In case you can’t read it, it says:
This applet was signed by “JavaFX 1.0 Runtime,” but Java cannot verify the authenticity of the signature’s certificate. Do you trust this certificate? Click Trust to run this applet and allow it unrestricted access to your computer.
I trusted it anyway. Why? Mainly because it is on Sun’s site, and I doubt Sun was hacked. Second, because I clicked Show Certificate and it said everything was fine. Third, because on balance I think it is more likely that either Sun, Apple or a.n.other messed up either the cert or some other aspect of digital security programming, than that this particular bit of code belongs to a bad guy.
Nevertheless, I mention it because it illustrates the continuing hopeless state of Internet security. How on earth am I meant to know whether I should trust a certificate that “Java” has rejected? Who is this Java guy anyway? Why should I give any applet “unrestricted access” to my computer?
I see this all the time. We are confronted with impossible decisions, where one set of training tells us to click No – the certificate is out of date, the application is unsigned, the requested permissions are unwarranted – and another set of training tells us to click Yes – this is a reputable site, I need this installed to get on with my work, I’ve seen dialogs like this before and not come to any harm.
It might be better not to have the choice. In the scenario above, if the applet just refused to run, then there is a better chance that the problem would be treated as a bug and fixed. As it is, there is little chance that we will always guess right.