Re: [SLUG] How to join the secret Java Society

From: Ronan Heffernan (ronan@iotcorp.com)
Date: Tue Aug 06 2002 - 04:36:47 EDT


> My winblows chums tell me every Java applets is a running program
> capable of doing what ever it wants, including planting worms and time
> bombs, so they don't enable Java in Netscape, what kind of security
> problem is Java as it is used in Netscape, in the LINUX environment?
>
>

I am no fan of JAVA, but I have to correct this misinformation. There
are two kinds of programs in JAVA: applets and applications. An applet
is a program that is automatically downloaded from a website and
executed inside the browser. An application is something that is
installed on the harddrive, and executed by a user (that is the general
difference). There is an important difference between applet and
application in regards to security. It is true that applications are
free to read/write the harddrive, open random socket connections, etc.
Applets, however, are run in a 'sandbox'. Applets cannot read or write
your files. Applets can only open socket connections back to the IP
address of the webserver from which they were downloaded (no surprise
DDOS attacks). Only by explicitly downloading and executing
applications outside of your browser are you at risk (pretend JAVA
applications are C++ applications, they both have the same hazards).

The real reason that your M$ Windows friends should be afraid, is
because their operating system has no underlying security. If they run
JAVA *applications* outside of Netscape, they run the risk of planting
worms and logic bombs in their OS system files.

--ronan



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:57:37 EDT