want Norton anything.
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

User avatar
Mentat
Posts: 10271
Joined: Tue Nov 13, 2007 11:00 pm
Location: Hangar 18
Has thanked: 37 times
Been thanked: 124 times

Re: Java Update Contains Malware

Post by Mentat » Thu Mar 24, 2011 4:13 pm

Ah, what a wonder it is to have a Mac.
It's "pea-can", man.

Lapis Sells . . . But Who's Buying?

User avatar
sparks
Posts: 14089
Joined: Fri Oct 26, 2007 4:13 pm
Location: Friar McWallclocks Bar -- Where time stands still while you lean over!
Has thanked: 1967 times
Been thanked: 605 times

Re: Java Update Contains Malware

Post by sparks » Thu Mar 24, 2011 5:31 pm

I saw that update just last week on my laptop. Fortunately I was sober that day and unchecked the McAfee bullshit. BTW--Java is really annoying in the amount/frequency of updates. WTF? And what's the worst that can happen if I ignore the updates? (I assume eventually something will need the latest Java and not be able to run...........??)
You can lead them to knowledge, but you can't make them think.

En folkefiende
Posts: 17511
Joined: Thu Aug 12, 2004 4:38 am
Location: Waiting for an electrician

Re: Java Update Contains Malware

Post by En folkefiende » Thu Mar 24, 2011 5:52 pm

Ran into this while doing the updates on a new machine (see other thread on pre-instaled malware hiding as useful software). The combination of the pre-installed version with the java download ATTEMPT to load is toxic, and yes, I unchecked the damn box.

I finally took the box offline and uninstalled every bit of Norton and McCaffee software that was preinstalled, installed the virus checker I wanted from a CD, and then went back online.

Much better. And my antivirus software recognizes the attempt at pushing unwanted antivirus code as the malware it is. Nice I could set that one up.
Formerly jj, the enemy of the people, aka the bullies who rant and lie here.

User avatar
Rob Lister
Posts: 19922
Joined: Sun Jul 18, 2004 7:15 pm
Title: Incipient toppler
Location: Swimming in Lake Ed
Has thanked: 593 times
Been thanked: 596 times

Re: Java Update Contains Malware

Post by Rob Lister » Thu Mar 24, 2011 6:25 pm

sparks wrote:I saw that update just last week on my laptop. Fortunately I was sober that day and unchecked the McAfee bullshit. BTW--Java is really annoying in the amount/frequency of updates. WTF? And what's the worst that can happen if I ignore the updates? (I assume eventually something will need the latest Java and not be able to run...........??)

java is full of holes. so the updates are presumably necessary for keeping malware/viruses out. ironic, that.

User avatar
Abdul Alhazred
Posts: 71428
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 3322 times
Been thanked: 1228 times

Re: Java Update Contains Malware

Post by Abdul Alhazred » Thu Mar 24, 2011 6:31 pm

jj wrote:And my antivirus software recognizes the attempt at pushing unwanted antivirus code as the malware it is. Nice I could set that one up.
Now that is just pure coolness.
Spoiler:
Of course with JES2 you don't have to worry about stuff like that.

JES2 rocks! Image
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

En folkefiende
Posts: 17511
Joined: Thu Aug 12, 2004 4:38 am
Location: Waiting for an electrician

Re: Java Update Contains Malware

Post by En folkefiende » Thu Mar 24, 2011 6:43 pm

Rob Lister wrote: java is full of holes. so the updates are presumably necessary for keeping malware/viruses out. ironic, that.
True, and even more true.
Formerly jj, the enemy of the people, aka the bullies who rant and lie here.

En folkefiende
Posts: 17511
Joined: Thu Aug 12, 2004 4:38 am
Location: Waiting for an electrician

Re: Java Update Contains Malware

Post by En folkefiende » Thu Mar 24, 2011 6:44 pm

Abdul Alhazred wrote:Of course with JES2 you don't have to worry about stuff like that.

JES2 rocks! Image

Oh, geeze, now I'll be having nightmares about THAT. Please, let me forget, let me forget.

And whatever you do, don't misspell "environment".
Formerly jj, the enemy of the people, aka the bullies who rant and lie here.

User avatar
Abdul Alhazred
Posts: 71428
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 3322 times
Been thanked: 1228 times

Re: Java Update Contains Malware

Post by Abdul Alhazred » Thu Mar 24, 2011 6:56 pm

jj wrote:And whatever you do, don't misspell "environment".
I've been doing JES2 all morning. Really. :)
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

En folkefiende
Posts: 17511
Joined: Thu Aug 12, 2004 4:38 am
Location: Waiting for an electrician

Re: Java Update Contains Malware

Post by En folkefiende » Thu Mar 24, 2011 7:29 pm

Abdul Alhazred wrote:
jj wrote:And whatever you do, don't misspell "environment".
I've been doing JES2 all morning. Really. :)
Really?

Well if that was a true statement, it would explain your crankiness... But remind me, isn't that just a BIT outdated? You've still got a running 360/67? :gasp:
Formerly jj, the enemy of the people, aka the bullies who rant and lie here.

