Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Oracle settles with FTC over “deceptive” security updates?

January 5th 2016 in safety and privacy on the Internet, Security, Updating your computer, Vulnerabilities


How were Oracle deceptive? By only removing the most recent vulnerable version of Java from user’s computers, leaving older versions in situ.

“In 2011, according to the FTC’s complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the “Java update mechanism is not aggressive enough or simply not working,” and that a large number of hacking incidents were targeting prior versions of Java SE’s software still installed on consumers’ computers.

While Oracle did have notices on their website relating to the need to remove older versions because of the security risk they posed, the information did not explain that the update process did not automatically remove all older versions of Java SE. The updates continued to remove only the most recent version of Java SE installed until August 2014.

The complaint charges that this failure to disclose the limitations of the updates in light of the statements made about the security benefits of the updates was deceptive and in violation of Section 5 of the FTC Act.”

Not only were there issues with the update process, I remember there was a time when Sun (not Oracle) recommended that old versions of Java be left on a user’s computer. I wrote back in 2005 that that was very bad advice.

The FTC has published a blog post for consumers with more information.

Here is a copy of the Order, which will not terminate until 20 years have passed.

Comments are closed.

Sure, it’s from the 1980’s, but gee it’s very interesting:


Previous Entry

Well, it is already January 12 here in Australia…

“Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates,” explains the software giant, in a post on its website.

“Internet Explorer 11 is the last version of Internet Explorer, and will continue […]

Next Entry