Scam of the day – December 26, 2015 – FTC settles dispute with Oracle about Java software

The Federal Trade Commission (FTC) and Oracle, the maker of Java software have come to a settlement of charges brought by the FTC against Oracle that alleged that Oracle deceived its customers about security updates to Java.  Java is a popular software program used for pdfs,  games, chatrooms, 3D imaging and more.  Under the terms of the settlement, which is open to consumer comments until January 20th, Oracle will be required to provide consumers with the ability to easily uninstall insecure older versions of Java SE.  According to the FTC’s complaint, Oracle promised consumers that by installing updates to Java SE, consumers would be safe and secure.  However, Oracle failed to inform consumers that the Java SE updates only removed the most recent prior version of the software and did not remove earlier versions of Java SE that might be on the consumers computer and did not uninstall versions released prior to Java SE version 6 update 10.  People who had the earlier versions of Java SE on their computer were thus still vulnerable to hacking although they were led to believe that they were safe. Computer hackers are constantly exploiting vulnerabilities in software to attack your computer and steal information from it that can make you a victim of identity theft.  Java software which is made by Oracle has been a particularly successful target of hackers and identity thieves.  According to Kaspersky Lab, flaws in Java software were responsible for about half of all the cyber attacks by hackers in 2012 and continue to be a major security threat.   In 2013, the Department of Homeland Security identified dangerous vulnerabilities in Java software that can lead to your identity being stolen and your computer being compromised by hackers.  The Department of Homeland Security has even gone as far as to advise that people disable Java or prevent Java apps from running in your browser.

TIPS

Under the terms of the settlement, Oracle will be required to notify consumers during the Java SE update process if they have outdated versions of the software on their computers and give them the option to to uninstall it.

As I first said two years ago, I strongly advise people who do not need to use Java that they disable it. Here is a link to instructions as to how to uninstall Java. http://www.java.com/en/download/help/uninstall_java.xml

Here also is a link to a page where you can find alternative pdf readers that are safer than Java : http://www.pdfreaders.org/

Leave a Reply

Your email address will not be published. Required fields are marked *