Sophos Cloud Optix
If you’re installing a critical security update on your computer, caused by the software vendor’s sloppy code quality, you probably wouldn’t dream that your software vendor is trying to make some money out of the inconvenience.
And yet that’s exactly what Oracle seems to be up to with its (sadly necessarily frequent) security updates for Java.
As Ed Bott explains in this excellent article, when the world was rushing to install an essential Java security update last week, the software vendor attempted to install a third-party toolbar and change your browser’s search engine.
Yes, Oracle has chosen to enable the option to install the Ask Toolbar and meddle with your search engines. Why? Because of profit. They earn more commission, the more people they get to install the third-party software.
You wanted to install the latest version of Java because you wanted to protect yourself against potential attack by cybercriminals. But you have to be really careful not to accidentally install unwanted software like the Ask Toolbar at the same time.
IT managers may be able to handle underhand tricks like these, but what hope does the average computer user who will – most likely – just be automatically hitting “Next”?
(Oh, and if you want to know why you might want to avoid installing the Ask Toolbar, check out this analysis by Ben Edelman).
It’s not just Oracle/Ask who are guilty of tricks like this of course.
You may remember the brouhaha that erupted after CNET served up its download of the tasty Nmap network tool with a disagreeable side-dish of the Babylon toolbar.
And then there’s Adobe – a company not unfamiliar with the need to issue regular security updates for its Flash and Acrobat products.
I’ve lost count of the number of times in the past Adobe has tried to sneak McAfee software onto my computers.
A quick search of Adobe’s community forums reveals the bundling hasn’t been popular with their users:
Of course, McAfee’s software is considerably more useful and desirable than the Ask Toolbar. But it should be my conscious and informed decision as to whether I want to install it or not. For vendors to pre-select options to install unconnected third-party software in an installer is just wrong.
I think it’s wrong for software companies to take advantage of users’ eagerness to install a security update in this way.
Oracle and others are choosing to pre-check the box – that’s a conscious decision on their part because they know that more people will install the bundled software (or “foistware” as it’s becoming known) as a result.
It’s an underhand trick designed to make them money, and customers deserve to be treated better than this.
Let us know what you think, by taking this quick poll.
Of the two options in the poll, I'd pick the third: I don't mind that it's included, but I do mind that it's selected by default. If it was there, but opt-in, I would have no problem with it; Oracle gets ad-revenue, I don't accidentally install software I don't want.
You also get other browsers, or toolbars for Googlr etc doing this when you use Apple updates (quicktime etc).
It needs to be an opt in, as they not only install themselves, but also change your default homepage and preferred search engine
People should take responsibility for installing software properly and examining WHAT is actually being installed. So long as you get the option not to install extraneous bundled software, quit whining because you opted to keep pressing next. Companies are not responsable for completely idiot-proofing software, it's pretty idiot-proof anyway.
Does that include the 10 year old son or daughter of every user who may be required to use computers to do their homework (for example)?
I agree that everyone needs to be conscious of what is being installed. But when a large company such as Oracle is aware of an additional installation of software that takes additional time it's that much more time out of my day unnecessarily. I'm not a big fan.
You may not want to hold companies responsible for their products and deliberate actions, but I think most people disagree. There are more people who couldn’t tell you if ask.com is a part of Java than you realize, and they’re trusting enough to let these companies pick good defaults for them. All this unwanted software junk is the #1 cause of broken computers that I see anymore. Companies should be held responsible for making such junk, and security companies need to start doing the reputable thing by flagging this software as a malware risk.
What Microsoft should do is steal some ideas from Linux software management. I haven’t investigated what the Window’s store provides, but I’m hoping they get all the important parts right.
Linux runs all the software through a central source that provides some level of quality assurance (e.g. evicted for bundling spamware), and all the installs/updates are handled by an efficient program on the OS. I no longer extract zip files to run an installer that extracts an installer that extracts an installer that extracts the program. I no longer worry about 4-5+ different update programs nibbling at my resources and popping up all over. I no longer worry about check boxes for extra software being buried somewhere in the process because it all has to be selected up front. I no longer worry if I’m downloading a virus, or even where to find a download link. I get reviews, ratings, descriptions, program search/browse and install buttons all in one simple place.
If I want other software that isn’t included, I can add more software repositories (usually with oversight from people overseeing the main software), download and run a single package through the OS’s installer, or even go through a more manual installation. However, it’s rare that any of those are needed, and even as a software engineer and system admin, the only time I don’t get software from a repository is with some Oracle software.
Got caught by this before, but suddenly realized that Oracle now has a vested interest in pushing out critically flawed software.
