Truth About Computer Security Hysteria
Java Trojans/virusesCATEGORY: Overblown computer security threats
Reporters focused on Java security in 1996 when an expert (probably Vijay Sureshkumar) described malicious Java applets as "black widows." Expert Mark LaDue generated controversy around the same time with a website filled with "sample" malicious applets. Princeton's Secure Internet Programming team also focused on Java security around this time and generated some controversy. The resulting media attention convinced many companies to ban Java as a perceived risk.
The first true Java applet virus surfaced in 1998. Reporters eventually stopped screaming about "Java black widows," but the media sometimes revives the perceived risk. Case in point: reporters warned in February 2001 of a Java-related threat which doesn't impact the Internet user population.
Java applets remain an obscure risk to this day despite years of media hoopla (especially when you compare them to the well-known risk posed by email attachments). If someone urges you to disable Java for security reasons, ask a philosophical question: "what portion of the Java security model fails to meet your rigid standards?"
Last updated: 2001/2/22