In the article, Java Is The Biggest Vulnerability for US Computers at CSOOnline.com, Maria Korolov shares how the threat isn’t necessarily due to the browser add-in application itself, but that users are not keeping add-ins like Java up-to-date. Browser add-ins like Java, Adobe Flash Player and Adobe Reader are necessary for many of the functions users want when using the internet. These applications can make users vulnerable to cyber threats in a couple of ways. First, if the application itself has a security flaw that criminals can use to gain access to their computer. The second threat isn’t directly from the application itself but from fake update prompts that lead the user to malware infection.
In order to protect yourself you need to keep these and other similar applications up-to-date. But, you should be cautious when clicking on a pop-up that claims to be an update. The best way to avoid a fake update is by going directly to the application’s website. Searching for the product using Google (or another search engine) can still lead you in the wrong direction if you do not read the link web address carefully. I just did a search for “Java update” and at the top of the search were two ads: one was linked to dwnload.org where I could download Java but by doing so I would have been susceptible to allowing other programs to be installed as well, one of which was Conduit, a known malware I have had to remove for users many times. There is a disclaimer on the page: “The download manager might recommend you to install the InternetHelper Toolbar (powered by Conduit/Bing). You can decline to install it.” But why download it on that site and run the risk failing to decline malware. The second choice was downloadzone.org which offered an old version of Java and an “additional software” disclaimer that was at the bottom of the page in fine print. Find out more about PUP’s (Potentially Unwanted Programs) in a blog post from Emsisoft called Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid Them.
To help you avoid these kinds of scams the links below will take you to legitimate websites for these add-in products. To save time for future updates, add them to your bookmarks/favorites list (How to: in Chrome or Internet Explorer) or add a shortcut to your desktop. Doing so will make updating a lot easier which will help you stay safer and up-to-date because you will be more likely to do it more often. Remember the companies that offer these add-ins for free will often package other software or toolbars with their products in exchange for advertising revenue. While these items are not considered malware, many users do not want them so read carefully and uncheck the box if you do not want the tool bar or other product they are offering.