The text of the article in question can be found at http://www.hpp.com/s-javablackwidow.html. It's typical of the genre in its paucity of technical detail. It seems that HPP is the latest company to discover that preying on people's fear of things unknown is a grand way to get attention, and that offering protection from imaginary hobgoblins is a sure-fire way to separate a man from his money.

If you decide to go to the site, you might want to check out their other articles including "Doomsday on the Net: Prudent Business Planning For The Collapse of Cyberspace" or "What could happen to Net stocks? What are the coming disaster signs to look for?." Of course, the purpose of all that fear-mongering is to sell their consulting services.

But the purpose of this article is not to slam HPP, but to explain how these security holes affect us and why so many people, many of whom know very little about the situation, are running around telling us that the sky is falling.

Most reports, after presenting the information above, launch into tirades about how surfing the Net is like playing Russian Roulette and how it is only a matter of time until one of these killer applets hunts you down. Some even go on to predict that this security flaw means the end of Java itself. However, one important fact is consistently omitted from such reports:

People on the Web:	25,000,000
Number of killer applet victims:	0

That's right. As of this writing, not one person been affected by these assassins of the Web. I assume I will be excused for not joining in the panic. Things accomplished under the controlled conditions of a computer lab do not always translate into the real world of the Internet. The bugs are real. They need to be, and are being, fixed. However, the danger is being grossly exaggerated, and if, after reading this article you are concerned, simply disable Java in Netscape's security preferences.

Within a year we will most likely see Java-based database and spreadsheet programs. Creating an computer environment that forbids reading data from and saving data to the disk will render all programs running in that environment virtually worthless. Who wants a word processor that doesn't let you save your work?

Sun's HotJava browser restricts Java access to a single designated directory, and Netscape has disabled all access for the time being. Neither of these approaches are really solutions. Neither allows useful programs to run while preventing damage from malicious ones. Personally, I don't think such a programming feat is possible. The simple fact of the matter is that any time you run a program you are at the mercy of the programmer. Poorly written or maliciously written programs can cause damage no matter what programming language was used to write them.

No one has been hit by a malicious Java applet, but it will happen eventually. When it does, authors will make money selling articles predicting the end of the Net, Internet consultants will make money telling their clients that everything is OK now that they have been hired, and programmers will quietly fix the bugs. After it happens a few times, it will no longer be newsworthy and things will calm down.

Running Java programs poses risks, but they are the same risks computer users have been living with for years. There are hundreds of extremely destructive viruses spread via floppy disks, but only in the days when floppy disks were actually floppy did anyone suggested that this made them an unworkable method of data transfer.

Viruses occasionally do make news today, but we don't see people suggesting that all computer users stop using their drives until manufactures fix all theoretical means of virus transmission. Floppy dives and viruses have become too familiar, and authors who write sensationalistic articles, are simply not taken seriously. Java viruses will undoubtedly become familiar, if annoying part of the Internet. By that time, of course, our yellow journalists will have found other bogeymen.