The Motley Fool Discussion Boards
Computers, Phones & Internet / Help with this STUPID computer!
|Subject: Re: Yet another Java flaw||Date: 10/2/2012 3:31 PM|
|Author: mmrmnhrm||Number: 182038 of 194425|
Peter, you start off ok, but then kinda lose it, as the blame lies just as much in the programmer as it does with Java itself.
Java is a programming language. What makes it handy for web site designers is that the user has to install a program on their computer that handles all of the details of making the program run on any specific kind of computer. It's a program that runs other programs.
So all the web guy has to do is write the program to do what they want it to do. They don't have to worry about all of the differences between Windows and Macs and UNIX users. That's handled by the Java piece the user has to install.
So far, so good. Let me take you back to the early childhood of personal computing... 1985. The lingua franca of the world, and an ancestor of Java (in spirit if not flesh), is BASIC. Functionally, it is identical. It is, in your words, "a program that runs other programs." It didn't matter whether you wrote (or copied out of a magazine) the code to an IBM PC-XT, a Commodore 64, an Apple IIc (or one of them newfangled Macintosh thingies), an Amiga, or an Atari XL, as long as the computer had a BASIC interpreter, it would run the program. If by some miracle you could find a computer that could read disks other than its own native format, you could even copy the programs from one to the other, make no changes, and have them work! Just like your modern-day web programmer.
You might be able to see the problem here. If you let a program run on your computer, you're giving that program access to your computer.
This is where you begin to wander off the trail. There is no problem here. The very act of running a program gives it access to your computer. It doesn't matter whether the program is written in Java, C, C++, C#, FORTRAN, COBOL, LISP, VB, .NET, ASM, or any other number of languages, both arcane and common. Is C# somehow more secure than C++? Or COBOL more secure than Java? No. In fact, some languages have even less ability to protect the user from malware than Java, as they lack the security certificate mechanisms (which are currently giving me all sorts of grief as I try to get an older program running again).
And with Java, you're giving access to some random web site designer to do an awful lot of things on your computer.
And this is different from .NET, PHP, ASP, VB, Flash, and HTML5 how, exactly?
One of the bad guys favorite things to do is to create errors. (That would be something like trying to divide by zero.) Programmers generally are pretty good at handling errors, but they're not perfect. So the bad guys poke around a lot until they find some kind of error that isn't handled correctly. That can make the computer do unexpected things. Those baddies find out what that unexpected thing is and then take advantage of it to get more access to your computer than you think you gave them.
Often, they'll take advantage of that additional access to install another program on your computer without your permission. That stuff is malware. It generally does bad things. At best, it just makes your computer run slower. At worst, it steals various pieces of information and sends them on to the baddies, who figure out a way to convert that information into money.
And here we're getting to where I think you're going wrong. Programmers