The more 0-days found in Java, the more Ask toolbars will be installed, the more money Oracle makes. Fantastically evil way to underwrite sloppy programming practices.
Of course they are going to do this, just like EVERY other company out there. If they think they can get a penny out of you, you can bet they will try to do it. I don't like it at all, if you are going to offer free software, offer free software, if you are going to charge for a software, then charge for it. Don't sneak ads in, or 3rd party installers for crap-ware to pay for your software that YOU decided to offer for free.
I always uncheck the "foistware" boxes when they come with downloads.If I wanted the toolbars,browsers,or other software,I would install them on my own.As far as the McAfee scan goes,I've used it & really didn't find it all that useful.It doesn't remove malware,it just scans to see whether or not you have McAfee security software installed or not.
I have always maintained that including these with security related updates is totally irresponsible.
It needs to be stopped and stopped now!
Thank you Sophos for a bigger voice !!!
Well, if all users were diligent enough to take responsibility for their actions with everything they install, this wouldn't be much of an issue. I mean, OF COURSE you should read what's in the installer window, look at the options that are checked or unchecked by default, and make a conscious choice about whether to accept those options…er, right?
Meanwhile, in the real world, people just want to get down to work and don't want the computer getting in their face all the time. In fact, many of the users I know actually believe that fully understanding what they're doing is beyond their ability anyway, so they just click through everything without bothering to read it.
I suppose that's precisely the mentality that such foistware seeks to exploit. I'm not sure why Oracle figures that anyone who actually needs to run Java would have that mentality. Perhaps they're counting on users who are so clueless that they don't even know whether they need Java, and just run the updater with its default settings as is.
The point is that no user who ISN’T clueless would accept such foistware (well, unless he actually wants to install it), so it seems most likely that Oracle’s intention is to push the junk onto users who don’t know enough to say no. Pretty slimy.
I seem to have caught Babylon on my IE. I know the folks at Microsoft probably don't regard it as a virus but it really gets on my nerves because I don't remember asking for it, don't want it, and can't get rid of it. (Any advice?)
Hi Terry,
I would first suggest checking your list of installed programs. If Babylon is on the list we can uninstall it. Please find below the steps on how to do this:
————————–
For Windows XP:
Click the Start button and click Control Panel. Double click Add or Remove Programs. Scroll through this list in an attempt to locate Babylon. If it is there, single left click it and click the Uninstall or Change/Remove button that appears on the right hand side of its entry in the list.
Follow the steps presented to you to uninstall it. If you are asked to keep any data or settings, choose No.
Open My Computer from the desktop or from the Start menu. Double click Local Disk (C:) then click on Programs Files folder. If there is a Babylon folder in here, right click it and choose Delete. You can then empty the Recycle Bin if you wish.
————————–
For Windows Vista and Windows 7:
Please follow these steps (depending on your Control Panel icon settings either step may apply to you):
Click the Start button and choose Control Panel. Next click the blue text “Uninstall a program” (this appears under the green word “Programs”)
Or
Click the Start button and choose Control Panel. Click Program and Features.
You should now have list of the installed programs on your computer. Scroll through this list in an attempt to locate Babylon. If you find it, single left click it and click the “Uninstall” (or Uninstall/Change) button that appears near the top of the window (i.e. above the list of installed programs).
Follow the steps presented to you to uninstall it. If you are asked to keep any data or settings, choose No.
————————–
For 32 bit Windows Vista and Windows 7:
Open My Computer (Computer for Windows 7) from the desktop or from the Start menu. Double click Local Disk (C:) then click on the Programs Files folder. If there is a Babylon folder in here, right click it and choose Delete. You can then empty the Recycle Bin if you wish.
————————–
For 64 bit Windows Vista and Windows 7:
Open My Computer (Computer for Windows 7) from the desktop or from the Start menu. Double click Local Disk (C:) then click on the Programs Files (x86) folder. If there is a Babylon folder in here, right click it and choose Delete. You can then empty the Recycle Bin if you wish.
————————–
For Windows 8:
Press the Windows key (to access the Start screen of Windows 8).
Type “uni” (without the quotes), then left click the Settings tab below the search box on right hand side of the screen or press the Windows Key and the letter W.
An icon with the text “Uninstall a Program” should appear on the left side of your screen.
Left click this icon.
You should now have list of the installed programs on your computer. Scroll through this list in an attempt to locate Babylon. If you find it, single left click it and click the “Uninstall” (or Uninstall/Change) button that appears near the top of the window (i.e. above the list of installed programs).
