Just jumping in quickly to note that there are no security concerns with Java applications themselves, just with the browser plugins. They are usually restricted and do not allow system access. However due to several bugs you can inject malicious code which is not restricted by this sandbox anymore.
Local installed java applications do have system access anyways (up to the users current rights level), so if they want to manipulate your system, they can do that like any other application can do.
Actually it would be way harder to infect your system with a Java application, as there is no easy way to elevate user rights (showing the UAC prompt for admin access) from within the Java VM.
|