Date: Wed, 10 Mar 1999 18:49:06 -0800 (PST)
From: Jeff Nisewanger <Jeff.Nisewanger@eng.sun.com>
Subject: Re: Fwd: new Java virus
To: java-security@java.sun.com, MARSTAUG@aol.com
> Sirs, I use java as part of my original equipment from Gateway and I love all
> the things it makes possible. Therefore, I think it's pertinent that you be
> aware of this email that I received asking people NOT to enable your applet.
>
This BeanHive "virus" is typical Internet FUD and is largely bogus.
Thanks for asking.
> Virus Information of the Day: An Emerging Java Virus
> BeanHive is the second virus reported to infect Java code--in this
> case, both applications and applets. (StrangeBrew, which infected Java
> applications, was reported in August 1998.) Fortunately, the virus
> seems to function poorly, which diminishes its threat to users. When
> the virus functions properly, it can infect PCs when the user agrees
> to run the virus's Java applet while accessing a Web site. In
> addition, the virus reported asks users to validate a certificate for
> "Landing Camel International" by a so-called "Root Agency" before it
> can spread. Disabling Java Applets on your browser should prevent
> infection.
Java applets run inside the "Java sandbox" by default. Sandboxing
Java applets is what makes them safe to download and run. A sandboxed
applet containing BeanHive cannot do anything unsafe. In order for
BeanHive to do unsafe virus things it needs to be granted extra
non-default privileges that normal Java applets don't have.
BeanHive applets have to be "digitally signed" by a
software developer, in this case the developer is "Landing Camel Intl.".
When you download a digitally signed applet, your browser can popup
a dialog window telling you that it doesn't recognize the applet
as having been written by a software developer that you already trust. The
dialog window may ask you "do you trust Landing Camel International
software to run with extra privileges"? If you say "no" then
BeanHive will have to run inside the Java sandbox and cannot act as a
virus. If you say "yes, I trust this software so please let it run
with extra privileges" then BeanHive can run outside of the Java sandbox
and do pretty much what a C or Basic program could do. So, if you can
write a virus in C or Basic or any other computer language then you
can also write it as a Java applet which is given extra non-default
privileges and is allowed to run outside of the normal applet
security sandbox.
The moral of the story is that you should not download and run
software that is written by unknown developers and that you don't
trust. Unless it is a Java applet. You *can* safely download and run
Java applets from unknown and untrusted software developers as long as
you run them in the Java sandbox (the default) and you don't explicitly
say "yes" to a popup dialog and give them extra permissions. This is
part of what makes Java powerful and unique.
You DO NOT have to disable Java support in your browser to
prevent BeanHive or any other applet from doing bad things.
Jeff