+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

The FTC says Oracle 'deceived consumers' and left software on 850 million PCs vulnerable to hackers

Dec 22, 2015, 00:24 IST

Oracle's Executive Chairman of the Board and Chief Technology Officer Larry Ellison works behind a computer during his keynote address at Oracle OpenWorld in San Francisco, California September 30, 2014. REUTERS/Robert Galbraith

The FTC just issued a press release that took Oracle to task for what it says is the company's role in leaving up to 850 million PCs susceptible to hacker attacks.

Advertisement

The FTC says the software giant "deceived consumers" when issuing security updates to a piece of software just about every PC on the planet uses, called Java. The FTC estimates some 850 million PCs use Java Standard Edition (the version that the FTC says is problematic).

Oracle declined comment.

Java is software for running web applications, things like games, chatrooms, calculators, 3D image viewing, and so on. Java is controlled by Oracle, inherited when Oracle bought Sun in 2010.

The FTC says that Oracle never told consumers that when they get those pesky messages to update Java security and agree to the updates, that Oracle wasn't fully updating all versions of the Java SE apps they may have installed on their machines.

Advertisement

It was only updating the most recent version and ignoring older versions. And these older versions were often chock full of bugs that hackers could use to hack a person's PC.

The FTC explains:

In its complaint, the FTC alleges that Oracle promised consumers that by installing its updates to Java SE both the updates and the consumer's system would be 'safe and secure' with the 'latest… security updates.' ...

In 2011, according to the FTC's complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the 'Java update mechanism is not aggressive enough or simply not working,' and that a large number of hacking incidents were targeting prior versions of Java SE's software still installed on consumers' computers."

In a blog post, the FTC really went to town saying, "What's worse than stale coffee? Stale Java."

Advertisement

Under the FTC's proposed settlement with Oracle, Oracle will be required to tell Java users about the problem via social media and its website, and provide tools and instructions on how to remove older versions of Java SE.

The security updates will also be required to work as advertised, with Oracle telling consumers if they have an outdated version of Java SE on their computers and giving them the option to uninstall it

Oracle has agreed to settle the FTC charges, and the settlement is now subject to public comment for 30 days.

In the meantime, the FTC wants you to know that if you do have older versions of Java, here's the website that will help you remove them: java.com/uninstall.

NOW WATCH: Scientifically proven ways to stay healthy this winter

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article