On Mon, Nov 17, 2014 at 01:33:30PM -0500, D. Hugh Redelmeier wrote
| From: Walter Dnes <waltdnes@waltdnes.org>
(Nice hack to run multiple browser instances.)
| * As others have pointed out, the Java plugin is a major security hole, | a cross-platform equivalant of Active-X. Remove, or disable the | plugin.
No, it isn't like Active-X. Totally different security model.
Active-X: total trust in signed plug-ins
Java: sandbox the application so that it isn't able to do unauthorized things. Unfortunately, the attack surface is large enough that there were likely and have been implementation failures.
I understand the differences "under the hood", but conceptually, at an abstract level, it's the same. A diesel-engined car has a different powersource than a gasoline-engined car or an electric car. But in the end, they accomplish the same task, i.e. moving a few people and some groceries around. And they're all capable of getting into accidents. Same thing with Java and Active-X, they involve downloading code from a webpage and executing it on your machine. And they're all capable of security breaches. Yes, they're different "under the hood", but the results are often the same. -- Walter Dnes <waltdnes@waltdnes.org>