I ended up with a virus on Friday when I selected "View" on an HTML attachment from the GMail web interface. The attachment started up java and proceeded to install the malware "Desktop Security 2010" and make changes to my system startup. I'm wondering how this happened and how to prevent it. My java security settings (Java Control Panel->Security->Certificates->Trusted Certificates) only lists Akamai Technologies and JavaFX as trusted certificates. Shouldn't that mean that I get prompted if any one else signs an applet that tries to run outside the sandbox? What else do I need to do to make sure that NO java applets run with elevated permissions? I've disabled java via an add-in in the meantime, but what do I need to do to secure my browser properly? == This happened == Just once or twice == I selected "view" on a virus-infected email attachment in gmail