Have a look at what’s in the latest Java update:
So now it’s not just in Chrome, but in every browser on Mac OS you must click the applet and do additional work to get it going.
Die, applets, die. Hopefully they all go after JWS next.
Kinda old news now (almost a month) as the above was added in Java 6 update 8 on OS X.
Can’t say I really blame Apple, the Java drive by attacks (Flashback malware) on mac generated a lot of negative publicity for Apple, they had to make some drastic moves, especially as there was the risk that there could be other holes in Java’s security sandbox that hadn’t been found yet. It turned out that they were right, the last Java 6 update 9 fixed 12 more remotely executable security holes.
Java’s once flagship security sandbox is considered pretty weak these days, going by its recent track record (over a 100+ remotely exploitable holes being fixed in the last year or so) there are probably plenty more holes in there that have yet to be found.
Call me crazy, but I love it. Applets have taken over 1st place from PDF drive-by infections for about 3 years now. It’s time to at least require some user interaction before the applets are executed.
I concur.
Actually I agree with you.
I’m also surprised that every other post on here has been similarly negative. I thought more people were upset at the state of applets.
I think a lot of us have realized that applets are just a bad deployment model. Might as well make an application or android app. And IMO JWS is near as bad as applets, it’s like playing Russian roulette for whether or not an exception is thrown.
Applets look bad because flash messing around. And then html5 with canvas came.
It won’t happen. OpenJDK 1.7 on Mac has a nice support of this technology ;D
I have never deployed unsigned applications. In my humble opinion, it would be better if a Java application launched from the web browser always asks for the permission of the user before running. HTML5 and WebGL don’t require that but they will have to treat only operations that should not require user permissions or they will become another vector of infections too. Flash and Silverlight have security flaws too.