July 30, 2006
Java, security, and Lily AllenPosted 3264 days ago on July 30, 2006
Java's more secure than ActiveX, right? It can be, but users visiting, for example, Lily Allen's official website may be hard pressed to tell the difference. Lily Allen, by the way, is the up-and-coming pop songstress of the moment in the UK. If you have the CD, you can access exclusive content; to do so, you first have to click this link. Fill in the form, and a Java applet pops up a security dialog. Here it is:
Fair enough; I've not heard of Push Entertainment Ltd; and I'm not sure why, by default, I should "always trust content from this publisher"; but it's a sandboxed Java applet. Or is it? If you are the cautious type, perhaps you click More Information:
Now I'm really worried. Apparently this applet will not be sandboxed after all. Do I trust Push Entertainment Ltd to do no harm to my machine? The applet is most likely fine (all it needs to do, in reality, is check whether a certain CD is in the drive); but on balance I'll live without the exclusive content.
My observations. First, this looks like the exact same security model as ActiveX: if it's signed and you agree, anything might happen. Second, I'm disappointed that the warning about running outside the sandbox is hidden behind a "more information" link that few people will click. Third, it underlines the importance of running with limited rights. That offers more reliable protection than application sandboxing.
In reality, Java does have a more fine-grained security model than ActiveX (as does .NET). However, in cases like this where there is no easy way to tell exactly what permissions the applet is asking for, what is the real-world difference? The answer perhaps is that ActiveX has a history of cases where the intended security model simply hasn't worked - in the worst cases, controls download and execute without any prompt thanks to bugs in Internet Explorer. I'm not aware of so many problems with signed Java applets.
These screengrabs all done with FireFox, by the way.
No comments, be the first!
Comments are closed
Recent postsUsers plead with Borland to give up .NET
IE7 to be released 18th October,...
If Microsoft doesn't use UAC, why...
Google's unsettling lack of direction
Vista security: now prove it