So far, there have been no publicly reported, confirmed cases of security breaches involving Java, though there have been some suspicious events that might possibly have involved Java security problems. Of course, the lack of reported cases is no... Read More

You're at risk if you're running a Java-enabled browser and you visit a Web page written by a person you don't know or don't trust. Since the two most common browsers, Netscape Navigator and Microsoft Internet Explorer, are Java... Read More

Java and JavaScript, despite the similarity of their names, are not related. JavaScript has its own security problems, so you may also want to disable JavaScript. Read More

We are skeptical about these products. They probably can't hurt, but don't let yourself get a false sense of security from using them. Read More

Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains. Read More

It?s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units. Read More

Nothing in life is completely secure; Java is no exception. Several specific security problems have been discovered and fixed since Java was first released. If you're using an up-to-date Web browser, you are usually safe against the known... Read More

V There are two classes of security problems: nuisances and security breaches. A nuisance attack merely prevents you from getting your work done - for example it may cause your computer to crash. Security breaches are more serious: your files could... Read More

This is a complicated question with no simple answer, so we wrote a separate FAQ about it. Read More

If you maintain sensitive data on your computer that you think an unscrupulous adversary might want, you should disable Java and JavaScript, as well as not installing plug-ins, except from well-known vendors. If you don't disable Java or... Read More

If you want to block Java, the best way to do it is by setting your browser preferences to disable Java. Read More

Generally, the latest version is the safest. Be sure to regularly check your browser vendor's Web pages for announcements of new versions. Look carefully - the announcements are not always prominent. Read More

Not directly. But watch out for some newer servers that support "servlets". Servlets are fine if they are all written by the people running the server site; using servlets in this way is probably better than using CGI scripts. Going beyond this to... Read More

This is a general term for Java applets (programs) that exploit security bugs. There are some pages on the Web that demonstrate, with appropriate warning messages, some hostile applets. The applets we've seen are nuisance attacks rather than... Read More

Code security is the approach of using permissions and permission sets for a given code to run. The admin, for example, can disable running executables off the Internet or restrict access to corporate database to only few applications. Role-based... Read More

You can request permission to do something and you can demand certain permissions from other apps. You can also refuse permissions so that your app is not inadvertently used to destroy some data. Read More

A code group is a set of assemblies that share a security context. Read More

Authentication happens first. You verify user?s identity based on credentials. Authorization is making sure the user only gets access to the resources he has credentials for. Read More

Authentication modes in ASP.NET is None, Windows, Forms and Passport. Read More

The CLR computes actual permissions at runtime based on code group membership and the calling chain of the code. Read More

Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory. Read More

If the NTConfig.pol file exist, it has the highest priority among the numerous policies. Read More

Group policies stored at: %SystemRoot%System32GroupPolicy Read More

GPT is Group policy template and GPC is group policy container in Java Security Read More