Java WebStart and Security

This page briefly describes the security features of Java WebStart and explains how you can maintain the security of your computer when using software delivered with WebStart.

WebStart Security Modes

When software is launched using Java WebStart, the software may run in one of two different security modes: Secure or Unsecure. The software being run will tell WebStart what mode it needs to run in.

Secure Mode

In Secure Mode, referred to by software developers as "in the sandbox", WebStart runs the software in a secure environment (a sandbox) that prevents the software from doing anything that could potentially harm your machine without asking you first. This means that the software cannot do things like read or write files on your hard drive, install other software, or talk to other computers, without WebStart first asking you if it is okay for the software to do it.

Unsecure Mode

In Unsecure Mode, the software has the same access to your computer as any other program you run, such as a word processor or a music player, and can do things like read and write files on your hard drive without WebStart asking you if it's okay every time the software tries to do one of these things.

This means that software running in Unsecure Mode could do bad things to your machine, if the person who wrote the software has malicious intent.

Security Warning

WebStart Security Dialog Screenshot (Click to zoom in)

WebStart will not just automatically let an application run in Unsecure Mode.

When a piece of software asks to run in Unsecure Mode, WebStart will ask you whether you want to "trust" the software by displaying a security warning like the one shown on the right.

You will be given the following options:

  • Run the software in Unsecure Mode, by clicking 'Yes'
  • Don't run the software at all, by clicking 'No'
  • Choose to always trust this piece of software, by clicking 'Always'
You do not have the option of running the software in Secure Mode, because the software will not work if it is not run in Unsecure Mode.

What Should I Do?

When WebStart shows you a security dialog like the one above, you have to make a decision about whether to run the software or not.

Here are some things you should take into consideration when deciding whether to run software in Unsecure Mode:

  • Do you personally know the person who wrote the software?
  • Do you trust the company that wrote the software?
  • Does someone you know and trust use the software and has recommended it to you?

If the answer to any of the above is "Yes", you may be able to run the software with confidence that it is trustworthy.

Ultimately, there is a risk in running any software on your computer, and software distributed through WebStart and run in Unsecured Mode is no more dangerous than any other program you download from the internet and run locally. In fact, software distributed through WebStart is more secure, because it gives you the opportunity to say "No, I don't trust this software."

In the end, you need to be satisfied that the person or corporation offering the software is legitimate, and you need to have a reasonable level of confidence that their software is not malicious.

If you can't be satisfied that this is the case, don't run the software.

Click here to return to the page you came from.