New to Java? We'll help you get started with our revised beginner's tutorial, or our free online textbook.
Get the latest Java books
h t t p : / /w w w . j a v a c o f f e e b r e a k . c o m /

Java Coffee Break

Menu


Learning Java

Articles
Author Profiles
Lessons
FAQ's
Books
Newsletter
Tutorials
Talk Java!

Using Java

Applets
JavaBeans
Servlets
Resources
Discuss Java

Looking for Java resources? Check out the Java Coffee Break directory!

Sick ComputerJava Viruses - are you at risk?

By David Reilly

David Reilly is a Sun Certified Java Programmer, and editor of the Java Coffee Break.

Computer viruses can attack any operating system and computing architecture. Until recently, however, most developers were blasé about the risk to Java. It was believed that Java was immune, since it didn't use native code. The release of Java-specific viruses like StrangeBrew, and others, changed this. These are the first generation of portable OS-neutral viruses.

Few people today would be unaware of the very real threat of computer viruses. Even if you're not computer savvy, the likelihood that a computer failure would affect you at some point in your everyday life is fairly high. When you use an ATM, buy groceries, swipe a credit card or drive on the roads, you are relying on the services of computers - even if you're not actively aware of it.

Now I certainly don't want to alarm readers, but computer viruses can have some pretty nasty effects. While sometimes they are mild annoyances, there are some pretty serious viruses around that can cause loss of data, or can cause loss of service (such as the spate of email viruses last year that brought down the mail servers of Fortune 500 companies). So a keen awareness of viruses is important, particular for software developers. Ignorance can be dangerous, and can give one a false sense of security.

Until recently, it was generally believed that viruses had to be written in assembly language or low-level machine code. However in the last few years a growing number of viruses have been written in interpreted languages and program macros for applications like Outlook and Word/Excel. So it was only inevitable that eventually, the Java language would be used to write viruses.

The thought that Java could be susceptible to viruses was too frightening for some to accept.

Of course, the fact that it was inevitable didn't mean that the Java community saw it coming. Indeed, even long after the release of the first Java virus (dubbed StrangeBrew), even some noted experts tried to bury their heads in the sand and deny that it was really a virus. The thought that Java, billed as a secure programming language, could be susceptible to viruses was frightening; too frightening for some to accept.

Enter the virus

Sick computerThe world's first Java virus was identified by Symantec's automated virus search engine in late 1998, and dubbed StrangeBrew. StrangeBrew used a novel approach - it was capable of replication by modifying the byte-code of Java class files. Like other viruses, it was written in machine code, but in the case of StrangeBrew, the machine code was Java byte-code capable of executing on a Java Virtual Machine (JVM). StrangeBrew could search for .class files, just like a .COM or .EXE infector searches for application software.

But Java is secure.... right?

Java applets executing within a web browser are tightly controlled, and constrained by a rather strict security manager (known as the 'sandbox'). Any unsigned applet is prevented from file access, or from opening a network connection to a remote machine other than the machine from which it was loaded. So, StrangeBrew infected applets are unable to propagate, since they can't access your hard drive.

So StrangeBrew is safe..... right?

StrangeBrew is still capable of infecting your system if it is freed of the applet sandbox. This means that application software (run from the command-line prompt) can infect other application software. So StrangeBrew is more likely to affect users that run Java applications, or Java software developers.

Other Java viruses

StrangeBrew may have been the first Java virus, but is certainly not the last. In 1999, another Java virus was identified (again by Symantec), and dubbed BeanHive. Nor is this likely to be the last strain of Java virus identified.

Are Java viruses a threat?

So far, outbreaks have been minimal, and the payload included with StrangeBrew and BeanHive has been fairly non-destructive. BeanHive also contained bugs, which made it unlikely that it would spread. It appears that both viruses were proof-of-concept creations, designed to make the Java community aware that it is not immune to the threat of viruses. Neither present a serious risk to users.

That is not to say, however, that a more serious virus outbreak can't happen. Indeed, the networking support within Java would make viruses capable of extreme damage, such as spiriting away password files or sensitive documents off a user's machine.

Summary

Java, like any computing platform, is not immune to viruses. While the strict security restrictions on applets make it unlikely applets will be used to transmit viruses, the increasing use of Java applications by users make the possibility of a serious viral outbreak very likely in the future. Certainly don't panic - but be aware that Java is no different to other operating systems like Windows and Unix, and that a Java virus is capable of infecting both platforms!

Back to main

Copyright 1998, 1999, 2000 David Reilly

Privacy | Legal | Linking | Advertise!
Last updated: Monday, June 05, 2006