He wouldn't have ended up on treacherous paths if that warning had been more explicit about what was going on.
I agree he's not computer savy but I am not blaming Mozilla for his installing malware. I am blaming Mozilla for a confusing message about security. See https://news.ycombinator.com/item?id=6590686
There are thousands of "confusing" messages to be found on a typical computer. The messages Firefox presents for Java[1][2][3] aren't even competitive.
You have a user who has not been trained to not install random software, is fooled by extremely common ads, and who does not have the basic judgement necessary to not flail about when presented with something they don't understand but to consult someone who will understand.
This is a recipe for the exact scenario you described, but is in no way dependent on Firefox's Java messages. Any message appearing on their screen that they don't understand can be the trigger, including scammy ads encountered by millions of people in routine daily browsing.
edit: here I should replace firefox and mozilla with oracle
That's quite a stretch.
I have a user who uses frequently one specific website and for no apparent reason Firefox decides to tell him it's now dangerous to use with fearful and technological terms (vulnerabilities, plug-in, risk, etc.).
If Mozilla decides its users are dumb and should not be trusted to allow Java applet to be run then they should not warn them with techno-cryptic messages they know their users can't understand (because if Mozilla thought they could then Mozilla would know users could make the difference between a good and a bad applet and that warning wouldn't be needed).
A shorter and less scarier note would have been a better message for everyone.
The warnings are 8-14 and 5-8 words respectively, and state the case concisely. The word "risk" appears nowhere, and is a common English word anyway, and "vulnerable" and its derivatives are also common English words.
How would you rephrase the warning in fewer than 8 words that would have helped your stepfather understand the problem and how to deal with it?
Congratulations, you've just lambasted Mozilla for a Java message. Java pops up that same message for applets in all browsers. Go talk to Oracle, it has absolutely nothing to do with Mozilla or Firefox.
While I agree with your opening sentiment, and I agree regarding OP's dad not having the appropriate training and judgement, I disagree with the conclusion that he should be the resolution to that problem.
The appropriate training is nothing less than years of experience working with computers or being in the IT business. Why do we believe that this ought to be standard knowledge for users? It seems to me that we're placing too much burden on the user to make good judgements in the face of insufficient application and operating system trustworthiness.
The appropriate training has been given by me to the various family members I have to support. They started out just like his stepfather. It did not require them to have years of experience before they stopped trusting random websites, installing whatever came across their screen. It required me explaining the relevant concepts a few times. That was it.
We absolutely place too much burden on end-users -- one reason the iPad is such a hit -- but "don't believe everything you read on the Internet" and "ask me before you try to fix something you don't really understand" is not a heavy burden. If it were, we'd have a lot more mechanics and a lot fewer operable cars on the road.
I agree he's not computer savy but I am not blaming Mozilla for his installing malware. I am blaming Mozilla for a confusing message about security. See https://news.ycombinator.com/item?id=6590686