Follow the steps presented to you to uninstall it. If you are asked to keep any data or settings, choose No.
Press the Windows key (to access the Start screen of Windows 8).
Type “comp” (without the quotes). An icon with the text “Computer” should appear on the left side of your screen
Left click this icon.
————————–
For 32 bit Windows 8:
Double click Local Disk (C:) then click on the Programs Files folder. If there is a Babylon folder in here, right click it and choose Delete. You can then empty the Recycle Bin if you wish.
————————–
For 64 bit Windows 8:
Double click Local Disk (C:) then click on the Programs Files (x86) folder. If there is a Babylon folder in here, right click it and choose Delete. You can then empty the Recycle Bin if you wish.
————————–
Hi Terry,
If the above steps have not removed the toolbar, you can remove/uninstall it using the Manage add-ons feature of Internet Explorer.
For Windows XP:
Open Internet Explorer and click the Tools menu located near the top of the window or the top right corner of the window. Choose Manage Add-ons from the menu that appears.
On the left side of the Manage Add-ons window there should be a drop menu which shows “Currently loaded add-ons”. Click the arrow that is located to the right of these words to make the list expand and choose All add-ons.
In the list of add-ons in this window, locate all of the entries that mention Babylon, left click each entry and then click the “Remove” button in the lower right corner of the window. If there is no Remove button, choose “Disable”.
————————–
For Windows Vista and Windows 7:
Open Internet Explorer and click the Tools menu located near the top of the window or the top right corner of the window. Choose Manage Add-ons from the menu that appears.
For Internet Explorer 9 installed on Windows Vista and Windows 7, the Tools menu will appear as a gray cog wheel near the top right corner of the Internet Explorer window.
On the left side of the Manage Add-ons window there should be a drop menu which shows “Currently loaded add-ons”. Click the arrow that is located to the right of these words to make the list expand and choose All add-ons.
In the list of add-ons in this window, locate all of the entries that mention Babylon, left click each entry and then click the “Remove” button in the lower right corner of the window. If there is no Remove button, choose “Disable”.
————————–
For Windows 8:
Press the Windows key (to access the Start screen of Windows 8).
Type “add” (without the quotes), then left click the Settings tab below the search box on right hand side of the screen or press the Windows Key and the letter W.
An icon with the text “Manage browser add-ons” should appear in the 3rd (third) column of icons on the screen.
Left click this icon. In the Internet Options window that appears, click the Manage Add-ons button.
On the left side of the Manage Add-ons window there should be a drop menu which shows “Currently loaded add-ons”. Click the arrow that is located to the right of these words to make the list expand and choose All add-ons.
In the list of add-ons in this window, locate all of the entries that mention Babylon, left click each entry and then click the “Remove” button in the lower right corner of the window. If there is no Remove button, choose “Disable”.
————————–
For all versions of Windows, please also ensure to check the Search Providers tab on the left side of the Manage Add-ons window and delete any entries related to Babylon.
If all of the above steps have not been successful in removing Babylon, please let me know and I will be happy to assist further.
Thank you.
If you are like most people, after you've gone thru all of the "supposed" removal steps you'll end up needing to back up all of your data, wipe your drive, then re-install windows. That's the only way that works for the majority of users.
And do NOT use the Windows Easy Transfer tool to move your data and settings to the new install as that will bring that Babylon garbage right back.
Sorry, but the hard reality of the Babylon Toolbar VIrus is it's next to impossible to remove completely from a system and anyone who tells you different either doesn't know what they are talking about or are seriously deluded..
Hi Don,
On the contrary toolbars like this can be removed. If the above steps do not result in the removal of this toolbar, I would suggest more automated methods of removal.
Running scans with tools such as the free version of Malwarebytes Anti-Malware, SuperAntiSpyware (free version) and AdwCleaner are perfect for removing unwanted toolbars.
Some further but more manual removal methods are:
http://www.ghacks.net/2011/08/17/how-to-uninstall…
http://answers.microsoft.com/en-us/ie/forum/ie9-w…
The first link may also be of interest to Mozilla Firefox and Google Chrome users.
I have suggested the use of automated scans since I cannot provide custom text instructions via these comments since I cannot see the computer screen belonging to Terry in this case.
Running a search for the word Babylon or tool (part of the word toolbar) on the computer’s hard disk would turn up further places the toolbar may be installed within. Clearing the internet cache and temporary folders of Windows (i.e. %temp%) is also a good means of clean-up but is not as effective as a manual and thorough search of the user profile folders and Program Files folders (among others).
