Ed Bott has a good article up: A close look at how Oracle installs deceptive software with Java updates
Summary: Oracle’s Java plugin for browsers is a notoriously insecure product. Over the past 18 months, the company has released 11 updates, six of them containing critical security fixes. With each update, Java actively tries to install unwanted software. Here’s what it does, and why it has to stop.