Update Java and You May Get Annoying McAfee Scanner Too

Windows users who install the latest Java security patches may end up with a little more security than they bargained for, at least that's the risk they take if they don't pay close attention to the installation process.

By Robert McMillan
Thu, March 24, 2011

IDG News Service — Windows users who install the latest Java security patches may end up with a little more security than they bargained for, at least that's the risk they take if they don't pay close attention to the installation process.

Starting last month, Oracle (ORCL) began bundling a security scanning tool called the McAfee (MFE) Security Scan Plus with its Java updates for the Windows operating system. The software is installed by default with the Java update, so unless users notice and uncheck the McAfee installation box as they're updating Java, they'll end up downloading McAfee's software too.

Security Scan Plus checks the PC to see if has antivirus and firewall software and if they're both up-to-date. The program comes with pop-up windows and is a bit more noticeable than the previous software that was bundled with Java in the U.S., such as the Yahoo (YHOO) Toolbar. Oracle bundles different products with Java in different regions, so not all Windows users may get Security Scan Plus with their Java updates.

Once downloaded, the McAfee software prompts the user on a daily basis to accept McAfee's licensing terms to complete the installation. The user can cancel out of this prompt, but there is no option to decline the terms. To remove the software, the user must use the Windows "Uninstall a Program" feature.

A number of users have inadvertently installed the software since Oracle started the bundling deal with Intel's (INTC) McAfee subsidiary last month.

Oracle has even posted a frequently asked question (FAQ) page to its Java.com Web site to explain the software, entitled, "What is Security Scan Plus."

Some users are unhappy, including one who posted to an Intel message board after noticing a slowdown on a family member's PC a few weeks ago, apparently after a Java update. "[M]y stepdaughter asked me today why her computer was running so slow, and, of course, it had McAfee AV on it," he wrote. " Seriously, this thing [sucks] the very life blood out of your system."

Security Scan Plus is a 1MB download. But it uses 4MB of memory when running, a company spokeswoman said via e-mail. There are other ways to end up with it on your system. Some users have complained of downloading it as part of an Adobe (ADBE) reader update, and it can be picked up when downloading via Adobe's Download Center, an Adobe spokeswoman said.

McAfee defended its decision to leave the Security Scan install box checked by default. "McAfee believes it’s better to be protected than unprotected, therefore we are offering this as a default," a McAfee spokeswoman said via e-mail. "A surprising number of people have computers with out-of-date security or no security at all."

Continue Reading

Our Commenting Policies