An automated scan is a much simpler and just as effective in the absence of being able to physically access the computer in question.
I have personally removed malware and such toolbars from hundreds of computers. However I had a significant advantage of being able to access those PCs using Citrix GoToAssist. Since I can only provide assistance using the text based instructions in these comments, my abilities are more limited but with the right instructions and knowledge these toolbars can be removed.
Please do NOT spread fear, uncertainty and doubt (FUD) that only a full re-format can remove such toolbars.
I have removed malware such TDL 4, Boot.Pihar, MaxSS and the Sinowal malware which can survive a full re-format of your hard disk.
If I can provide any further assistance or re-assurance, please let me know.
Thank you.
Let’s not forget Google’s foistware: the Chrome Browser. When you install almost any Google product, such as Google Earth, it defaults to installing Chrome as well. In fact, the foistware setting is HIDDEN in Google Earth’s default installer — you have to select an “Advanced” install before you can uncheck Chrome.
Haha had a look at my little brother's laptop the other day, his homepage looked like google but had a pornographic advert where the google logo usually sits, i'd say he had about 5 or 6 different search toolbars as well as many other useless features, to be honest general internet safety/proper use should become a subject in high schools considering the world is becoming more and more reliant on it, if we don't educate the younger generation on it then imagine the up and coming cyber crime opportunities.
I notice several people commenting that we should take responsibility for what we install, but that's an easy remark. How do I instruct my non-English speaking 76-year-old mother in law to *not* choose 'automatic install', but go through 'custom' and then determine which components and/or additional products she should choose or not – in all its myriad variations in wording and products?
I dont like it either. I like plain old google and nothing else. I hate extra toolbars and the ask toolbar seems so "spammy" and annoying. Just my opinion.
@Terry, google on the steps to get rid of that.
Just as a sidenote, Java needs to get their act together and make the application compatible with Firefox 18. I have installed, disinstalled and installed again the latest version and many of the sites I visit that have java will not load and ask me to reinstall it. I am forced to use IE which I DESPISE.
This practice is the scourge of the internet and everyone does it…including CNET! Foistware is so prevalent they gave it a term and it's out of control!!
The ASK toolbar opens up a gaping hole and allows BHO exploits like MyWebSearch and FunMoods to install and infect your pc. I see it every day, as I'm a Technician that make my living fixing computers and removing viruses.
did you mention all the opportunities to add chrome to whatever we are downloading?
No, but you have. 🙂
It seems to me we are talking about software that is commonly described as a Trojan Horse Virus. I have ceased using Avast software because it installed the Chrome Browser even after I deselected it in the install! I wont tolerate any software that installs unordered software. If I have no choice such as with Java, I try to avoid supporting them with my browsing habits.
Trojan horses don’t replicate. Viruses do.
So, calling anything a “trojan horse virus” is likely to raise the bristles on the back of anyone in the security world.
“Trojan horse malware” is okay, though.
But, I don’t think any of the software described in the article can be called a Trojan horse by the commonly-understood definition… even if it is a nuisance.
It's precisely because of these kind of 'foistware' tricks that it is totally wrong to advise people to use the automatic install option settings on ANY software. And Sophos are as guilty of that recommendation as others.
ALWAYS use the options to be informed of when an update becomes available, but then go check the dialogs yourself to see what is going to be installed. It also has the advantage that you can do the desired update at a time convenient to you and not have it demand in immediate reboot while you're in the middle of something critical! Or worse, do an automatic reboot and lose your hard work!
Be told, DIY and be safe is my motto.
Nero wants you to install the Ask toolbar too.
For those selfish people with tunnel vision who say, "It's fine with me. You can always deselect the option if you don't like it.", I say this: Not every one is as brilliant and as diligent as you. People should not have to look for things they don't want every time they try to get something they do want. I live in a community where most people are over 70. When I get a call because a computer won't work, I nearly always find 6-8 tool bars and 3-5 "free" antivirus scanners continuously popping up, asking for payment. It is a sad state when nearly every tool in the cyber world is designed to take advantage of someone.
I object to ANY software company having F-ing bloatware installation dialogs checked by default. GOOGLE is the worst offender in my opinion, and as an IT, when I do repair work on people's PCs, I tell them up front that all of the Google-Crap will be uninstalled before I start work on their PC or I'm out the door. YES, THANK YOU, I am an independent, opinionated S.O.B., but I have never had a client refuse.
