Join Now / Sign In
Ask a Question
The way Java is constructed includes what they call the "Security Manager", which is intended to restrict applications to running in the Java sandbox. This is a major part of the problem, somewhat ironically, because Security Manager has a number of interconnected subsystems that have repeatedly allowed exploits to bypass it and gain access to the machine running Java. The issue, or at least part of it, is the way that all of the subsystems interact make it much harder to correct than it would be to fix a single flaw, partially because of unintended consequences that can result in changes made to one subsystem to fix one flaw may open up a new potential exploit through a different subsystem. Also Oracle doesn't play well with others, and won't work with people outside of the company to attack flaws, so they do everything in a bit of a vacuum.
I am so sick of Oracle trying to install unwanted junk like tool bars and add-on with every update that I'm done with Java anyway. I really, really don't want an Ask Toolbar, and I don't want to have it installed by default unless I opt-out EVERY SINGLE UPDATE! Grrrrrrrrr! Ars has a harsh article on this very topic today, in fact.