Apr 012012

(If you’re a developer, you remember these classic articles about Java problems as well as I do. It’s worth looking back on this stuff, if only for nostalgia’s sake)

Oh so classic.

Java and Javascript continue to be thorns in the sides of Netscape Communications Corp. and Microsoft Corp., which are still plagued by potentially hazardous security loopholes in their respective Web clients.

While the overall impact of these bugs is minor, negative public perception is discouraging businesses and users from truly believing that the Internet is safe.

Last week, Netscape posted Communicator 4.03 to its Web site, fixing a JavaScript bug that would have enabled Web sites to snoop and snatch user information, such as passwords, during a visit.

Later this month, Microsoft will patch a bug caused by its Java implementation found in the current (second) beta of Internet Explorer 4.0. The bug could have enabled a rogue applet to corrupt a local computer system’s files. Microsoft expects the bug to be fixed when the final version of IE 4.0 ships late this month.

These are not the first, nor last, bugs to be discovered in the browsers. However, most of the flaws to date have been discovered by university researchers whose sole purpose is finding security loopholes. Virtually none of the recently reported bugs have had an impact on end users.

It’s the perception of the bugs that has a far greater impact.

“I hear about these bugs and the flaws and the scams that are taking place on the Internet, and I really wonder if it is worth the risk,” said Barry Crombe, an independent investment consultant in San Francisco. “I know that these security flaws are not a real threat; yet it still gives me pause.”

The Netscape bug centered around enabling a Webmaster to use JavaScript code to snoop on users who connect to a site. The JavaScript bug would open a second browser window, through which JavaScript commands could be used to snoop on the user’s machine.

If a user browsed the site using the second browser window, a snooping administrator could have access to the user’s data, said Netscape officials. The JavaScript bug was discovered by a student at the University of California at Santa Barbara.

The Microsoft Java bug was not a flaw of Java, but a flaw in the Microsoft implementation of Java in IE. Discovered earlier this month by researchers at the Massachusetts Institute of Technology, in Cambridge, Mass., the bug would have enabled a Java applet that contained DirectX APIs (Microsoft multimedia APIs) to access and possibly destroy local files.

No other Java-based browsers or systems were affected by the bug, since Microsoft implements Java in a proprietary method.

Microsoft officials were unavailable for comment, but documents on the company’s Web site acknowledge the bug and state that a fix would be issued with the final release of IE 4.0.

Analysts said that users should expect to keep hearing about bugs in the future, since both browsers are expanding and growing in size and scope.

“This is software, and there are always going to be bugs,” said Harry Fenik, an analyst at Zona Research Inc., based in Redwood City, Calif. “The truth is that these create more FUD [fear, uncertainty and doubt] in the minds of users than actual problems for them.”

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>