1995-10-19 - Re: java flaw

Header Data

From: tomw@orac.engr.sgi.com (Tom Weinstein)
To: cypherpunks@toad.com
Message Hash: a836a460331680b56b12507f9012366e3ee163694ea9bcc69d8d054cda48d89f
Message ID: <199510190209.TAA12996@orac.engr.sgi.com>
Reply To: <DGMpss.5q6@sgi.sgi.com>
UTC Datetime: 1995-10-19 02:09:51 UTC
Raw Date: Wed, 18 Oct 95 19:09:51 PDT

Raw message

From: tomw@orac.engr.sgi.com (Tom Weinstein)
Date: Wed, 18 Oct 95 19:09:51 PDT
To: cypherpunks@toad.com
Subject: Re: java flaw
In-Reply-To: <DGMpss.5q6@sgi.sgi.com>
Message-ID: <199510190209.TAA12996@orac.engr.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain

In article <DGMpss.5q6@sgi.sgi.com>, fc@all.net (Dr. Frederick B. Cohen) writes:

>> At 06:59 AM 10/17/95 UTC, jerry the golden retriever wrote:
>> > A security feature in Java scans for viruses before activating the
>> > applet.
>> I hope that this is false.
>> Even if one had genuine artificial intelligence, it would be impossible
>> to detect all viruses, only particular viruses and classes of virus.
>> If Java is secure, virus scanning should be unnecessary, indeed 
>> impossible, because there could be no code configuration capable
>> of acting as a virus.
>> If virus scanning occurs, then it is possible to write a virus in Java,
>> then Java is inherently insecure.

> To be more precise, if there is programming, sharing, and transitive
> information flow, viruses can reproduce and spread (as proven
> mathematically in the mid-1980s).  Sice Java offers sharing of
> programs and (for not at least) transitive information flow, viruses
> are possible.

I'm certainly no expert on viruses, but doesn't that have to be
transitive flow of executable information?  If I'm just shipping data
around, there's no way you can infect me.  Does Java allow the client to
upload an applet to the server?  Can applets persist between netscape
sessions?  If the answer to both of these questions is no, then the
viability of viruses should be substantially degraded.

Sure we spend a lot of money, but that doesn't mean    |  Tom Weinstein
we *do* anything.  --  Washington DC motto             |  tomw@engr.sgi.com