This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Features new in Java 7 and the fly likes Java 7 and viruses Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Features new in Java 7
Bookmark "Java 7 and viruses" Watch "Java 7 and viruses" New topic
Author

Java 7 and viruses

Phil Freihofner
Ranch Hand

Joined: Sep 01, 2010
Posts: 115
    
    1
Is there anything new about Java 7 that is contributing to the seeming increase of viruses or exploitable aspects and the many releases we've seen lately to combat them?

I'm concerned that a lot of folks are just turning off Java on their browsers. A big part of my initial attraction to Java was the fact that it seemed rather more virus and hacker resistant than other languages, due to structural elements like the lack of pointers. But lately, it seems there has been a lot of buzz about problems with Java exploits.

I am at a loss, as I don't understand the mechanisms being used to hack Java applets. Are the current problems related to new features in Java 7? Are there new provisions and requirements for securing Java applets?
Melissa Heeren
Greenhorn

Joined: Feb 26, 2013
Posts: 6
I've turned off Java on one of my machines. The company I work for requires that all its machines have the latest patches on all their installed software, to avoid security issues. I've spent too much time on that lately, and (hopefully) temporarily turned off Java until things settle down.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30076
    
149

I remember reading something about how Java 7 did support for dynamic languages opened the door to this. I wish I kept the link for the details.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60766
    
  65

Phil Freihofner wrote:I'm concerned that a lot of folks are just turning off Java on their browsers.


Why the concern? Applets are the vacuum tubes of the web, in my opinion; obsolete and not be used. I think that everyone should have Java turned off in their browsers.



[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Phil Freihofner
Ranch Hand

Joined: Sep 01, 2010
Posts: 115
    
    1
Bear, what is it that makes Java Applets obsolete in your view? Some aspect of the technology? Is it the business--that they got outmaneuvered by Adobe? (Everyone "needs" Flash to watch You-Tube, after all.) Is it the susceptibility to hackers? (I heard second-hand you have a big thumbs-down on scriptlets, but I haven't heard the reasoning yet. Am wondering if the reasoning might be related.)

What do you suggest as a more current alternative to Applets?

There are things I have programmed and wish to continue to program, such as games, as utilities, that just couldn't happen with HTML5 or Flash. Maybe some of this is just not wanting to pay the $$ to use Flash, I'll admit. Some of the stuff I'm doing via applets: procedural FM Synthesis, procedural Perlin noise textures, both in service of a little browser game, some physics modeling (sound waves in cones).

But as interesting as this is (debating whether JApplet is obsolete), I'd also like to know just what it is about the updated Java that is making the hacking situation worse than it was previously. That was my original question. And whether or not there are things that a developer can do in coding to minimize risks.

(I was also wanting to take part in the Java 7 book raffle! )
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14074
    
  16

Phil Freihofner wrote:Bear, what is it that makes Java Applets obsolete in your view? Some aspect of the technology? Is it the business--that they got outmaneuvered by Adobe? (Everyone "needs" Flash to watch You-Tube, after all.) Is it the susceptibility to hackers? (I heard second-hand you have a big thumbs-down on scriptlets, but I haven't heard the reasoning yet. Am wondering if the reasoning might be related.)

Flash is, like Java applets, also quickly becoming a dinosaur of the web. Java applets and Flash have been supersided for the most part by HTML5 and JavaScript. Adobe stopped developing Flash for mobile platforms (phones and tablets), which is strange, since phones and tablets are taking over laptops and desktop computers. It looks like even Adobe doesn't really believe anymore in a bright future for Flash.

Scriptlets (I guess you mean pieces of Java code embedded in JSP pages) is a completely different story. The reason why you shouldn't use them is because it makes your code very messy. If you put for example code to do a JDBC query in a scriptlet in a JSP, you are severely mixing up the user interface layer of your application with the data access layer, which will quickly make your application an unmaintainable mess.

Phil Freihofner wrote:What do you suggest as a more current alternative to Applets?

There are things I have programmed and wish to continue to program, such as games, as utilities, that just couldn't happen with HTML5 or Flash. Maybe some of this is just not wanting to pay the $$ to use Flash, I'll admit. Some of the stuff I'm doing via applets: procedural FM Synthesis, procedural Perlin noise textures, both in service of a little browser game, some physics modeling (sound waves in cones).

HTML5 and JavaScript. In the last few years, JavaScript performance in browsers has improved dramatically. This started when Google added their V8 JavaScript engine to Chrome, a very sophisticated JavaScript engine that does JIT compilation and many other optimizations. Now other browsers also have similar JavaScript engines.

You can do much more with HTML5 and JavaScript than you think, it's easily good enough for games that used to be programmed in Flash previously. People build the craziest things in JavaScript, things that a few years ago you would think would be impossible. There's for example a version of Angry Birds that runs in browsers which is written in HTML5 and JavaScript, including all the animations, physics simulation etc.

Phil Freihofner wrote:But as interesting as this is (debating whether JApplet is obsolete), I'd also like to know just what it is about the updated Java that is making the hacking situation worse than it was previously. That was my original question. And whether or not there are things that a developer can do in coding to minimize risks.

The main problem is in the Java browser plug-in. I don't know about the details of the recent string of security problems, and I don't think that there's much that you as a Java developer can do besides not writing applets so that your clients don't need to have the Java browser plug-in installed.

Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 7 API documentation
Scala Notes - My blog about Scala
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java 7 and viruses
 
Similar Threads
how to convert a String into an expression
What do you mean my thread safe ??
How to find Best Application for selected FileType with Java
Java's use in Microsoft
Requirements for Applet communication online