5

Chrome 11 is now asking user permission to run both signed and unsigned Applets (yes, for signed applets the user is asked twice). Chromium team decided that this measure is needed even when the user is using an up-to-date JRE. Here's my bug report (which reflects solely my opinion: http://code.google.com/p/chromium/issues/detail?id=84001).

My question is, how do you guys see it? Is Java Sandbox dated and unsafe? Do browsers need to impose a second layer of protection by default?

Update:

I'm also curious about how many of you guys have a clean record experience with Java against how many every hit a piece of malicious software? As a Java Power User for more than 10 years, the only time my antivirus ever complained about something related to Java was a false positive (I was downloading some libraries from Maven Central repository).

Anthony Accioly
  • 199

3 Answers3

5

I try not to be too much of a conspiracy theorist but I could see this as being retaliation for Oracle's copyright/patent infringement lawsuit against Google over Android. I doubt most regular users will even notice since Java applets are basically dead anyway on consumer web sites.

I prefer the approach of Firefox, which disables known vulnerable Java versions rather than trying to paint the whole approach as flawed.

Jeremy
  • 361
  • 1
  • 2
1

Here's my opinion on the matter:

There are a whole whack of people smarter than me developing both Chrome and Chromium. I leave it in their capable hands to determine what's secure and what's not.

Not super helpful, but there's my opinion :)

Demian Brecht
  • 17,585
0

If you are paranoid, then you should disable Java applets. (You should also disable Javascript if you are REALLY paranoid.)

There are vulnerabilities in the various sandboxes - a few google checks will reveal this. Some of these may be dated, and later (or leading edge) implementations may be better than it all was a few years back.

So, it depends what you are doing: If building an embedded brick and you don't ever want to get a support call for it, then turn off as much as you possibly can. If its for a desktop app, then question the use, the users, the circumstances, the level of security, how much other virus protection you have. Then make a decision based on an evaluation of your known knowns, your known unknowns, and your trade-offs. In this case, excessive paranoia may be... well... excessive.

quickly_now
  • 15,060