Bundled software in security updates

Today's Java security update includes a checked-by-default "Install Google Toolbar for Internet Explorer" option. Shame on you, Sun and Google. Automatic security updates are no place to push unrelated, bundled software. Making security updates annoying hurts security almost as much as making security updates complicated: users will be less inclined to update next time.

This is similar to how Flash updates attempt to install the Yahoo Toolbar. It's certainly not as bad as the frequently updated AOL Instant Messenger, which turns on the "Today window" popup on every AIM account and adds a "Netscape ISP" icon to the desktop with every security update. But I thought Google was trying to set a good example.

6 Responses to “Bundled software in security updates”

  1. minghong Says:

    Really? But for me the update is just a normal one, I didn’t see the option for Google Toolbar…

  2. Jesse Ruderman Says:

    It could be worse: http://www.penny-arcade.com/comic/2001/06/18

  3. BillyG Says:

    It happened to me this morning too when installing CCleaner‘s new release. In this case, I think it was Yahoo’s turn. They’re all hedging their bets that we don’t read the panels as we fly through the ‘Next’ buttons. I know I don’t. I almost missed that one lol.

  4. Gstories » Google tricks users into installing their toolbar in IE? Says:

    […] Via SquareFree. This entry was posted on Wednesday, November 1st, 2006 at 12:34 am and filed under Uncategorized. Follow comments here with the RSS 2.0 (XML) feed. Post a comment or leave a trackback. […]