Dr. Frederick B. Cohen writes:
At 06:59 AM 10/17/95 UTC, jerry the golden retriever wrote:
A security feature in Java scans for viruses before activating the applet.
I hope that this is false.
It is. Java scans the applet to make sure it doesn't try to cheat the interpreter into violating the object access rules. The scanning has nothing to do with viruses.
Even if one had genuine artificial intelligence, it would be impossible to detect all viruses, only particular viruses and classes of virus.
If Java is secure, virus scanning should be unnecessary, indeed impossible, because there could be no code configuration capable of acting as a virus.
If virus scanning occurs, then it is possible to write a virus in Java, then Java is inherently insecure.
To be more precise, if there is programming, sharing, and transitive information flow, viruses can reproduce and spread (as proven mathematically in the mid-1980s). Sice Java offers sharing of programs and (for not at least) transitive information flow, viruses are possible.
Java doesn't try to prevent viruses (viri?). It doesn't even claim such. It *does* make claims that imply limits on what the virus can do, though. If the virus does no more than eat up CPU cycles, it's fairly benign. Java is supposed to prevent viruses that destroy files and damage equipment. This feature isn't restricted to viruses, though. Even non-replicating programs aren't supposed to be able to hurt anything. Whether they achieve this goal or not is a matter of some debate.