Does Java have a built-in Antivirus? Is it true?
Asked Answered
A

9

15

Does Java have a built-in Antivirus?
One of my friends told me there is in the JVM itself - it's called the "sandbox". Is it true?

Apanage answered 6/4, 2010 at 16:17 Comment(4)
Ha.... It feels good to laugh now and again.Therese
If you believe that, I have a bridge to sell you...Disseise
Java also solves world hunger.Ephesian
Java was crucial in the BP oil spill fixProvidenciaprovident
C
41

Java does have a security-related concept called "sandbox", but it works very differently from typical anti-virus products. The latter usually try to catch viruses via signatures or code analysis before they are executed.

The Java sandbox on the other hand allows you to run Java code while witholding from it access to system resources that could be used to to bad things, e.g. no access to any files.

However, only Java applets and Java Web Start applications run in a sandbox per default. Regular java applications have full access to your system.

Climactic answered 6/4, 2010 at 16:28 Comment(2)
you are one who understood what i need. explained it understandably. Thanks a lot.Apanage
+1 for not ridiculing the OP and actually answering the question.Adobe
R
19

Doubtful. Perhaps he was referring to the fact that the JVM (somewhat) sandboxes execution of a Java program, to help prevent it from damaging the host OS.

Redfish answered 6/4, 2010 at 16:19 Comment(4)
+1: Assuming it's not an April Fools joke, this is the likely simplified explanation...Disseise
No, an antivirus program will actively track down and identify virii. A sandbox simply makes it harder (or impossible, although I would not claim that for Java) to write a virus within the environment.Redfish
You might also mention the Java verifier (java.sun.com/docs/white/langenv/Security.doc3.html) which examines classes for safety. Of the components of the Java platform, it might be the most similar to an antivirus program.Maquis
you guys are wrong, I am running Sandbox Enterprise Edition and I feel safe.Tenor
A
14

No they do not have a built-in antivirus. Did he tell you this on April 1st?

To clear your doubt, sandbox is not an antivirus.

Algorithm answered 6/4, 2010 at 16:19 Comment(2)
A sandbox is in no way a "development environment".Climactic
I'm not sure if I agree. Sandbox is not a development environment, rather is the name for Java's security model, providing a restricted code execution environment.Gauvin
P
7

does the java have an in-built antivirus?

No.

Pastelki answered 6/4, 2010 at 16:18 Comment(0)
G
7

Java has a security model built-in that allows it to execute untrusted code. This model is called "the sandbox model".

It is not a virus-scanner. Instead, it limits the possibilities of untrusted code so that applets on a webpage do not have access to files on your computer's hard drive.

You can read more about Java's Security Architecture.

Gauvin answered 6/4, 2010 at 16:24 Comment(0)
L
4

java uses a class called SecurityManager to determine what a program can or cannot do, so in some sense it implements anti-exploit code, but not specifically anti-virus.

http://java.sun.com/j2se/1.4.2/docs/api/java/lang/SecurityManager.html

anti-virus in the usual sense of the word detects viruses in files and removes them. this is not built in to java.

Lamkin answered 6/4, 2010 at 16:24 Comment(0)
C
3

No. What it does is running the program in an environment that is (somewhat) separated from the operating system, which should, in most cases, prevent malicious code from doing any damage. Sort of like running VMware - virii and other malware have no influence on the host OS.

Contango answered 6/4, 2010 at 16:22 Comment(0)
H
2

I heard garbage collection also acts as a handy anti-bacterial, making your applications 99.99% free from germs.

Wash after every use.

Huskey answered 6/4, 2010 at 16:23 Comment(3)
I think your cynicism is misplaced. Although there is no "virus scanner" in the JVM, there are some security features that prevent it from executing arbitrary code.Gauvin
Your comment really made me laugh, I'll give you that, but still kind of rude and misplaced.Montymonument
I feel bad for doing this but I couldn't resist, it was meant in jest not malice. Other people in this thread have posted suitable answers enough already.Huskey
B
2

The closest thing in the JRE to literal "anti-virus" is the blacklisting feature for signed jars. If a signed jar is found to cause a security issue, it can be blocked. This has been designed for accidental security flaws rather than blocking deliberately malicious code. Also it is possible to revoke a certificate using a CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol) if enabled. Conventional anti-virus is left to specialist anti-virus products, rather than trying to produce a half-baked alternative.

(Today's anti-virus products do more than just check for known viruses.)

Birl answered 6/4, 2010 at 17:6 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.