is an java applet able to harm my computer?

  • Permalink
  • submit to reddit
  • Email
  • Follow


Hi,

I use IE and netscape. In the options of IE, i see that the default settings
concerning Java applet are:
run java applets in script: yes

I read that an applet can do more than a javascript. So, is an applet able
to harm my system (by writing, deleting ..). If yes, why is the default yes?

Thanks
carl




0
Reply Carl 9/23/2003 12:54:15 PM

See related articles to this posting

On Tue, 23 Sep 2003 14:54:15 +0200, "Carl" <jhkl@fgnfn.us> wrote or
quoted :

>I read that an applet can do more than a javascript. So, is an applet able
>to harm my system (by writing, deleting ..). If yes, why is the default yes?

An unsigned applet can't hurt you.  A signed one is equivalent to an
installed program  if you give it permission to run.


I think this parameter just allows triggering applets from Javascript.
This is not a particularly dangerous thing to do.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming. 
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
0
Reply Roedy 9/23/2003 7:00:21 PM

Some Netscape.6x versions have a security hole allowing an unsigned
JavaScript code access methods of signed applet. This way "bad guys" can
combine a signed trusted third-party applet with access privileges (an ftp
client for example) and their own JavaScript  code to misuse applet's
methods (if you granted privileges to the applet).

If your Netscape is 6.xx, I would check it, or just disallow Java in it.

Carl <jhkl@fgnfn.us> wrote in message news:bkpg0d$8me$1@reader11.wxs.nl...
> Hi,
>
> I use IE and netscape. In the options of IE, i see that the default
settings
> concerning Java applet are:
> run java applets in script: yes
>
> I read that an applet can do more than a javascript. So, is an applet able
> to harm my system (by writing, deleting ..). If yes, why is the default
yes?
>
> Thanks
> carl
>
>
>
>


0
Reply VK 9/23/2003 9:18:09 PM

*IF* (a very big if) you're still using Microsoft's VM, then there could be
a chance - because MSJVM has bugs in it.

My virus shield has information about a virus (forgot its name) that is a
Java applet. It will exploit a security loophole in MSJVM to access and
execute files on your computer.

Microsoft has patches for MSJVM, but god knows if there're more lurking in
there. More reason to download JRE!


KC


0
Reply KC 9/24/2003 3:27:00 AM

Hi, SUN JRE is also vulnerable if you use the java media framework: 

See

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760&zone_32=category%3Asecurity

"1. Impact 
A vulnerability in the Java(TM) Media Framework (JMF) may potentially
allow an untrusted applet to exit unexpectedly ("crash") the Java
Virtual Machine (JVM) or gain unauthorized privileges.."

 
Cheers
Marc 



"KC Wong" <sterilize.the.spammers@killkillkill.com> wrote in message news:<bkr2si$4rqc0$1@ID-200690.news.uni-berlin.de>...

> *IF* (a very big if) you're still using Microsoft's VM, then there could be
> a chance - because MSJVM has bugs in it.
> 
> My virus shield has information about a virus (forgot its name) that is a
> Java applet. It will exploit a security loophole in MSJVM to access and
> execute files on your computer.
> 
> Microsoft has patches for MSJVM, but god knows if there're more lurking in
> there. More reason to download JRE!
> 
> 
> KC
0
Reply marc 10/3/2003 12:38:21 PM
comp.lang.java.security 1490 articles. 2 followers. Post

4 Replies
704 Views

Similar Articles

[PageSpeed] 53

  • Permalink
  • submit to reddit
  • Email
  • Follow


Reply:

Similar Artilces:

Java applet failed when I try to load the avi file in my java applet
Hi everyone, I am a new person in Java and JMF. I tried to use HTML to run the class of the SimplePlayerApplet.java that is posted in java.sun.com. html: <applet code=SimplePlayerApplet.class width=320 height=300> <param name=file value="sun.avi"> I got a java applet failed. I am not sure where should i put the sun.avi file? The SimplePlayerApplet.class and sun.avi are in my desktop. Is it right as <param name=file value="sun.avi">? Sometimes, i will see people write as <param name=file value="file usr/local/media/sun.avi">?? Where is ...

