The latest Java release, update 10 on December 11, allows users to restrict Java from running in web browsers. The newest version of the Java Development Kit, JDK 7 update 10, provides the ability to prevent any Java application from running in the browser. Since Java has been subject to so many security vulnerabilities and other miscellaneous attacks, this was the best move by Oracle.

It includes a good amount of security enhancements also, including the ability to set a specific level of security for any unsigned Java applets.

Some of the exploits seen in the past have made it clear that this was needed also for the unsigned Java applets. It calls for more default deny technology, which restricts quite a bit of features, but includes greater security.

That’s the biggest problem in applications and operating systems, is that developers do not want to suppress the features so much, but also don’t want a bunch of security threats. So, finding that balance is very important.


Read more: http://secureconnexion.wordpress.com/2012/12/18/oracle-revises-java-prevent-apps-from-running-in-browsers-how-to/