Not only is Java notoriously insecure, it seems that Oracle is packing third-party apps to install alongside with Java and its updates.
Ed Bott of Zdnet has unearthed that third-party software is always included with Java's automatic updater for Windows, specifically the Ask Toolbar and McAfee Security Scanner. When you install Java or an update on Windows, the option to include the Ask Toolbar and make it the default search provider is checked by default.
If you miss this dialogue box and click on, the Ask Toolbar installer curiously waits 10 minutes before running the complete installation. Spyware expert Ben Edelman points out that this kind of delayed installation was a common tactic used by companies to install deceptive software.
Even if Oracle insists on packaging additional software with its Java installer and updater, is it right to have the option to install them selected by default - when all a user wants is just Java?
Read more about the installer and what the Ask Toolbar does if you (unfortunately) happen to install it at Zdnet.