from 2-Sept-99 LangaList...
"Major Java Security Bug in Windows 9x, Window NT,
plus IE 4 and 5!
One of the attractions of Java as a web platform is that
it's designed with security in mind. For example, by
design, Java applets operate in something called a
"sandbox" which is quite literally a safe place for
applets to play, where they usually can't hurt themselves
or damage the rest of the system. (Yes it sounds a little
silly, but that's how it really is---and it's really
called a "sandbox!") This safe operation is accomplished
by running the applets in a carefully proscribed manner on
a software-only "virtual machine" (VM) instead of letting
them run directly on your real hardware and software.
That's the theory, anyway. Trouble is, it turns out that
some implementations of Microsoft's Java Virtual Machine
have a hole that can let malicious applets loose, where
they can do harm. A hacker could post an applet on a web
site, for example, and cause you trouble when you surf
there.
Are you at risk? Here's how to find out:
Open a command window or "DOS Box". On Windows NT,
choose "Start", then "Run", then type "CMD" and hit the
enter key; on Windows 95 or 98, choose "Start", then type
"Run" then "COMMAND" and hit the enter key.
At the command prompt (C:\ >), type "JVIEW" and hit
the enter key.
A screen full of text will display, but all you care
about for now is the first line, which reads something
like "Microsoft (R) Command-line Loader for Java Version
5.00.1234"
Look at the last four digits in that line. In the
made-up example above, they are 1234. This is the build
number of your system's Java implementation.
If your build number is lower than 1521, you're OK.
(Well, you're out of date, but at least you don't have the
security problem we're discussing.)
If your build number is anything from 1521 through
3185, then you have a potential security problem.
If you do have the security problem, you have two choices.
You can disable Java applets and simply prevent them from
running at all: If they can't run at all, they can do no
harm. But this costs you functionality on many web sites.
The second, and better, approach is to grab a patch that
fixes the problem. It's over at
microsoft.com
Follow the instructions there to download and install the
patch. (Alas, it's beefy at just over 6MB.) When you've
installed the patch, follow the steps outlined above again
top verify that the patch worked: The build number of the
new, corrected version is 3186."
(looks like i need to install the patch. anyone with any input on the above?)
:)
mark |
