[Comments at end]

First Virus Written In Java Found
(08/20/98; 5:36 p.m. ET)
By Andy Patrizio, TechWeb 

It was inevitable. 

If Java could be used to write cross-platform applications, then someone
would likely find a way to cause cross-platform havoc with a Java-based
virus.

The Symantec Antivirus Research Center (SARC) has found the first such
virus, but the good news is it can't hurt Web surfers.

The research center's automated virus-hunting engine, called Seeker, found
the virus during a routine scan of websites. The virus, called Strange
Brew, is just an infector. It spreads itself from one Java application to
another, and it can jump from anything from a Network Computer to an IBM
S/390 mainframe.

"This is just proof of concept," said Kerry Nachenberg, chief researcher
at SARC, in Santa Monica, Calif. "The guy is showing it can be done, and
he was the first to do it."

The virus affects only Java applications, not applets run inside a
browser. Because the Java Virtual Machine has built-in security measures
-- such as not allowing applets to access to the hard disk or modifying
applications -- Strange Brew can't get at other Java code. 

The Java Virtual Machine will kill the Strange Brew virus because it's
trying to do something it shouldn't, said Nachenberg. "So the main point
is users shouldn't be afraid of this because it cannot affect users as
they surf the Web," he said. 

Because Strange Brew functions differently than standard non-Java viruses,
anti-virus programs can't detect it even with a new definition file. A new
executable is needed to detect it, which Symantec said it will make
available for download through the LiveUpdate function in Norton
AntiVirus.

Full-blown applications don't have the same restrictions as applets
because they need to perform certain functions, like disk access, which is
why the Java Virtual Machine security measures don't work, Nachenberg
said.

There will inevitably be more viruses written in Java, said Peter Tippit,
president of the International Computer Security Association, an
anti-virus research firm in Carlisle, Penn. But he said that of the
near-20,000 viruses his company has found, roughly 300 have caused any
havoc in companies because very few can actually survive.

"For a virus to be an issue, it has to have a few properties," he said.
"It has to fit into the ecology of the current computing environment, and
Strange Brew doesn't fit into the ecology of the way viruses have to move
to live."

Nachenberg, however, doesn't think there will be a big outbreak of Java
viruses. "Not too many people use Java applications," he said. "But should
they find a security hole in the [Java Virtual Machine], then it could be
more of a threat."


[That is my point.  This was a java application, it does not run inside
 your browser.  It must be downloaded and run separately like any other
 application that may be written in C,or C++ , or  COBOL etc...  It is not
 self running as a part of a web page.  Java applications are very different
 than Java applets.  Java applications have all the  rights any other
 application has (read,write, delete etc...) now if this could be a virus via
 a java applet then it would be news.  This story was simply the media
 picking up on a big buzz word "java" and with limited understanding that
 Java was supposed to be safe for the web and not realizing that applet they
 get on web pages and applications are very different animals. I guess I
 really need to send the author a note asking the significance.  I was
 disappointed to have read it in the NY Times. They are usually more
 relevant.	- Michael Ruminer (thompis@thompsonsupply.w1.com)]