A security improvement program was recently announced by the head of Oracle’s Java software development team. They will gradually tighten security in favor of more regimented default controls, such as signed applets for example:
QUOTE: Over the past year, there have been several reports of security vulnerabilities in Java, primarily affecting Java running in Web browsers. Recently-released Critical Patch Updates for Java SE have contained a historically high number of security fixes. Oracle is also addressing the limitations of the existing Java in browser trust/privileges model. The company has made a number of product enhancements to default security and provide more end user control over security. Further, with the release of JDK 7 Update 21, Oracle introduced the following changes:
(1) The security model for signed applets was changed. Previously, signing applets was only used to request increased application privileges. With this update, signing applets establishes identity of the signer, but does not necessarily grant additional privileges. As a result, it is now possible to run signed applets without allowing them to run outside the sandbox, and users can prevent the execution of any applets if they are not signed.
(2) The default plug-in security settings were changed to further discourage the execution of unsigned or self-signed applets. This change is likely to impact most Java users, and Oracle urges organizations whose sites currently contain unsigned Java Applets to sign those Applets according to the documented recommendations. Note, however, that users and administrators will be able to specifically opt out of this setting and choose a less secure deployment mode to allow for the execution of unsigned applets. In the near future, by default, Java will no longer allow the execution of self-signed or unsigned code.
(3) While Java provides the ability to check the validity of signed certificates through Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) calls before the execution of signed applets, the feature is not enabled by default because of a potential negative performance impact. Oracle is making improvements to standardized revocation services to enable them by default in a future release. In the interim, we have improved our static blacklisting to a dynamic blacklisting mechanism including daily updates for both blacklisted jar files and certificates.
It is our belief that as a result of this ongoing security effort, we will decrease the exploitability and severity of potential Java vulnerabilities in the desktop environment and provide additional security protections for Java operating in the server environment. Oracle’s effort has already enabled the Java development team to deliver security fixes more quickly, resulting in fewer outstanding security bugs in Java.