Re: Java 8u40 released: why?

["Nick FitzGerald" <nick () virus-l demon co uk>]

James Hodgkinson wrote:

> Maybe the major change is that they're including the Ask toolbar in
> all releases now, not just the windows one? :)

Indeed!

> The unwelcome Ask extension shows up as part of the installer if a Mac
> user downloads Java 8 Update 40 for the Mac. In my tests on a Mac
> running that latest release of OS X, the installer added an app to the
> current browser, Chrome version 41...

So you did not notice the explanation that this would happen, right 
there on the "continue the install" permission dialog?

The one we can see a screenshot of at, say:

   https://grahamcluley.com/2015/03/oracle-java-mac/

Your description rather strongly implies that you have no choice in 
getting the Ask toolbar, which is untrue.

I understand that Mac users will likely not be _accustomed_ to such 
permissions for _additional_ software, over and above the actual 
software that they thought they were installing, being requested, BUT 
unlike your description above and Ed Bott's at ZDNet (referenced in 
another post in this thread), the user is actually given the choice to 
not install the extra offer.

Of course, questions as to the desirability of the option being 
pre-selected, and the possibly less than fully transparent directions 
about the necessity of the offer are much the same with the Mac version 
and the Windows version, whose permission dialog you can see here:

   http://i.imgur.com/82Tp2pp.png?1




Regards,

Nick FitzGerald



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/