I place the following entries in my Kaspersky Internet Security Application Control Settings:
(x) Enable Application Control
Applications / Untrusted Group Additions:
ASK.com (Prevents installations of the ASK toolbar virus)
GOOGLE (Preventsl installations of the Google Toolbar and Google Chrome viruses)
McAfee (Prevents installations of McAfee Shit)
Symantec (Prevents installations of Symantec Shit)
YAHOO (Prevents installations of the YAHOO toolbar virus)
Additional:
Uncheck the box that says "Delete rules for applications that are not started for ?? days."
You don't want Kaspersky to EVER delete an application because then you will only have to add it again.
If you sign a contract with an German internet provider, they mostly try to fool you with a preselected security package (i.e. antivirus) that has a free test period of one to three months and is hidden between many other not selected contract options.
Afterwards it automatically prolongs about a year for only a fiver a month.
Accidentally you will find the package for free on your order confirmation as well as your first bill(s).
This is only sightly off-topic.
What about the various media players that insist on playing all of your media files by hijacking your media file extensions by default? Opting out is not a matter of unchecking a single box. So you go through the process of reverting the extensions to your preferred player(s), and then an update to a media player comes out, and it hijacks your extensions all over again.
Just as with foistware, companies who provide media players think that they have the right to trick users into surrendering ownership of their own computers.
It stinks!
I've complained about this for years. It's very frustrating when you help a friend whose computer is running like a dog and you find 6 – 12 toolbars on their browser!
I always so no to that kind of crap, but sometimes it gets installed anyway. Java is not the only one that does it. They all annoy me.
There are more annoying ways we face these days: Avira free has bound the recent updates including web protection to the ask toolbar. If one declines to install the ask toolbar, either the whole update fails or you get at each pc boot a warning pop up which states “web protection not activ”. O.K. one can say, nothing is for free..
I know that my Sophos Endpoint Security and Control can block these toolbars, but it seems that they still appear. I assume it is because I have the "alert, but allow to run" option enabled as that option is on a seperate tab and implies that it applies to all selections of program categories within the Application Control section. Some of which I may not necessarily want to restrict.
I have attended some other Sophos webinars in the past that were very informative, any chance of Sophos running a best practice webinar covering the Application Control module in the near future?
Oracle is damaging Java's reputation by including these 3rd parties bloatware. Once you accidently install the Ask Toolbar, it's no easy task getting rid of it and restoring all browsers back to their previous state.
Sign this petition to demand that Java stop bundling 3rd party bloatware with Java:
https://www.change.org/petitions/oracle-corporati…
SIgned. Cross posted to FB. Enough is enough with this nonsense. While it is true that nothing is free, when these companies start paying my internet charges they have a right to decide what they can install on my HD. Since that has not happened, I want my right to privacy respected.
Let me inject some food for thought, I ALWAYS choose "advanced " or "custom" installation and uncheck all of the apps they try to sneak past me. But, you know what? Even when I DECLINE, apps like Delta Search and Delta Toolbar are installed regardless.
Just yesterday I was attempting to install some needed apps. I did as i normally do, carefully monitoring exactly what I was installing. I clearly indicated that I didn't want the additional toolbars. Well, my anti malware program notified me it had blocked installation of the very same toolbar I had clearly declined to install.
After everything was said & done, I realized my search engine had been changed. My settings had been changed. When I checked my control panel, I discovered that several spyware programs had been installed anyway. By the way, I don't visit questionable sites, either.
While it is fairly straightforward to uninstall these things, they leave traces behind. There are registry entries I don't dare remove. I've gotten to the point where I really resent their aggression in pushing this stuff when I clearly say NO THANKS.
Two suggestions:
1. I installed a freeware program called HiJack This. It works wonders & I humbly recommend it.
2. Even though I am diligent when it comes to installation of third party apps, some of which you cannot live without, and even though I uninstall unwanted apps/malware that slips past., I scan with SpyBot S&D once a month. It is shocking how much crap gets stuck on your hard drive without permission. Either I'm getting paranoid, or the problem is getting worse.
I have a lot of problems with Chrome crashing thanks to these many unwanted apps!!
Am I crazy?
it is so frustrating to see so many software companies like this one and norton and im sure many others that follow these kids of practices. It is predatory and misleading of the future that they want to have with you as there customer is it not?
As an IT professional and systems integrator, I once used to program in Java but now that I see Oracle have no intention of trying to treat Java with respect, so I also understand there’s no reason for me to ever recommend it, nor use it. It’s sad in a way, but these things happen. I’ve moved on I won’t be back, life is too short.
I notice that “Flash” has also started bundling bloatware, so I cannot recommend that either. Looks like javascript finally won the browser wars, and everyone has accepted this victory, even the comeptition!