Interesting People mailing list archives
IP: Re:ebates.com installs Java program on users computer: [risks] Risks Digest 21.49
From: David Farber <dave () farber net>
Date: Tue, 26 Jun 2001 05:56:53 -0400
Date: Tue, 26 Jun 2001 10:44:02 +0100 To: farber () cis upenn edu From: David Byrden <David () Byrden com> Subject: Re: IP: ebates.com installs Java program on users computer: [risks] Risks Digest 21.49Upon investigation, I found that ebates had installed a new folder named "C:\Program Files\topmoxie" that included the Javarun.exe program.The above message blamed Java for what is probably Microsoft's or Mr. Tolle's fault. Please let me clarify. First: *don't blame Java for installing the program*. Mr Tolle suspects the Java feature of his browser because this program was written in Java. But you might as well blame the word processor for installing a program that uses English. I am not an expert in IE4's capabilities but as far as I know, if you don't want websites to install EXE and DLL files then you can change the security settings. Most kinds of control or plugin, if you allow them to run, can potentially install files; therefore you should not allow them to run AT ALL. Java is *safer* than most because you can run Java applets and prevent them installing files or making any permanent change. Second: *this is not a Java Program.* The rogue program JAVARUN.EXE was probably written with Microsoft's pseudo-Java tools, but it's a Windows program. Java programs live in JAR and CLASS files, Windows programs live in EXE and DLL files. If the program were written in C++, it would be just as dangerous. To summarise: Java is not to blame for the threat posed by this program, and probably not to blame for installing it in the first place. David
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Re:ebates.com installs Java program on users computer: [risks] Risks Digest 21.49 David Farber (Jun 26)