The only thing worse than Java and its many security issues, is its incredibly crappy and outdated update scheme. The lack of an automated background update service as well as requiring user intervention for every Java security update is simply unforgivable in 2016. I mean, if Adobe can do it with Flash… anyone can do it, guys.
But, what really adds insult to injury is the fact that Oracle is still up to their old tricks of trying to trick unaware users (who are in a hurry) into installing crap ware, and/or changing settings during the update. Security updates that include opt-out “Sponsored Offers” is really just a fucked up and unprofessional business practice.
Thankfully gone is the Ask Toolbar bundled software. Replaced now with an offer to make Yahoo your home page and default search engine. I could go into rant mode about this at this point, but I won’t…
Any IT manager will tell you that keeping Java up to date on your network is a nightmare alone without having to worry about clueless users installing garbage by mistake.
Now, there an option to check in advanced settings that will disable these offers, but this setting seems to now be user specific now rather than PC specific. And who has the time or inclination to worry about that check box on hundreds of PCs?
There were also registry keys that worked well to change this setting in the past, but no longer do. In fact, it seems like Oracle has intentionally made automating this setting change more arcane with the hopes of duping a few more users.
After battling with this for a while I finally discovered a way to automatically make the change on the PCs in my Windows 7 domain so that the so-called sponsored offers are disabled. The change I am now pushing out is surprisingly simple, which made me surprised that I did not find it on the internet, but rather had to mostly figure it out on my own.
Anyway, the suppress sponsor check box under advanced options is currently controlled by a single config (.CFG) file. I found it after finding many other files and registry keys that have what looks like an option to suppress sponsors, but don’t actually do anything when modified.
The file that worked for me was C:\ProgramData\Oracle\Java\java.settings.cfg
The file is literally a blank document, until I check the box to suppress sponsored offers, it was then filled with a very simple SPONSORS=0 line. Copying this updated config file to the same location on other PCs checked the box for me and seems to even work for all users that log into that PC after that.
At that point, it is a simple matter of copying that file onto all the PCs you want to make the change on via the user’s login scripts or whatever other method you would like, and they will not get the Yahoo offer any more! At least until this is changed around again…
It is a simple fix, but as I said I found nothing out there about it while searching on how to disable the sponsored offers programmatically on the newest Java releases, so hopefully this will help some other IT specialists out there and keep a few pennies out of Oracle and Yahoo’s pockets.
Because seriously, fuck them for this still being a problem I have to deal with.