java.applet.Applet.getParameter()
I would like to test to see if a parameter exists in the html file prior to calling getParameter(<key>), however I can not find any sort of method to allow me to do this. Is there a containsKey() method or something similar so that I could write code like: String[] keys = {"key1","key2"}; Hashtable ht = new Hashtable(); for(int i = 0; keys.length > i; i++){ if ( <KEY EXISTS IN HTML PARAMETER LIST> ){ ht.put(keys[i], getParameter(keys[i]); } } I know that I could just "try" and "catch" the getParameter, but th...

How fast is an Java Application to a Java Applet.
I have 2 Questions.1. I have a applet which works slowly. If I turn it into Application.How fast will it run. Currently it works on JVM. Will it be 10-20times faster if the Applet is converted into application?2. Java Applet works on all Browsers. I want all users to run myApplication Will I need to provide J2SE along with my application.3. How many computers have Java already installed?ByeSanny Sanny wrote:> I have 2 Questions.Or maybe 3,> 1. I have a applet which works slowly. If I turn it into Application.> How fast will it run. Currently it works on JVM. Will it be 10-20> times...

Why no Java applets in (Java-enabled) Safari???
I'm at wits end here. Applets work fine in Firefox, but not in Safari. "Enable Java" is checked in my Safari's Preferences > Security, and there's a "Java Applet.plugin" in Library/Internet Plug-Ins. Still, according to what I see at http://www.w3.org/People/mimasa/test/object/java/clock my Safari can't handle Java applets at all; all I see is the "cup of coffee" graphic that indicates that Java is not available. (FWIW, the page above displays correctly when I use Firefox.) I've run out of troubleshooting ideas. What's the next...

confussed about showStatus in java.applet.Applet
I have a file - HelloWorld.java that uses showStatus - and test.html (that includes HelloWorld.class as an applet) - and... showStatus doesn't seem to be working. According to the description on java.sun.com... "Requests that the argument string be displayed in the "status window". Many browsers and applet viewers provide such a window, where the application can inform users of its current state." I'm not really sure what this status window they're refering to is, but I assume it to, in FireFox, be the part that says "Applet HelloWorld started". U...

using generated java code in Java applets
Hi all,How can we assist you: I'm using Matlab Java Builder to compile .mscrips to java classes (and jar archives too)I'm develop the java applet, which use the compiled marlav scripts innetbeans enironment. When I run teh applet in netbeans environmnet,ewrithing is OK (the ctf file si decompressed and apllet is running).But, when I run the HTML page with my applet a error occur. Theproblem is, that applet can not use the ctf file.Reproduction Steps: package webmatlab;import java.util.*;import com.mathworks.toolbox.javabuilder.*;import weblab.*; // my package generated from matlab java...

JAVA
Bonjour, Ci-dessous vous trouverez le code Java qui pose probl�me � la compilation. pourriez-vous m'aider � d�bogger. Merci.. Il s'agit de dessiner un segment de droite � partir de la class Droite.. Comment proc�der pour ranger les class Point, Direction dans un packagepuis la classe Droite dans un autre package.(j'ai essay� des packages imbriqu�s , mais j'ai toujours des probl�mes � la compilation)----------------------------------------------------------- import java.awt.*; import java.awt.event.*; import java.lang.Math; import java.awt.Graphics; import java.applet.Applet; ...

wave files using java.applet.Applet
How do you play wave files using java.applet.Applet? "webstar" <triplejboy@hotmail.com> wrote in message news:<w47Sa.3649$OM3.3059@news-server.bigpond.net.au>... > How do you play wave files using java.applet.Applet? AudioClip clip = getAudioClip(getCodeBase(), "sound.wav"); clip.play(); However, this only works if the browser is using the Java 2 plugin; it won't work with Java 1.0 or Java 1.1, which only play ".au" sound files. thanks for the help "Stephen Gilbert" <sgilbert@occ.cccd.edu> wrote in message new...

