If you still run the Java plug in for whatever reason, you might have notice as of late that when you install or update Java, it will check and offer to remove older versions of Java on your system. That’s a great idea as it ensures that you’re protected from threats that the older versions might have.
The problem is, it didn’t really work. Here’s what the FTC says on that front:
In its complaint, the FTC alleges that Oracle promised consumers that by installing its updates to Java SE both the updates and the consumer’s system would be “safe and secure” with the “latest… security updates.” During the update process, however, Oracle failed to inform consumers that the Java SE update automatically removed only the most recent prior version of the software, and did not remove any other earlier versions of Java SE that might be installed on their computer, and did not uninstall any versions released prior to Java SE version 6 update 10. As a result, after updating Java SE, consumers could still have additional older, insecure versions of the software on their computers that were vulnerable to being hacked.
What’s really bad about this is that Oracle knew about this as early as 2011.
#Fail
To make this go away, Here’s what Oracle has been ordered to do:
Under the terms of the proposed consent order, Oracle will be required to notify consumers during the Java SE update process if they have outdated versions of the software on their computer, notify them of the risk of having the older software, and give them the option to uninstall it. In addition, the company will be required to provide broad notice to consumers via social media and their website about the settlement and how consumers can remove older versions of the software.
The consent order also will prohibit the company from making any further deceptive statements to consumers about the privacy or security of its software and the ability to uninstall older versions of any software Oracle provides.
The FTC has published a blog post for consumers with more information about Java SE’s update issues.
My advice for a very long time has been not to run Java at all. Now would be a really good time to get rid of it. If you want to go ahead and make yourself a whole lot safer, visit http://java.com/uninstall where there are instructions on how to uninstall older versions of Java SE. This webpage also provides a link to the Java SE uninstall tool, which you can use to uninstall older versions of Java SE.
Like this:
Like Loading...
Related
This entry was posted on December 22, 2015 at 10:55 am and is filed under Commentary with tags Java, Lawsuit. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Oracle Settles With FTC Over Failure To Remove Old Java Versions
If you still run the Java plug in for whatever reason, you might have notice as of late that when you install or update Java, it will check and offer to remove older versions of Java on your system. That’s a great idea as it ensures that you’re protected from threats that the older versions might have.
The problem is, it didn’t really work. Here’s what the FTC says on that front:
In its complaint, the FTC alleges that Oracle promised consumers that by installing its updates to Java SE both the updates and the consumer’s system would be “safe and secure” with the “latest… security updates.” During the update process, however, Oracle failed to inform consumers that the Java SE update automatically removed only the most recent prior version of the software, and did not remove any other earlier versions of Java SE that might be installed on their computer, and did not uninstall any versions released prior to Java SE version 6 update 10. As a result, after updating Java SE, consumers could still have additional older, insecure versions of the software on their computers that were vulnerable to being hacked.
What’s really bad about this is that Oracle knew about this as early as 2011.
#Fail
To make this go away, Here’s what Oracle has been ordered to do:
Under the terms of the proposed consent order, Oracle will be required to notify consumers during the Java SE update process if they have outdated versions of the software on their computer, notify them of the risk of having the older software, and give them the option to uninstall it. In addition, the company will be required to provide broad notice to consumers via social media and their website about the settlement and how consumers can remove older versions of the software.
The consent order also will prohibit the company from making any further deceptive statements to consumers about the privacy or security of its software and the ability to uninstall older versions of any software Oracle provides.
The FTC has published a blog post for consumers with more information about Java SE’s update issues.
My advice for a very long time has been not to run Java at all. Now would be a really good time to get rid of it. If you want to go ahead and make yourself a whole lot safer, visit http://java.com/uninstall where there are instructions on how to uninstall older versions of Java SE. This webpage also provides a link to the Java SE uninstall tool, which you can use to uninstall older versions of Java SE.
Share this:
Like this:
Related
This entry was posted on December 22, 2015 at 10:55 am and is filed under Commentary with tags Java, Lawsuit. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.