User avatar
Abdul Alhazred
Posts: 71428
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 3322 times
Been thanked: 1228 times

Re: Java Update Contains Malware

Post by Abdul Alhazred » Thu Mar 24, 2011 11:07 pm

jj wrote:Well if that was a true statement, it would explain your crankiness... But remind me, isn't that just a BIT outdated? You've still got a running 360/67? :gasp:

IBM zOS 1.7, on nearly the latest "enterprise server". The old machine room is almost empty but more powerful than ever.

However it is backwards compatible with all the old JES2 stuff. Including "tapes". The virtual tape subsystem is really DASD, but setting up the JCL is just like the good old days.

This same mainframe is running old school CICS as a mapless back end to an internet front end written in Java.

At least we can FTP files around if we have to.

Code: Select all

//STEP100 EXEC PGM=FTP,PARM='/(EXIT ',REGION=4M     
//SYSPRINT DD SYSOUT=*                                       
//OUTPUT   DD SYSOUT=*                                     
//INPUT    DD DISP=SHR,DSN=<whatever>
//NETRC    DD DISP=SHR,DSN=FOO.NETRC
//FTPDSN   DD DISP=SHR,DSN=<whatever>
//* 
:|

Such a set up is not unusual in big corporations in the financial industry, as well as the US treasury and other government agencies.
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

En folkefiende
Posts: 17511
Joined: Thu Aug 12, 2004 4:38 am
Location: Waiting for an electrician

Re: Java Update Contains Malware

Post by En folkefiende » Thu Mar 24, 2011 11:41 pm

Abdul Alhazred wrote:IBM zOS 1.7, on nearly the latest "enterprise server". The old machine room is almost empty but more powerful than ever.
Hmm, maybe I WILL give you some slack when you get really cranky...
Formerly jj, the enemy of the people, aka the bullies who rant and lie here.

User avatar
Pyrrho
Posts: 25957
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2723 times
Been thanked: 2785 times

Re: Java Update Contains Malware

Post by Pyrrho » Sat Mar 26, 2011 12:43 pm

Similar thing happens if you install the Adobe Shockwave plug-in. Options are Google Toolbar and Norton, and you have to opt out of both.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

User avatar
Rob Lister
Posts: 19922
Joined: Sun Jul 18, 2004 7:15 pm
Title: Incipient toppler
Location: Swimming in Lake Ed
Has thanked: 593 times
Been thanked: 596 times

Re: Java Update Contains Malware

Post by Rob Lister » Sun Jun 19, 2011 5:21 pm

Mozilla to Add Built-in PDF Viewer to Firefox

By Gregg Keizer, Computerworld Jun 18, 2011 1:00 pm

Mozilla is working on a project that will add PDF rendering to Firefox using HTML5 and JavaScript, eliminating the need for users to run Adobe's own plug-in.

The PDF reader may be included in Firefox within three months, said Andreas Gal, a Mozilla researcher who on Wednesday unveiled work the company had done quietly for the last month.

If Mozilla follows through on its plans, it would make Firefox the second major browser -- after Google's Chrome -- to offer in-browser PDF rendering.

But while Chrome relies on an API (application programming interface) to craft its own native-code plug-in, Mozilla will exclusively use HTML5 and JavaScript to display Adobe's popular document format.

Gal touted that as more secure.
I look forward to the day my computer is adobe free. one step closer.

User avatar
gnome
Posts: 22193
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 375 times
Been thanked: 403 times

Re: Java Update Contains Malware

Post by gnome » Mon Jun 20, 2011 4:36 pm

How about Flash, though?
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2

User avatar
hammegk
Posts: 15134
Joined: Sun Jun 06, 2004 1:16 pm
Title: Curmudgeon
Location: Hither, sometimes Yon
Has thanked: 386 times
Been thanked: 28 times

Re: Java Update Contains Malware

Post by hammegk » Mon Jun 20, 2011 4:49 pm

Buy an Ipad ... no Flash worries. :(

ps. Is there an app that does work?

eta: duh, yes.
Last edited by hammegk on Mon Jun 20, 2011 4:59 pm, edited 1 time in total.

User avatar
Rob Lister
Posts: 19922
Joined: Sun Jul 18, 2004 7:15 pm
Title: Incipient toppler
Location: Swimming in Lake Ed
Has thanked: 593 times
Been thanked: 596 times

Re: Java Update Contains Malware

Post by Rob Lister » Mon Jun 20, 2011 4:58 pm

gnome wrote:How about Flash, though?
html5 will kill flash eventually. i give it 2 yrs max.

User avatar
DrMatt
BANNED
Posts: 29811
Joined: Fri Jul 16, 2004 4:00 pm
Location: Location: Location!
Has thanked: 143 times
Been thanked: 70 times

Re: Java Update Contains Malware

Post by DrMatt » Mon Jun 20, 2011 5:58 pm

When you outlaw youtube, only youlaws will have outtubes.
Grayman wrote:If masturbation led to homosexuality you'd think by now I'd at least have better fashion sense.

User avatar
Mentat
Posts: 10271
Joined: Tue Nov 13, 2007 11:00 pm
Location: Hangar 18
Has thanked: 37 times
Been thanked: 124 times

Re: Java Update Contains Malware

Post by Mentat » Mon Jun 20, 2011 9:53 pm

Rob Lister wrote:
gnome wrote:How about Flash, though?
html5 will kill flash eventually. i give it 2 yrs max.
HTML5 will kill flash once we all figure out what it actually is.
It's "pea-can", man.

Lapis Sells . . . But Who's Buying?