Microsoft took what appeared to be a shot at Oracle's wallet this month when it switched on search-and-destroy in its security software for older versions of the Ask browser toolbar, which has long been bundled with Java even in the face of users' complaints.
But Oracle has sidestepped Microsoft's new policy by changing its Java installer so that it adds a Yahoo browser tool to Internet Explorer (IE).
Microsoft's security products, including the consumer-grade Windows Defender and Security Essentials -- the former is bundled with Windows 8.1, the latter is a separate download for Windows Vista and Windows 7 users -- now detect and delete earlier versions of "Search App by Ask," a browser toolbar that sets Ask.com as the default search engine in IE and nags users not to change the browser's home or new tabs pages.
Late last month, Microsoft warned developers that as of June 1 its security software would finger programs that engage in "search protection," lingo referring to programs that "prevent or limit users from viewing or modifying browser features or settings." Commonly, those kinds of programs, usually add-ons like toolbars, lock in a search provider and/or a specific URL as the home page -- again, typically a search provider's -- or try to discourage users from making any changes that the add-on implemented.
Microsoft published the criteria it would use to define "search protection" in December 2014, and at the time said it would switch on detection and deletion on Jan. 1, 2015. For whatever reason, the deadline was extended: About three weeks ago Microsoft said the trigger date would be June 1.
With that deadline now passed, Microsoft's security software will identify and remove older editions of Search App by Ask, the toolbar Oracle bundles with the Windows and OS X versions of Java. By default, the toolbar is installed along with Java; users must notice a warning and deselect the download by unchecking a box.
Ask's toolbar comes in versions for IE, Apple's Safari, Google's Chrome and Mozilla's Firefox.
Microsoft noted that the newest toolbar will not be eradicated: "The latest version of this application is not detected by our objective criteria, and is not considered unwanted software," the company said in its malware definition for the toolbar.
Ask.com confirmed that its latest toolbar was immune from detection, as Microsoft said. According to sources with knowledge of the Oracle-Ask partnership, the latter had worked with Microsoft for several months to make its toolbar compliant with IE's new rules.
"We enjoyed a long and successful partnership with Oracle," an Ask.com spokeswoman said in an emailed statement. "After multiple renewals over the course of several years, we did not extend the relationship upon expiration of the most recent deal."
Like other bundlers of so-called "crapware," Oracle included the Ask toolbar with Java for financial reasons: It received a commission from Ask for every installation of the toolbar.
Users have complained about the bundle for years, even going to the trouble of initiating online petitions where thousands have called on Oracle to stop.
Oracle has slowly responded by adding documents to its support site that walk users through uninstalling the toolbar.
But of greater interest, Oracle has stopped bundling the Ask.com toolbar with Java: Computerworld verified that Java 8 on OS X did not come with or offer the toolbar, while Java 8 for Windows pitched a Yahoo toolbar instead.
"Set Yahoo as your homepage and default search engine on Chrome and Internet Explorer, plus get Yahoo as your new tab page on Chrome," the Java's installation dialog stated. When Computerworld ran the Java 8 installer, the Yahoo tool was also installed.
It was unclear whether Yahoo's toolbar also violated the new Microsoft rule. It appears it should.
When Computerworld installed Java 8 on a Windows 7 PC running IE11 and allowed the Yahoo code to also install, the latter changed the default search engine in the browser from Google to Yahoo, without as much as a by-your-leave message. (Odd, too, was that the Yahoo change didn't immediately take effect, but swung into action only after about 10 to 15 minutes, a delaying tactic Oracle also used with Ask.com's toolbar, and which many classified as deceptive.)
The Yahoo tool behavior seemed to break one of the Microsoft rules it spelled out last year: "Our objective criteria states that a program should not ... circumvent user consent dialogs from the browser or operating system," one of those rules asserted. Yet Computerworld never saw a message from Windows or IE to confirm the change to IE11's search engine.
Nor did an up-to-date Security Essentials detect the bundled-with-Java Yahoo toolbar as malware. Microsoft did not immediately reply to several questions about the toolbar and how Microsoft's security products are supposed to handle it.
Years ago, Oracle had partnered with both Microsoft and Yahoo to inject crapware as part of Java installs. It then switched to Ask for several years before recently returning to Yahoo.
Microsoft isn't the only browser maker to put the hurt on toolbars. Google has been bashing them for ages, stressing the high gripe volume from Chrome users about the category; limiting in-browser apps and add-ons to those distributed through the Chrome Web Store, where they can be vetted; and warning customers about dubious software that changes the home page or search engine.
The latter, of course, has been in Google's own business interest, since search -- and the home page it dominates -- generates the bulk of the Mountain View, Calif. company's revenue.
Windows users who do not run Microsoft-branded security software can uninstall the Ask toolbar manuallyby following the instructions on Ask.com's website.
Yahoo's toolbar can also be manually eradicated by following steps listed on Yahoo's site.
Oracle did not reply to questions about its bundling of browser-change tools with Java.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.