What's up with applet permissions on Windows Vista?

John Zukowski

According to the release notes:

On Windows Vista, there is a more restrictive sandbox for signed applets. A user has fewer privileges than if they were running on another Windows OS.

On a Windows OS other than Windows Vista, when running a signed applet, a user is prompted with a security warning dialog box and must respond. If "Yes" is clicked, the applet will have AllPermissions to run on the user's machine. This includes permission to write/delete a file from the local disk.

On a Windows Vista OS, this is no longer true. Instead, AllPermissions is limited to Java Applet scope, not Windows scope. Because a process running in IE has a low integrity level, it will not be able to write/delete a file from a medium/high integrity level directory.