[Comments at end] First Virus Written In Java Found (08/20/98; 5:36 p.m. ET) By Andy Patrizio, TechWeb It was inevitable. If Java could be used to write cross-platform applications, then someone would likely find a way to cause cross-platform havoc with a Java-based virus. The Symantec Antivirus Research Center (SARC) has found the first such virus, but the good news is it can't hurt Web surfers. The research center's automated virus-hunting engine, called Seeker, found the virus during a routine scan of websites. The virus, called Strange Brew, is just an infector. It spreads itself from one Java application to another, and it can jump from anything from a Network Computer to an IBM S/390 mainframe. "This is just proof of concept," said Kerry Nachenberg, chief researcher at SARC, in Santa Monica, Calif. "The guy is showing it can be done, and he was the first to do it." The virus affects only Java applications, not applets run inside a browser. Because the Java Virtual Machine has built-in security measures -- such as not allowing applets to access to the hard disk or modifying applications -- Strange Brew can't get at other Java code. The Java Virtual Machine will kill the Strange Brew virus because it's trying to do something it shouldn't, said Nachenberg. "So the main point is users shouldn't be afraid of this because it cannot affect users as they surf the Web," he said. Because Strange Brew functions differently than standard non-Java viruses, anti-virus programs can't detect it even with a new definition file. A new executable is needed to detect it, which Symantec said it will make available for download through the LiveUpdate function in Norton AntiVirus. Full-blown applications don't have the same restrictions as applets because they need to perform certain functions, like disk access, which is why the Java Virtual Machine security measures don't work, Nachenberg said. There will inevitably be more viruses written in Java, said Peter Tippit, president of the International Computer Security Association, an anti-virus research firm in Carlisle, Penn. But he said that of the near-20,000 viruses his company has found, roughly 300 have caused any havoc in companies because very few can actually survive. "For a virus to be an issue, it has to have a few properties," he said. "It has to fit into the ecology of the current computing environment, and Strange Brew doesn't fit into the ecology of the way viruses have to move to live." Nachenberg, however, doesn't think there will be a big outbreak of Java viruses. "Not too many people use Java applications," he said. "But should they find a security hole in the [Java Virtual Machine], then it could be more of a threat." [That is my point. This was a java application, it does not run inside your browser. It must be downloaded and run separately like any other application that may be written in C,or C++ , or COBOL etc... It is not self running as a part of a web page. Java applications are very different than Java applets. Java applications have all the rights any other application has (read,write, delete etc...) now if this could be a virus via a java applet then it would be news. This story was simply the media picking up on a big buzz word "java" and with limited understanding that Java was supposed to be safe for the web and not realizing that applet they get on web pages and applications are very different animals. I guess I really need to send the author a note asking the significance. I was disappointed to have read it in the NY Times. They are usually more relevant. - Michael Ruminer (thompis@thompsonsupply.w1.com)]