Oracle settles charges that it misled you on Java security

24 Dec 2015 | Author: | No comments yet »

Feds require consumer warnings about older Java software.

SAN FRANCISCO — PC users will see more warnings about the dangers of keeping outdated software on their machines, under a legal settlement negotiated by tech giant Oracle and regulators at the Federal Trade Commission. Oracle, one of the world’s largest tech companies, has been accused by the US government of misleading consumers about the security of its software Java, which is installed on roughly 850 million computers.

The FTC says Oracle Corp. deceived consumers for several years by promising that updating their Java software would keep them safe from malware and hacking attacks. By abandoning these legacy builds, Oracle essentially left backdoors open on the computers of its customers — backdoors well-known to potential attackers due to their widespread publicity among security researchers. As part of the settlement, Oracle will be responsible for both notifying its users of the terms it agreed to and the risks posed by its uninstalled software, as well as for providing the tools necessary to perform complete removals. Many consumers aren’t aware they use Java, which comes pre-installed on many PCs and helps with the operation of web-based functions, including online calculators, games, chatrooms and even viewing 3-D images.

Action like this highlights the need for industry watchdogs, as insecure legacy software is a prime example of what economists call externalities: negative consequence of economic behavior that the free market provides no incentive to correct or account for. The software, known as Java SE, helps power many of the features consumers expect to see when they browse the Web, from browser-based games to online chatrooms. It has been linked to a staggering array of security flaws that can enable hackers to steal personal information from users, including the login information for people’s financial accounts, the FTC said. Internal corporate records seized by the FTC noted that the “Java update mechanism is not aggressive enough or simply not working.” Although the company issued updates to fix the vulnerabilities as they were discovered, the updates didn’t uninstall the older, problematic versions of Java, leaving them on the customer’s computer. In a blog post by Nicole Fleming, the FTC’s Consumer Education Specialist, the agency recommended consumers to visit Java.com/uninstall to remove older versions of the program.

Here you can write a commentary on the recording "Oracle settles charges that it misled you on Java security".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site