Java 2 (version 1.2) has now been released, and with it a new Java security architecture. We discuss the
differences between the initial Java security architecture, the interim architectures in popular browsers, and
the Java 2 model, including the implications of the new model for Java viruses and Trojan horses. Which
previous problems have been solved, what are the security aspects of the new Java features, and what
possible holes still remain? We address these and other timely questions.Active content is a new paradigm, in which data objects themselves, including documents, mail, spreadsheets and Web pages, contain the knowledge necessary to correctly present their content to the user, and if necessary interact with the user (and the user's computer!) to process that content. Macros in Word documents are a primitive form of active content; when you open a Word document, a Basic program contained in the document can run, perhaps welcoming you to the document and offering you a number of different viewing options depending on what parts of the document you want to see first. When you visit a JavaScripted Web page using a JavaScript-enabled browser, a program contained on that page will get downloaded and executed, enabling Web authors to enhance their pages with greater responsiveness and interactivity. If a Web page contains a type of data your computer doesn't currently know how to display, the page can offer an "ActiveX control"; a particular kind of program that your browser can download and incorporate in order to let you see and interact with the new kind of data.
