Java 7 update offers more security options
A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox.
The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security experts. However, users had in the past been forced to disable it on a browser-by-browser basis, while new Java updates often overwrote the changes and reset things back to an enabled state. The new option essentially ensures that any configuration changes will "stick."
Additionally, the new version of Java also offers the option to define security levels for web-based Java content, for users who need to use it occasionally. Setting it to medium, for example, will allow unsigned Java apps to run, but only on an updated version of Java. Setting it to very high will see permission being sought each time an app is loaded. Unsigned Java applets will not be allowed to run on any version of Java that is not up-to-date.
Finally, new dialogs have also been added that will warn users when the runtime environment is deemed to be insecure and when an update is available.
- check out this article at Computerworld