Boost logo

Boost :

From: David Allan Finch (sarum_at_[hidden])
Date: 2000-07-31 08:52:55


Valentin Bonnard wrote:
> I have never seen one. But Java is just another programming
> language, and one can write viruses in just any language.

As Java was designed specifically not to allow virus
on your machine unlike some other portable languages
I would dispute this. As there are no known Java
virus you could say this is proof but negative proof
is not proof.

> > I think you are mistaking this with a Visual Basic virus.
> No, I know what Java is and what VB is.

To my knowledge all current email virus are in VB
which has no security or sandbox, M$ only added the
signature protection afterwards and noone as far as
I can see uses it. This is sharply different from java
which had it from day one, infact M$ ridiculed
Java security features saying they where not needed
and put forward VB as good enough for the job.
One could say Sun where right and M$ where not
considering the many VB viruses that infect the
M$ OS world.

> In theory. I have seen a Java program that had a tendancy to
> dump core.

As do all programs. Dumping core is not the same
as having write access you your OS unless you are
in a monitor where you can possibly write outside
your address space, something even running in
an embedded system you should not beable to do in Java.

> There are some Java-related exploit and I don't
> see why that would stop. There was also the mis-feature
> that once you have downloaded a Java bytecode and saved
> it on your disk, it can anything it wants (because it is then
> a local file).

A virus is self infecting, what you have just described
is called a Trojan. IE you down load a game and it is
infected with a Trojan. These are different kettle of
fish from virus. I will agree that a Java program could
be a Trojan but this is not the same as saying a Java
program can be a virus.

Please do not get me wrong here, I do not think Java
is wonderful. It has many problems, I am only objecting
to your assertion that Java can be a virus. As it was
is a specific design goal for Java that it could not be
used this way, and it has yet to be proved it can, I
feel relative safe in say it will not shown to be possible
either.

David Allan Finch
Certified Sun(tm) Solaris(tm) Admin plus
C, C++, Java, Perl & JavaScript Programmer.
Monotype System Development Department

BTW - As we sell system that use Java to our customers
if you hear of any such virus I would be very grateful
if you email direct. Thanks for you help in advance.

--
   /     The whole history of this invention has been a struggle
/\|/\    against time - Charles Babbage 1837 on the Analytical Engine
| K |    All Hail Discordia - Burn all Orange Books!
\___/    david.allan_at_[hidden] - http://www.ironfort.com

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk