Educause Security Discussion mailing list archives
Re: McAfee AV software bundled with Jave updates
From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Thu, 30 Jul 2009 16:32:16 -0400
I had similar reports from the person who handles imaging here, so I just called Mcafee and the support rep said he'd never heard of this and that McAfee would not compromise their reputation this way. He asked me for screen shots or a way to replicate the problem. I wasn't able to replicate on the fly or with a manual download so it's possible there's a piece of malware in the wild or perhaps it's a random offering or something like that. I can confirm we've had similar reports if that helps. Just heard of it fairly recently though. Dexter Caldwell Furman University The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes:
I just dealt with this on a staff members computer yesterday. We try to encourage people to keep things up to date but I'm considering changing my stance on Java. They have historically included OpenOffice.org or a Yahoo or Google toolbar which also defaulted to being checked. This is even worse though and will cause our helpdesk a fair amount of pain. It doesn't really surprise me that they did it but it certainly does disappoint me in both Sun and McAfee. -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services - Security derek_tonkin () baylor edu 254-710-7061 ---------------Sic 'em Bears--------------- -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn Sent: Thursday, July 30, 2009 1:52 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] McAfee AV software bundled with Jave updates When the automatic update mechanism included with Java kicks off and you tell it to update, the setup box now comes up with an option to install a 30 day version of McAfee anti virus software. The option is checked by default so anyone that updates their Java installation without paying close attention will also install McAfee. Has anyone researched this already enough to have found a registry setting or something else so at least the default action will be NOT to install the software? I can't believe they did this. Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- McAfee AV software bundled with Jave updates Gary Flynn (Jul 30)
- <Possible follow-ups>
- Re: McAfee AV software bundled with Jave updates Tonkin, Derek K. (Jul 30)
- Re: McAfee AV software bundled with Jave updates Fields, Kimberly (Jul 30)
- Re: McAfee AV software bundled with Jave updates Tonkin, Derek K. (Jul 30)
- Re: McAfee AV software bundled with Jave updates Dexter Caldwell (Jul 30)
- Re: McAfee AV software bundled with Jave updates Kevin Shalla (Jul 30)
- Re: McAfee AV software bundled with Jave updates Gary Flynn (Jul 31)