Linked by Thom Holwerda on Wed 10th Oct 2012 23:47 UTC, submitted by MOS6510
Java "Java is a programming language that allows developers to write once and deploy everywhere - from high-end gaming desktops to smartphones. Its OS-agnostic and widespread nature is one of its strongest selling points, but one area where it can fall flat is performance. Generally, Java applications are not going to perform as well as native applications written for a specific OS. However, thanks to Project Sumatra that performance gap may soon become less of an issue."
Permalink for comment 538250
To read all comments associated with this story, please click here.
RE[3]: Security
by Alfman on Thu 11th Oct 2012 04:58 UTC in reply to "RE[2]: Security"
Member since:


"Except with Java, isn't the vulnerability potentially cross platform? Whereas with native exploits, you'd have to write one for each different platform."

Hmm, I'm not exactly sure what you mean. If you're talking about a vulnerability in code written in java, then yes that would probably be vulnerable on every platform supporting java. However this would not be an instance of a bug in the Java VM, but rather an application specific bug.

If your talking about a vulnerability in the Java VM, then it may or may not be a cross platform vulnerability. Remember that the VM itself is a native application that has to be written to support every target platform. A bug in the just-in-time-compiler for x86 isn't necessarily going to appear in the JIT compiler for x86-64 or ARM.

For the sake of argument though, let's pretend Java contained a backdoor and there was *zero* security in the VM...this would preclude Java as a viable platform for browser applets since malicious websites could gain access to your local account using the backdoor.

Now consider an application you download to run locally, you have the choice of either a native binary or a java version. Can you see why having a backdoor in the Java VM isn't an additional security risk compared to the native version? Even with the VM backdoor, the java application would be on equal footing with the native application security-wise. Both would be subject to the same userspace access as imposed by the kernel.

Reply Parent Score: 2