Anyway, the situation today is not better. We have no way to tell what needs to be secured and what doesn’t. But we are still unable to answer the questions above. We can suppose that a JC2 VM secures all our application, but what does it do exactly? Does it use checksums? Random delays? We don’t know.

I remember that in Windows95, it was not possible to choose the clusters size of the FAT file system (as far as I remeber, it was 4096 bytes). Starting from Windows98, it became possible. The first time I saw the combo box offering 1024, 2048 and 4096 bytes, I didn’t know what to do. Small clusters are good for space consumption. Big cluster are better for performance. In which extent? I really didn’t know, and I think few person in the world would have been able to take a truly wise decision (my hard drive was only 1.2 GB at that time). Maybe I would have prefered not being asked. Although Windows95 was not more qualified than me to choose (was it?), at least I wouldn’t have responsible for the consequences. Stupid, and human.

Back to Java Card. What may change is that for the first time, the application developer is asked for the low-level protections he needs. He won’t know what to answer unless he is told what is behind exactly. And the JCF (I guess) will have to explain.