The harmony broke in the early 2010s. Hackers realized that the Java Runtime Environment (JRE) installed on millions of computers was a perfect attack vector. They found ways to trick the Java Security Manager—effectively punching holes in the sandbox walls.
Java checks three main things before running an application. If any fail, it blocks the app: application blocked by java security
The “Application Blocked by Java Security” error is Java doing its job. Use the Exception Site List for trusted internal apps, and never lower security globally. If the application’s developer won’t sign their code, consider finding a modern alternative. The harmony broke in the early 2010s
Malware authors began distributing "drive-by downloads." A user would visit a compromised website, a malicious Java applet would silently load, escape the sandbox, and install a keylogger or ransomware. Java checks three main things before running an application
This tells Java, “I trust this specific website/application, even if your checks fail.”