Quote:
Originally Posted by jukofyork
That's not really a good thing to do as you're also allowing all future java apps the ability to bypass the firewall aswell... Often malicious web pages will "drop" some java that will instantly try to dial out, but by having your firewall ask you each time then at least you can block these (whilst still manually allowing the ones you are expecting).
By default java software is sandboxed, so even if you grant it access trough the firewall it still cant dial out, except to the webserver it was loaded from. And it cant access your disk either, so a normal java program really cant do anything malicious (even without a firewall), which is why java is popular.
Only java software that specifically asks for permission from user, have the same rights as normal programs. Which is why perfectreads for example popup the "do you trust blah blah blah.." warning because it needs access to hand histories etc.