Corba java apllet client communication problemI hava a problem with communication between Java/Corba server based on JDK ORB with Java/Corba client (applet)
I hava a problem with communication between Java/Corba server based on JDK ORB with Java/Corba client (applet) based on the same ORB. I`m using IOR to localize server. client`s ORB i initialize like that: Dane proxy = null; ORB orb = ORB.init(parent, null); org.omg.CORBA.Object obj = orb.string_to_object(sIOR); proxy = DaneHelper.narrow(obj); server`s ORB i initialize like that: ORB orb = ORB.init(args, null); POA rootpoa = POAHelper.narrow(orb.resolve_initial_references("RootPOA")); rootpoa.the_POAManager().activate(); DaneImpl oDane = new DaneImpl(); org.omg...

Java Applet loading in Applet Viewer but not in HTML page
Hi, My Java Applet loads in an Applet Viewer perfectly but does not load in any HTML browser(Netscape, IE). This applet is talking to the oracle database using JDBC. The exception found on the Java Console in Netscape is: java.lang.NoClassDefFoundError: Oracle/jdbc/driver/OraclePreparedStatement I would highly appreciate any input/solution(s) for this problem. Thanks!! Archana On 24 Oct 2004 13:24:57 -0700, Archana wrote: > My Java Applet .. URL? >..loads in an Applet Viewer perfectly but does not load > in any HTML browser(Netscape, IE). Running what versions of Java? >...

Access java applet using java script
Hello , I develop a Java applet that access some files in client machine's hard disk. This applet is a signed one and works fine with Mozilla Firefox and IE6. Then I create some functions to do the same thing and try to access the functions through the script. But unfortunately the applet throws some security exceptions. Can you please help me to overcome this issue. What are the limitations with java applet and java script ? Is there any additional limitations in accessing java applet through javascript ? thank You, Sirama Buwa. ...

Software to convert java applet to non-applet code
Is there a software that could convert java applet code to a code that runs without applets? TIA. -- main(){char s[37]="CSbwjAjocpy/mw!PS!sbwjAeftqbnnfe/dpn"; int i;for(i=0;i<36;putchar(s[i++]-1));return 0;} Ravi <ravi@despammed.com> writes: > Is there a software that could convert java applet code to a > code that runs without applets? Create a main() method that creates a Frame with the Applet inside, and set an AppletStub to some implementation you define. ...

Java applet
When trying to play online java games, the game will load once then will not load again unless i clear the temp files in Java console. Ive used the latest sun java + older versions. uninstalled/reinstalled. removed older versions+registry entries. Tried ie7,firefox and netscape browsers. uninstalled antivirus and disabled firewall. If i set java to not cache applets, it works fine but has to download the applet every time before i can play. This is a temporary solution but its very slow. Why wont it use the cached applet? Im using winXp pro sp2 with all updates. intel core 2 duo. 2gb ram....

Java Applets
Hi, I would like to know how I can save an applet view as a .eps file, so that I can use it in a laTeX document. I have tried to save it and the extension was .ser which is not recognized by laTeX. Thanks..! ...

computer java
take free tour of java visit www.glu007.blogspot.com On May 10, 6:20=A0pm, adnanhameed...@gmail.com wrote: > take free tour of java visit www.glu007.blogspam.com No thanks. I've had enough from you moron spammers, this lifetime. -- Andrew T. Andrew Thompson wrote: > On May 10, 6:20 pm, adnanhameed...@gmail.com wrote: >> take free tour of java visit www.glu007.blogspam.com > > No thanks. I've had enough from you moron spammers, > this lifetime. And yet you'll get more. -- Lew ...

