Re: [Full-Disclosure] Friendly and secure desktop operating system

From: Ondrej Krajicek (krajicek_at_ics.muni.cz)
Date: 10/16/03

  • Next message: Brett Moore: "[Full-Disclosure] Listbox And Combobox Control Buffer Overflow" 
    To: full-disclosure@lists.netsys.com
Date: Thu, 16 Oct 2003 15:44:32 +0200

    > > >Have you taken a look at Sun's recent Java-based desktop? Is that
    > > >what you're thinking of?
    > > Isn't it just a slightly? modified SuSe with the Java name slapped on?
    >
    > Java implementations are not secure enough to run arbitrary code. A JVM really
    > is a complex and large beast. And this makes it hard to make it correct and
    > secure.

    I must be missing a point. What has JavaVM complexity to do with
    security of Java Desktop? It's just a SuSE+GNOME with J2RE
    pre-installed (with Gtk look and feel). The 'Java' part of the name is
    just a business buzzword. One may use Java Desktop every day
    withnout running a byte of Java bytecode.

    This all of course does not mean, that
    the Java Desktop is secure. It just means, that since it is not
    written in Java, it may be user friendly :).

    Greetings,

    Ondra Krajicek
    ________________________________________________________________
    || Ondrej Krajicek krajicek@ics.muni.cz ||
    || Institute of Computer Science, Masaryk University Brno, CR ||

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Brett Moore: "[Full-Disclosure] Listbox And Combobox Control Buffer Overflow"

    Relevant Pages

    • Re: Cannot access https or windowsupdate
      ... During more research and before coming back to check any responses, ... > That should exclude proxy operations from nearly ALL secure sites. ... > Because of a court decision Microsoft will stop all Java support after 30 ... > Sun also offers an automatic download and install of the 1.4 Java plug-in ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: General security isuues
      ... Are there programming guidelines for writing good and secure code? ... Ensuring privileged code (for instance java.* classes) can run alongside untrusted code. ... There can be problems dealing with external data, notably with servers. ...
      (comp.lang.java.security)
    • Re: secure file formats
      ... Do whatever you can to avoid Microsoft's buggier than hell Java. ... Does anyone have any suggestions for secure software for reading the ... PDF: Foxit PDF Reader, but rewriting the file using GhostScript (and ... Flash: Well, bad. ...
      (alt.computer.security)
    • Re: Securing a Java Application
      ... I have a Java application that uses JSP for visualizing data and EJB for queries. ... using Secure Sockets? ... The existing Java Http comms classes can already handle the https protocol for you. ... If your server cert isn't 'official' I think the client code has to override some security provider setting somewhere in order to function... ...
      (comp.lang.java.programmer)
    • Re: Securing a Java Application
      ... I have a Java application that uses JSP for visualizing data and EJB for queries. ... I need to create a Java client that connects to the J2ee application. ... using Secure Sockets? ... The existing Java Http comms classes can already handle the https protocol for you. ...
      (comp.lang.java.programmer)