by | | 0 comment(s)

Oracle begins sneaking Ask.com toolbar in Mac version of Java


Java on an Apple iMacWindows users have been used to Oracle’s pesky adware, brought to us by Ask.com. Now it’s time for Mac users to keep an eye out for it.

As of last month’s Java 8 update for Mac OS X, users need to be aware of an extra step to take, in order to avoid the bundled Ask.com toolbar from installing itself, as well as overriding the default browser’s homepage.

Installing Java on a Mac is fundamentally identical as what happens on PCs. The setup process is a linear guided setup requiring the user to click Next at every page.

The pesky step is when users reach a page where Ask.com appears as an option.

The extra step is very familiar among Windows users, but less so for Mac users who, in order to keep Ask’s toolbar off their systems, must hit Cancel, when prompted with “Install the Search App by Ask”. This step is counter-intuitive by design, as some users will move forward by clicking Next, hoping to see some kind of checkbox that allows them to opt out.

The checkbox is there, however it merely offers the option of not changing the browser’s homepage with Ask.com, at which point, the toolbar will install itself, with all the adware that comes with it.

The adware is not inherently evil, does not contain malware, and it’s also fairly easy to remove from the system, however, most users will simply leave it be, without thinking of what it really comes down to.

The underhanded installation of the toolbar is designed to serve targeted ads from which Ask’s parent company IAC makes an average of 1.5 billion dollars per year.

The other side of the coin is Java’s own security issues, which lead to notorious attacks, such as Flashback, perpetrated against Apple, in Summer 2012, when over 500,000 Macs were found infected with the Flashback trojan virus.

As previously witnessed, Java can open Mac OS X to many vulnerabilities, and it’s removal is recommended.

How to remove Java from Mac OS X

First, we must identify what version of Java we have on our system. To do this we need to open a Terminal window and type the following:

java -version

This will return the current version of Java, if any is installed.

Next we need to navigate to Java’s folder location, by typing the following (tread lightly when using any Terminal commands, especially “sudo rm”):

sudo rm -rf /System/Library/Java/JavaVirtualMachines/

To remove Java permanently, issue the following commands:

sudo rm -rf "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin"

sudo rm -rf "/Library/PreferencePanes/JavaControlPanel.prefpane"

Should you be unsuccessful, just navigate to Java’s folder using Finder, and move JavaAppletPlugin.plugin, and JavaControlPanel.prepane to the trash.

Isolating Java

Isolation is another option, that leaves Java on the system, but keeps it from running in the browser, except when needed. Mac OS X does this by default, as of version 10.6.

Will removing Java affect JavaScript?

No, and we strongly advise against disabling JavaScript, as there is a radical difference between JavaScript and Java.

JavaScript is a technology implemented in modern web browsers, which powers the most advanced features that are part of all websites and web applications. Without JavaScript, major web services would not be accessible, such as banking logins, social networks, government websites, and virtually any web application designed to let users access, store, and share information.

Java, on the other hand, is a self-contained “runtime environment”, in the same way as a virtual machine. In fact, Java VM stands for Java Virtual Machine.

A virtual machine works like a sandbox, in which we can install an operating system, and run programs that will stay within the confines of the sandbox.

The security issue associated with Java VM, is that hackers can exploit vulnerabilities built into the virtual machine, in order to gain privileges outside of it, into the actual host operating system. 


You must be logged in to post comments.