Applets and Java ME
The company I'm working at this summer is currently redesigning some internal software; part of the new software has the ability to display status updates via web pages which involve applets. One nice feature to have would be able to view these on the BlackBerries that many employees have. Some cursory searches on the internet lead me to believe that it is possible to run applets on Java ME devices, but I didn't find any guides to what would need to be done (the attempt to just view it on the BlackBerry failed). As I have no experience programming (or using, for that matter) J...

Java applet.
Any one who looking for FTP applet, can find it on http://www.ftpapplet.uni.cc Free help. ----== Posted via Newsgroups.com - Usenet Access to over 100,000 Newsgroups ==---- Get Anonymous, Uncensored, Access to West and East Coast Server Farms at! ----== Highest Retention and Completion Rates! HTTP://WWW.NEWSGROUPS.COM ==---- ...

java applet
Hy! My next problem is to make an applet from my program. I have just add the "extend applet" to my class and removed the main-method by the start-method of the applet. I was thinking that this is enough, but it does not work, the file does not appear on the server. I have tried to start the applet local and also from the server, but it does not work. Here is the code: ***************************************** import java.awt.*; import java.applet.*; import java.io.*; import java.util.*; import java.net.*; //import java.exception.*; public class transfer extends Ap...

java applets
I am looking for a couple java applets to throw into my pages. One is a links page that works in tree fashion to extend and detract branches as I click on them. I also want a program that will randomly select a banner to display somewhere on my page as advertisement. Lastly, a menu bar. I have seen menu bars that float with the scrolling of the page, that would be nice. Thanks for your help. --Ari W. P.S. Please reply to my personal e-mail since I am unable to check usenet often. On 19 Aug 2003 22:37:30 -0700, ari_winokur@hotmail.com (Ari Winokur) wrote: >I am lookin...

applet java
I�m execute a Applet Java into html file, and it return this message :"load: class_name can�t instaciable". and not execute one applet. What do I do to resove this problem??? ...

java applets
Hi, We are researching options on which technologies to use for an advanced web application. We are planning on using DHTML as much as possible, but there are a few components that require more traditional desktop application functionality (mp3 player for example), which can't be easily accomplished through dhtml or other standard web techniques. So our list is: 1. Flash - very popular these days, but the development tools are expensive for us. 2. ActiveX - biggest downside is it runs on IE only 3. Java Applets - Preferred method because Java is our expertise However...

Java Applets connecting to Databases: access denied (java.net.SocketPermission ... resolve)
Hi folks,I'm new about developing Java applets and I need some help.I'm developing a Web Application based on JSPs and Tomcat in Netbeans.I've also developed a Java Applet which its package has some classes.This Applet connects to a Sybase Database (JConnect) in order to querysome information. It works fine when I run the Applet Class atNetbeans.The Jar containing this Applet (and the Jar supporting the DB driver)is embedded into a JSP of my Web Application through JSP Plugin tag.When I call for this JSP (where the Applet is embedded) I get thiserror (at the Client Java Console):ja...

Force java applet to run on java microsoft virtual machine plugin and not Sun.
If clients with Internet Explorer have both java virtual machine plugin installed ( Microsoft and Sun ), how is it possible to force an applet to run on java microsoft virtual machine and not Sun one ( of course without manually changing any client settings, only by html code ). Maybe by some specific <OBJECT> tag? On Thu, 2005-04-28 at 02:48 -0700, emaxt6@yahoo.com wrote: > If clients with Internet Explorer have both java virtual machine plugin > installed ( Microsoft and Sun ), > how is it possible to force an applet to run on java microsoft virtual > machine and not S...

SN#23077 Java Applets and the Java SE 6 Update 19 or 20
SYSTEM NEWS FOR SUN USERS Vol 146 Issue 4 2010-04-29 Article 23077 from section "Developer's Section" Know How to Mix Signed and Unsigned Code If you upgraded to Java SE 6 Update 19 and/or 20 and are having issues with JavaFX applets, then you might be having trouble with a mix of signed and unsigned code. Not only is this bothersome but it also could potentially be unsafe unless the mixed code was intended by the application vendor. A Java SE document explains the issue and how to ensure application and applet security. De...