In article <DGMpss.5q6@sgi.sgi.com>, fc@all.net (Dr. Frederick B. Cohen) writes:
At 06:59 AM 10/17/95 UTC, jerry the golden retriever wrote:
A security feature in Java scans for viruses before activating the applet.
I hope that this is false.
Even if one had genuine artificial intelligence, it would be impossible to detect all viruses, only particular viruses and classes of virus.
If Java is secure, virus scanning should be unnecessary, indeed impossible, because there could be no code configuration capable of acting as a virus.
If virus scanning occurs, then it is possible to write a virus in Java, then Java is inherently insecure.
To be more precise, if there is programming, sharing, and transitive information flow, viruses can reproduce and spread (as proven mathematically in the mid-1980s). Sice Java offers sharing of programs and (for not at least) transitive information flow, viruses are possible.
I'm certainly no expert on viruses, but doesn't that have to be transitive flow of executable information? If I'm just shipping data around, there's no way you can infect me. Does Java allow the client to upload an applet to the server? Can applets persist between netscape sessions? If the answer to both of these questions is no, then the viability of viruses should be substantially degraded. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw@engr.sgi.com
participants (1)
-
tomw@orac.engr.sgi.com