Java is available on millions of computers at home. Nevertheless, the program offers areas again and again to attack. Now Oracle for an insecure Update mechanism, a Rüffler of the U.S. Federal Trade Commission.
Oracle must now inform the user of Java that Java SE is potentially unsafe and must provide to the users the Tools available, to remove the older, insecure versions of the computers. The Federal Trade Commission reports. Oracle is responding to the allegations, the FTC that Oracle has misled consumers about the safety of Java Standard Edition. In the framework of an agreement, Oracle has agreed, therefore, to give users the appropriate Tools to uninstall older versions.
Oracle, the reproach of American consumer protection authority, does not have to be deleted for security updates in any case, older versions of the computers and the systems of the consumers vulnerable made.
Java, Reader, and Flash to draw for 66 percent of all pests and pest variants in the past 10 years. (Source: AV-Test)
Now, Oracle has to admit publicly that the company deceived consumers, it is not about the security risks associated with the Upgrades of Java SE, had informed. Oracle is now obliged to inform the Public through different channels such as Social Media or via Web, via the settlement with the FTC and to show how older versions of uninstall. At the same time, Oracle must commit not to spread misleading statements about the Upgrade process.
The FTC informed in the Blog: “What’s worse than stale coffee? Old Java! about the Problem.
“If the Software is a company that is installed on millions of computers, it is important that the statements are correct, and that Updates to ensure the security of the Software,” says Jessica Rich, Director of the FTC. “The unification of forces, Oracle is now providing consumers with the Tools and information you need to protect your computer.”
Oracle, the FTC, have known since the Acquisition of Sun Microsystems in 2010, of the significant security risks mainly used by older versions of Java, the Hacker’s malicious Software on the computers of the users were able to inject.
Oracle falsely, an expectation among users that the Installation of the latest Updates, the program has a sufficient level of safety assurance. Oracle does not have, however, pointed out that the Update to the latest Version always only the previous version of the System has been uninstalled. Versions prior to Java SE 6 Update 10, which were still installed, remained on the computer, leading to additional risks. Also the Oracle of the unstable Update have known process. So documents that the FTC is available, not from the internal Oracle, the Update process “is aggressive enough or simply not working.”
Oracle had informed that it would be necessary to uninstall older versions of Java SE, but it is not enough that the Update to a new Version, the older versions are not automatically deleted, which means in the eyes of the authority, a violation of FTC rules. The have changed the Oracle in August 2014.
A documentary about the entire process will post the FTC in a nutshell on your own Web pages. In the next days and comments can be submitted to the decision. Only then, it will be decided whether the decision of the authority for consumer protection is implemented.
Oracle has changed the own Update-practice already since the summer of last year. Nevertheless, the visibility of the results of this settlement with the FTC is likely to provide in the future to ensure that such security risks will not be taken by providers in purchasing. This decision should also have a signal effect for other Software manufacturers.
The FTC is not the only criticism of Oracle’s policy in Java. A few weeks ago, a Java had criticized users group, Oracle through the Java Installation is also an annoying Yahoo Toolbar users to cheers. Oracle damage to the Reputation of Java, so the accusation.
