Re: How can you tell what this applet is doing ?
wylbur37 wrote: The web page at http://misogyny-central.com/fp1.html runs a Java applet. The pertinent code is shown here ... applet code=Time.class codebase=http://misogyny-central.com/ipw-web/date/; width=308 height=20 param name=textcolor value=00 param name=backcolor value=FF param name=font value=Helvetica param name=fontsize value=13 param name=bordercolor value=00 /applet Is there any way of knowing what the applet Time.class will do? Just because it's named Time.class doesn't mean it has anything to do with time. (A Java program can be named *anything* to hide its true intent, and could conceivably be planting all sorts of nasty stuff including spyware). Is there a safe way to find out? You raise a dubious question and you are getting a lot of ill-informed answers. Ask yourself that question - if java technologies were that breakable, how come knowledgeable people are still using it? In fact, java applets were too secure and restrictive that it was getting useless as a tool. The sandbox rules have been relaxed to allow it to do some useful real work and it only becomes a security concern if you are stupid about it... similar to giving your credit card to a stranger and shouting foul when he misuses it. Not that java, like any other software, cannot be exploited but to read what's being said here, you'd think it's got more holes than a swiss cheese. -- It's no surprise that things are so screwed up: everyone that knows how to run a government is either driving taxicabs or cutting hair. -- George Burns ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: How can you tell what this applet is doing ?
Joe wrote: In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... Is there any way of knowing what the applet Time.class will do? Just because it's named Time.class doesn't mean it has anything to do with time. (A Java program can be named *anything* to hide its true intent, and could conceivably be planting all sorts of nasty stuff including spyware). Is there a safe way to find out? You can download it, decompile it and examine the source. But the source code produced wouldn't be Java, would it? It would probably be some assembler-looking type of code, right? (which would be rather difficult to read and trace). Do you know of any decompiler that would, in effect, convert a .class file back to a .java file? ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: How can you tell what this applet is doing ?
AvianFlux wrote: There's a way to take out any risks associated with applets that's built into the Java Control Panel settings, however. Launch the Control Panel, disable Java applet cacheing. As a added precaution, set Temporary Internet Files storage to 0 MBs. That way nothing, Java applications or applets, will be saved on disk. If you visit a webpage that runs a malicious Java applet, it'll do its dirty deed whether there's a cache or not, wouldn't it? So how would the absence of a cache help you? ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: How can you tell what this applet is doing ?
wylbur37 wrote: If you visit a webpage that runs a malicious Java applet, it'll do its dirty deed whether there's a cache or not, wouldn't it? So how would the absence of a cache help you? Because, Java applets applications will not be saved to a file unless the Control Panel preferences are configured allowing them to be - or at least that's the way I understand it. By disabling cacheing and setting application storage to 0 MBs, Java applets and applications residing in RAM, are overwritten with new data, or flushed when the computer is shut down. I went to the site with the malicious Java applet, as far as I can tell nothing bad has made it on to my computer. I'll investigate a little deeper and make sure. ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: How can you tell what this applet is doing ?
This is what Jotti's Malware Scan returns for 'Time.class': http://virusscan.jotti.org/ File: Time.class Status: OK MD5 23e95f3c2fb63e84d4a0c14269667d2a Packers detected: - Scanner results AntiVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing mks_vir Found nothing NOD32 Found nothing Norman Virus Control Found nothing VBA32 Found nothing ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: How can you tell what this applet is doing ?
Hi! wylbur37 wrote: AvianFlux wrote: There's a way to take out any risks associated with applets that's built into the Java Control Panel settings, however. Launch the Control Panel, disable Java applet cacheing. As a added precaution, set Temporary Internet Files storage to 0 MBs. That way nothing, Java applications or applets, will be saved on disk. If you visit a webpage that runs a malicious Java applet, it'll do its dirty deed whether there's a cache or not, wouldn't it? So how would the absence of a cache help you? Cache has indeed nothing to do with it. Java on the web is sandboxed. It can't access any other programs or your harddrive without you giving explicit permission (unlike ActiveX). [Removing netscape NGs] Christian ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: How can you tell what this applet is doing ?
wylbur37 wrote: Do you know of any decompiler that would, in effect, convert a .class file back to a .java file? http://kpdus.tripod.com/jad.html#general ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: How can you tell what this applet is doing ?
In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... Is there any way of knowing what the applet Time.class will do? Just because it's named Time.class doesn't mean it has anything to do with time. (A Java program can be named *anything* to hide its true intent, and could conceivably be planting all sorts of nasty stuff including spyware). Is there a safe way to find out? You can download it, decompile it and examine the source. ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: How can you tell what this applet is doing ?
javap (part of the SDK) produces 'disassembled java' and could be useful in this context. Important to check is your java policy file, located in java.home\lib\security\java.policy or user.home\.java.policy - this file allows you to grant permissions to certain sites / applets. (or use policytool) ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
