It is amazing how number of "code vulnerability experts" is raising after each discovery with good media coverage/hype.

You can have even fataly flawed code from security point of view and it can be best solution for your problems still. Each solution, use of tools/frameworks, ppl training for some form of security defensive coding, testing,... is with high cost if you want to be serious and even after all that effort you can be sure that there are problems left still.

And personally i dont think jvm problems are so bad when compared with different it technology in the past so there is no need for refusing jvm. You can use countless defensive countermeasures if you are too afraid of your privacy.

Or missing/buggy array bounds check. Or something wrong with your recursive function. Or a subtle race condition in multi-threaded code. Or any of these not in your code, but in one of the libraries you use, including the operating system. I could continue that list...

It takes a lot more that "just discipline" to avoid these kinds of errors with "native" languages like C, and that's even assuming that you know about all the potential problems. Actually, the fact alone that you are not aware of all these subtle things shows that it's not that easy to write a secure application. It's just not possible to think of every existing attack vector out there and actively protect against it.

The advantage of using a "safe" language (like Java) is that you don't have to worry about a huge percentage of these things, because the worst that can happen is that your application crashes, and the attacker is never going to be able to insert malicious code through a bug in the application.


Replace every instance of JAR file with EXE file, and you have an even worse problem. That's actually the point of the whole fuss: With Java, you have security measures in place against masicious code. They are just not perfect, there are apparently some security holes. With EXE files and native applications, you have no security at all, if you don't trust the file and its author, you can't use it, period. On the other hand, it takes a little bit more than "just" malicious code in a JAR file to break out of the Java sandbox. That's why people (and sadly also browsers) tend to blindly trust in Java to protect them, and it's really bad when suddenly it's discovered that Java isn't perfect. But there is no such thing as bug-free software.

And while we're at it, I actually have no idea why until recently browsers just executed plugin content (including Java) without asking the user. You'd think people have learned something from ActiveX plugins . And even worse: At least on Firefox, there is an exception for Flash, so I expect all the security problems to just shift to a different plugin, now that the default is click-to-start for everything else. But maybe not, because people just tend to click on Ok anyway .

Executing code from an unknown source just isn't a good idea, ever, regardless of programming language .


Actually, for C programs, that's the most common attack vector. For Java, it's almost non-existant.

As a practical example, all things being equal, just assume there is an alternative KGS client written also by wms, with exactly the same feature set, but written in C++ instead of Java. Which one would you use?

I would definitely use the Java client, because while I'm pretty sure I can trust wms, I'm also pretty sure there are security relevant bugs in the code. There always are, as soon as the application uses network connections. But I'm also pretty sure that the Java VM protects me from most of them by just crashing the application in the worst case, instead of allowing an attacker to capture my computer.

On the other hand, if someone I don't trust sends me a program, I don't think it's a good idea to start it, not even if its written in Java

Can you please elaborate on what makes a lanuage (or its environment) "safe" in contrast to a native language?



Partly, right. There are, however, the possibilities of open source code to be compiled, hashs or certificates. (The latter two also require trusting the author or certificate distributer.)



One of my informatics prof said: "The longest error-free program I have seen had 5 lines of code.";)



I would choose C++, because WMS I trust more than the JRE authors and because I use sandboxing in the operating system's management of running applications.

There are generally two aspects that come to mind in terms of language safety.

1.) Language safety means predictability. C and C++ are notorious for undefined behavior: http://en.wikipedia.org/wiki/Undefined_behavior
You often have a lot of flexibility and power with such languages, but of course, undefined behavior is typically undesirable. Further, sometimes you have different C compilers, for example, that produce different behavior for the same compiled source code. This is not the case with Java, for example, where the JRE interprets the bytecode in the same way and produces the same effect.

2.) Language safety can indicate that the language provides abstraction. For example, with an array, you might not dealing directly with memory. Rather, the way elements are added to the array in the language is through an abstraction, which only allows for this to be done through the mechanisms specifically designed for this in the language. Contrast this with writing to an arbitrary memory location.

Language safety makes it harder for the programmer to do dangerous things in their code. You can try to prevent problems by adhering to good programming practices, but programmers are humans and subject to making mistakes.

Safe languages can aid in alleviating this problem.

_________________
be immersed

I suppose this is the best place to ask this question - but, for each new problem on Goproblems.com, Java asks my permission to run. I am using chrome on Windows 7. Is there any way to make it just work, without having to pop up again and again asking permission to run? Or, better yet, is there some sort of standalone goproblems app or program that will get the problems without me even having to use a web browser?

usually there is a checkbox in the popup you can click. (for my version of chrome, you can click always run on this site).

Last time I was on goproblems, I had Java disabled and had the option of using Javascript, which worked fine. (On Safari)

_________________
The Adkins Principle:
At some point, doesn't thinking have to go on?
— Winona Adkins

Visualize whirled peas.

Everything with love. Stay safe.

I click that, but it keeps coming up any time. I'll try disabling java and running it through javascript - thanks for the tip!

At Pwn2Own, Browser Exploits Getting Harder, More Expensive to Find Has some interesting tidbits.

_________________
Occupy Babel!

According to

http://www.heise.de/newsticker/meldung/ ... 17775.html

certificate verification by Java was programmed but deactivated...! As a consequence, a malware digitally signed with a stolen key was allowed to escape the Java sandbox and download and execute random code [subject to Java-independent security means].

As nice abstraction layers, sandbox and certificates for Java may be in theory, as long as their programming allows the contrary, there is no security in practice.

There may be cases where the security of these abstraction layers is violated, but that does not make it worse than having no such security at all. If you want to take additional security steps such as making your own sandbox, etc., this can also be done on top of the existing security present in Java.

Flaw in security is not equivalent to no security. If we allow that to be true, then no system has security, whatsoever.

_________________
be immersed