[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: java flaw



In article <[email protected]>, [email protected] (Dr. Frederick B. Cohen) writes:

>> 
>> At 06:59 AM 10/17/95 UTC, jerry the golden retriever wrote:
>> > A security feature in Java scans for viruses before activating the
>> > applet.
>> 
>> I hope that this is false.
>> 
>> Even if one had genuine artificial intelligence, it would be impossible
>> to detect all viruses, only particular viruses and classes of virus.
>> 
>> If Java is secure, virus scanning should be unnecessary, indeed 
>> impossible, because there could be no code configuration capable
>> of acting as a virus.
>> 
>> If virus scanning occurs, then it is possible to write a virus in Java,
>> then Java is inherently insecure.

> To be more precise, if there is programming, sharing, and transitive
> information flow, viruses can reproduce and spread (as proven
> mathematically in the mid-1980s).  Sice Java offers sharing of
> programs and (for not at least) transitive information flow, viruses
> are possible.

I'm certainly no expert on viruses, but doesn't that have to be
transitive flow of executable information?  If I'm just shipping data
around, there's no way you can infect me.  Does Java allow the client to
upload an applet to the server?  Can applets persist between netscape
sessions?  If the answer to both of these questions is no, then the
viability of viruses should be substantially degraded.

-- 
Sure we spend a lot of money, but that doesn't mean    |  Tom Weinstein
we *do* anything.  --  Washington DC motto             |  [email protected]