Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / October 2003

Tip: Looking for answers? Try searching our database.

is an java applet able to harm my computer?

Thread view: 
Enable EMail AlertsStart New Thread
Carl - 23 Sep 2003 13:54 GMT
Hi,

I use IE and netscape. In the options of IE, i see that the default settings
concerning Java applet are:
run java applets in script: yes

I read that an applet can do more than a javascript. So, is an applet able
to harm my system (by writing, deleting ..). If yes, why is the default yes?

Thanks
carl
Reply to this Message
Roedy Green - 23 Sep 2003 20:00 GMT
>I read that an applet can do more than a javascript. So, is an applet able
>to harm my system (by writing, deleting ..). If yes, why is the default yes?

An unsigned applet can't hurt you.  A signed one is equivalent to an
installed program  if you give it permission to run.

I think this parameter just allows triggering applets from Javascript.
This is not a particularly dangerous thing to do.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
VK - 23 Sep 2003 22:18 GMT
Some Netscape.6x versions have a security hole allowing an unsigned
JavaScript code access methods of signed applet. This way "bad guys" can
combine a signed trusted third-party applet with access privileges (an ftp
client for example) and their own JavaScript  code to misuse applet's
methods (if you granted privileges to the applet).

If your Netscape is 6.xx, I would check it, or just disallow Java in it.

> Hi,
>
[quoted text clipped - 7 lines]
> Thanks
> carl
Reply to this Message
KC Wong - 24 Sep 2003 04:27 GMT
*IF* (a very big if) you're still using Microsoft's VM, then there could be
a chance - because MSJVM has bugs in it.

My virus shield has information about a virus (forgot its name) that is a
Java applet. It will exploit a security loophole in MSJVM to access and
execute files on your computer.

Microsoft has patches for MSJVM, but god knows if there're more lurking in
there. More reason to download JRE!

KC
Reply to this Message
Marc Sch?nefeld - 03 Oct 2003 13:38 GMT
Hi, SUN JRE is also vulnerable if you use the java media framework:

See

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760&zone_32=category
%3Asecurity

"1. Impact
A vulnerability in the Java(TM) Media Framework (JMF) may potentially
allow an untrusted applet to exit unexpectedly ("crash") the Java
Virtual Machine (JVM) or gain unauthorized privileges.."


Cheers
Marc

> *IF* (a very big if) you're still using Microsoft's VM, then there could be
> a chance - because MSJVM has bugs in it.
[quoted text clipped - 7 lines]
>
> KC
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.