Oracle's Java software is known for creating its share of headaches, but security is arguably the biggest. For one thing, upgrading to the latest version of Java Standard Edition didn't always remove every old version -- up until last year, it'd leave ancient copies that exposed your PC to attack. And now, Oracle is paying the price. It's settling FTC charges that it "deceived" customers by failing to warn about the security risks behind its Java SE upgrade process. Larry Ellison and crew will have to both warn users about those risks and create tools to remove those older, more vulnerable copies.