Re: > Sandboxed power == More secure???

     Things might be different if I were aiming at a particular
system. If I were Hell-bent on breaking into XYZBank, I'd spend
a lot of time studying what XYZBank uses and researching how I
might subvert it. But since

                  THREE BILLION DEVICES RUN JAVA

(according to Oracle's installation splash), if I'm just trolling
for easy marks I'll look for Java. It's a simple matter of balancing
success rate (high) and vulnerability rate (ditto).

     In a sense, it's the same thing that happened to Windows. When
Windows was the only game in town, *everybody* ran it and *everybody*
who wasn't up-to-date with the patch from twenty minutes ago was
dead meat. Microsoft (to much derision, including mine) undertook to
improve Windows' security, and -- to their credit -- they've managed
to raise it to the "Not absolutely pathetic" level.

     Java has not yet attained that lofty standard.

     Java exposed to the Net is, as Mr. Nader might say, "Unsafe at
any speed." Maybe Oracle will apply the resources needed to
resuscitate it, but I sort of think they won't: It's now viewed
as a server-side technology (and it's just fine there, and that's
where Oracle's big investments lie), so its client-side deficiencies
will just sort of sit there and rot.

     And rot. And rot. And rot. And rot. And rot.

     Friends don't let friends run Java in their browsers.