First a brief history lesson. A couple of years ago, there was a flurry of malicious Java exploits, where supposedly safe Java applets broke out of their sandbox and did bad things. Not good of course, but hardly unique to java. In addition to fixing the problems, Oracle has responded by ratcheting up the java security warnings in several steps. My personal interpretation of these actions is that Oracle is covering their ass – “we told you it was dangerous!”, but the practical effect of it is to make us all poorer and less safe. Here’s why.
Back in the “old days”, java applets could run in a sandboxed environment, and were presumed to be harmless. Sandboxed applets were not allowed to do many things that were considered either dangerous to your machine or your privacy, but they still could do almost any computation or graphical presentation; and anyone (well, any programmer) could write one and deploy it on a web site. There were millions, or at least many thousands, of cool and useful applets on the web, all running in sandboxes and doing useful things for us.
Nowadays, browsers refuse to run these applets, unless you drastically reduce your security settings (which few would even consider doing.) so almost all of these useful applets have stopped working; and we’re all poorer as a consequence.
For the few applets whose owners are sufficiently motivated to pay real money (about $100/year) and jump through a lot of administrative and programming hoops to keep their applets runnable, there now are scary warnings the user has to click through, even for sandboxed applets. Furthermore, the latest release (Java 8) removes some capabilities from the sandbox, so those applets, if they are to run at all, have to run un-sandboxed, with unrestricted access to the users machine.
Both the unnecessarily scary warnings, and the escalation of applets from sandboxed to unrestricted, make everyone less safe. Seeing warnings which are intended to be ignored only trains the users to just say “yes”. The similarity of the interaction between the sandboxed warning and the unrestricted warning further erodes the attention-worthiness of the warnings; and the actual escalation of applets out of the sandbox is obviously more dangerous.
All of this might be worthwhile if the code signing process somehow guaranteed a safe outcome. It doesn’t. All it really establishes is that somebody used to have $100, and was willing to spend it. But Oracle told us this was dangerous, so don’t sue them.