Java is a powerful programming language built for the Web, but its inherent complexity has led, and will lead, to security holes. By default, untrusted applets are confined to a security “sandbox.” Trusted applets can do as much as the user will allow. Microsoft’s Java security has broad permissions that can be enforced on a per domain or per developer basis.

Hostile Java applets can cause slight annoyances that will go away with a browser restart or a PC reboot; or they can completely compromise a system, allowing hackers complete access. Although the latter types of exploits have yet to be found in the wild, the nation’s top security groups recommend disabling Java on any PC system needing high security. Chapter 11 will cover ActiveX and digital-code signing.