Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Settles FTC Charges Regarding Deceptive Java Security Updates (ftc.gov)

Posted by timothy on from the why-didn't-they-use-a-crystal-ball dept.

An anonymous reader writes: The FTC and Oracle have come to an agreement regarding Oracle's deceptive Java security updates, which only removed recent versions of vulnerable Java SE, but left behind older, insecure versions. Oracle got away without a fine, but will have to overhaul its Java update process to remove older versions as well.

5 of 33 comments (clear)

  1. Yeah, right ... by gstoddart · · Score: 4, Funny

    Oracle probably threatened them with a license audit and they'd need to pay eleventy eleven trillion dollars.

    --
    Lost at C:>. Found at C.
    1. Re:Yeah, right ... by crunchy_one · · Score: 4, Insightful

      So, they're going to stop shoving the Ask toolbar as part of their update process?

    2. Re:Yeah, right ... by The-Ixian · · Score: 3, Informative

      Well... Java in the web browser should just die...

      Java as a platform is just fine.

      If you follow the instructions for enterprise deployment and extract the MSI from the self-extracting archive, you won't get the updater or any adware. You will, however, still need to remove the previous version manually.

      --
      My eyes reflect the stars and a smile lights up my face.
  2. Good, about time by mitcheli · · Score: 4, Insightful

    I noticed this a few months ago when I built a system and had it scanned for compliance and was getting hit with a several year old hole in Java. I was confused because I knew I upgraded Java on the system. Then I realized that the old version was still there. Truth be said, if I build a machine and I don't absolutely need Java on it, it doesn't get loaded. Same goes for Flash.

    --
    Select from tblFriends where interesting >= 4;
  3. Re: WTF? by gstoddart · · Score: 3, Informative

    Was it just they couldn't be bothered to remove them?

    Ding ding ding. You can have anything you want as long as you're willing to pay for it.

    The shit release management practices used by Oracle are already the user's problem.

    The FTC has decided you can't claim to have a tool which says it removes older, insecure versions and then only delete some of those older, insecure versions.

    --
    Lost at C:>. Found at C.