From: mrm@netcom.com (Marianne Mueller)
Date: Fri, 24 May 1996 13:54:33 +0800
To: gcg@pb.net
Subject: Re: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
In-Reply-To: <2.2.32.19960523202049.006a6eac@mail.pb.net>
Message-ID: <199605240129.SAA00250@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We've reached urban legend time for Java...?   

There is no Java virus known as "Black Widow".  There was a melodramatic
web article about Java security that used the title "Black Widow", a pun
on the web.  The article focused mostly on the danger of denial-of-service
applets that consume resources on the client.  While rude, annoying, and
potentially the cause of losing unsaved edits in a word processor, (if you
were flumoxed and panic'd and instead of killing your browser, you
rebooted your computer and lost any pending edits) denial-of-service
applets are *not* viruses.  And they are not stalking the web.  Really. 

I work on Java security at JavaSoft which is part of Sun, and try to keep
our web page up to date.  See http://java.sun.com/sfaq/ for info. 

In the "for what it's worth dept", the security breaches that have gotten
so much press are fixed in JDK 1.0.2, our current release, and in NN3.0b4. 
This includes the bug mentioned in the May 18 NY Times story. 

Marianne