Does Java have a built-in Antivirus?
One of my friends told me there is in the JVM itself - it's called the "sandbox". Is it true?
views:
710answers:
9
+14
A:
No they do not have a built-in antivirus. Did he tell you this on April 1st?
To clear your doubt, sandbox is not an antivirus.
Anthony Forloney
2010-04-06 16:19:22
A sandbox is in no way a "development environment".
Michael Borgwardt
2010-04-06 16:30:02
I'm not sure if I agree. Sandbox is not a development environment, rather is the name for Java's security model, providing a restricted code execution environment.
Frederik
2010-04-06 16:30:24
Revised my answer, thank you for clarifying.
Anthony Forloney
2010-04-06 16:30:53
+18
A:
Doubtful. Perhaps he was referring to the fact that the JVM (somewhat) sandboxes execution of a Java program, to help prevent it from damaging the host OS.
Justin Ethier
2010-04-06 16:19:33
+1: Assuming it's not an April Fools joke, this is the likely simplified explanation...
OMG Ponies
2010-04-06 16:22:19
No, an antivirus program will actively track down and identify virii. A sandbox simply makes it harder (or impossible, although I would not claim that for Java) to write a virus within the environment.
Justin Ethier
2010-04-06 16:26:21
You might also mention the Java verifier (http://java.sun.com/docs/white/langenv/Security.doc3.html) which examines classes for safety. Of the components of the Java platform, it might be the most similar to an antivirus program.
erickson
2010-04-06 16:33:13
you guys are wrong, I am running Sandbox Enterprise Edition and I feel safe.
raticulin
2010-04-06 16:37:36
+3
A:
No. What it does is running the program in an environment that is (somewhat) separated from the operating system, which should, in most cases, prevent malicious code from doing any damage. Sort of like running VMware - virii and other malware have no influence on the host OS.
mingos
2010-04-06 16:22:57
+1
A:
I heard garbage collection also acts as a handy anti-bacterial, making your applications 99.99% free from germs.
Wash after every use.
djhworld
2010-04-06 16:23:53
I think your cynicism is misplaced. Although there is no "virus scanner" in the JVM, there are some security features that prevent it from executing arbitrary code.
Frederik
2010-04-06 16:27:59
Your comment really made me laugh, I'll give you that, but still kind of rude and misplaced.
Jakob
2010-04-06 21:31:47
I feel bad for doing this but I couldn't resist, it was meant in jest not malice. Other people in this thread have posted suitable answers enough already.
djhworld
2010-04-07 11:10:36
+7
A:
Java has a security model built-in that allows it to execute untrusted code. This model is called "the sandbox model".
It is not a virus-scanner. Instead, it limits the possibilities of untrusted code so that applets on a webpage do not have access to files on your computer's hard drive.
You can read more about Java's Security Architecture.
Frederik
2010-04-06 16:24:23
+4
A:
java uses a class called SecurityManager to determine what a program can or cannot do, so in some sense it implements anti-exploit code, but not specifically anti-virus.
http://java.sun.com/j2se/1.4.2/docs/api/java/lang/SecurityManager.html
anti-virus in the usual sense of the word detects viruses in files and removes them. this is not built in to java.
oedo
2010-04-06 16:24:37
+32
A:
Java does have a security-related concept called "sandbox", but it works very differently from typical anti-virus products. The latter usually try to catch viruses via signatures or code analysis before they are executed.
The Java sandbox on the other hand allows you to run Java code while witholding from it access to system resources that could be used to to bad things, e.g. no access to any files.
However, only Java applets and Java Web Start applications run in a sandbox per default. Regular java applications have full access to your system.
Michael Borgwardt
2010-04-06 16:28:35
you are one who understood what i need. explained it understandably. Thanks a lot.
Praveen Chandrasekaran
2010-04-06 17:03:19
+2
A:
The closest thing in the JRE to literal "anti-virus" is the blacklisting feature for signed jars. If a signed jar is found to cause a security issue, it can be blocked. This has been designed for accidental security flaws rather than blocking deliberately malicious code. Also it is possible to revoke a certificate using a CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol) if enabled. Conventional anti-virus is left to specialist anti-virus products, rather than trying to produce a half-baked alternative.
(Today's anti-virus products do more than just check for known viruses.)
Tom Hawtin - tackline
2010-04-06 17:06:22