Welcome to MSDN Blogs Sign in | Join | Help

Java and .NET Security compared

The university of Virginia has published a report available here that compares Java and .NET security.

One of their key conclusions "Where Java evolved from an initial platform with limited security capabilities, .NET incorporated more security capability into its original design. With age and new features, much of the legacy code of Java still remains for backwards compatibility including the possibility of a null SecurityManager, and the absolute trust of classes on the bootclasspath. Hence, in several areas .NET has security advantages over Java because of its simpler and cleaner design."

 

Published Thursday, August 25, 2005 6:05 PM by gdada

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Java and .NET Security compared

Saturday, August 27, 2005 8:16 AM by AC

lies and statisrics and #¤%#@ bias!

# re: Java and .NET Security compared

Saturday, August 27, 2005 8:56 AM by Anonymous Fat Cow


why do I have hard time believing this?

Maybe because in the last page they argue why the 9 vulnerabilities in .NET (that we know of) don't really count... those found in pre-1.0 don't count either, those silently patched don't count,

.. but the 10 vulnerabilities introduced by Microsoft in their JVM implementation DOES COUNT and are a sign of the insecurity of Java???

# re: Java and .NET Security compared

Saturday, August 27, 2005 10:42 AM by Anonymous Coward
Being an avid Linux user and sort of converted from a Microsoft user to an anti-Microsoft user by a colleague of mine, I would have to agree that .NET is pretty secure compared with Java.

# re: Java and .NET Security compared

Saturday, August 27, 2005 10:43 AM by David Shaw
The problem of course, is that .NET runs on a Microsoft platform. You don't have to bother cracking the .NEt security -- simply compromise the box on which it runs and take over from the other side.

Anyone who uses .NET for mission critical apps is a fool.

# re: Java and .NET Security compared

Saturday, August 27, 2005 11:33 AM by Joel Ivory Johnson
"Compromising the box" gets into levels of security that is outside the scope of this document. The article is speaking of application security and the ability to restrict the actions of an untrusted application. This is stated in the document's abstract and introduction.

# Slashdot article about UVA Security Study

Saturday, August 27, 2005 3:31 PM by .net <i>DE</i>lirium
Something I never figured to see on /., an article that highlights a study&amp;nbsp;published by the CS department...

# re: Java and .NET Security compared

Sunday, August 28, 2005 12:21 PM by Charles Wagner
"Anyone who uses .NET for mission critical apps is a fool."

A claim that you can't backup. True Professionals use the technology solution that best fits the problem. Java will not always be that solution, unless that is the only technology you know.

# Java started insecure? Huh.

Sunday, August 28, 2005 6:45 PM by Rob
I've been using Java since version 1.0.2 showed in '96 or '97. Anyone remember this? It was designed to be run primarily in web browsers, and the two primary features were 1) cross-platform and 2) security. This was a direct response to the dangers of Active-X.

Remember the "sand-box"? Remember the checked arrays, and lack of pointers? There's no such thing as a buffer overrun in Java. I'm no .NET expert, but I do believe you can still write "unsafe" code with direct pointer manipulation if you just flag that section as unsafe. Hmm.

There have certainly been the occasional bug in the virtual machines over the years, many of them only in Microsoft's implementation... and most of them quite quickly fixed.

None of this proves which environment is less secure, in the end... but I do suspect a flawed study when I see suggestions like that.

# re: Java and .NET Security compared

Tuesday, August 30, 2005 5:50 PM by Tony A.
Yes I remember the sandbox and security features that began in the summer of 1995 with 1.0.2.

Saying that Java began w/o security is showing ignorance of history. It was JUST THE OPPOSITE.

I agree with Rob.

# re: Java and .NET Security compared

Sunday, March 18, 2007 8:57 AM by Doxycycline

Re: <a href=http://medjetnet.info/doxycycline/buy-doxycycline.html>Doxycycline</a>">http://medjetnet.info/doxycycline/buy-doxycycline.html>Doxycycline</a> is used to treat bacterial infections, including pneumonia and other respiratory tract infections; Lyme disease; acne; infections of skin, genital, and urinary systems; and anthrax (after inhalational exposure). It is also used to prevent malaria. Doxycycline is in a class of medications called tetracycline antibiotics. It works by preventing the growth and spread of bacteria. Antibiotics will not work for colds, flu, or other viral infections.

[URL=http://medjetnet.info/doxycycline/buy-doxycycline.html]buy doxycycline[/URL]|

# re: Java and .NET Security compared

Tuesday, March 20, 2007 12:07 AM by dokka

I have a problem in your design. I use Firefox in Ubuntu.

# re: Java and .NET Security compared

Tuesday, March 20, 2007 7:40 PM by mokka

Very ineresting web site. I like many post. I have say you THANK YOU VERY MACH

# re: Java and .NET Security compared

Wednesday, May 07, 2008 12:31 AM by Kuklad

Open this post and read what I think about that:,

# Good site

Sunday, December 14, 2008 10:40 AM by balabo3_cp

<a href= http://index3.vopowil.cn >auguste rodin</a> <a href= http://index2.lenirad.cn >cobb house building</a> <a href= http://index2.sytovow.cn >timor-leste</a> <a href= http://index3.sytovow.cn >diane williamson</a> <a href= http://index2.saxycuc.cn >head over heels go</a>

# Good site

Monday, February 02, 2009 3:46 PM by balabo3_aa

<a href= http://index1.ypamoti.com >birthday cake pictures of fairys</a> <a href= http://index2.ypamoti.com >paul zenon</a> <a href= http://index3.ypamoti.com >sun laboratories inc</a> <a href= http://index4.ypamoti.com >camarow concept</a> <a href= http://index5.ypamoti.com >bc lions</a>

# GerardoDada Java and NET Security compared | Cellulite Creams

Monday, June 08, 2009 10:56 PM by GerardoDada Java and NET Security compared | Cellulite Creams

PingBack from http://cellulitecreamsite.info/story.php?id=2014

# GerardoDada Java and NET Security compared | Toe Nail Fungus

Tuesday, June 09, 2009 2:12 AM by GerardoDada Java and NET Security compared | Toe Nail Fungus

PingBack from http://toenailfungusite.info/story.php?id=786

# GerardoDada Java and NET Security compared | Weak Bladder

Tuesday, June 09, 2009 2:27 PM by GerardoDada Java and NET Security compared | Weak Bladder

PingBack from http://weakbladder.info/story.php?id=6847

# GerardoDada Java and NET Security compared | Best Eye Cream

Tuesday, June 09, 2009 3:51 PM by GerardoDada Java and NET Security compared | Best Eye Cream

PingBack from http://besteyecreamsite.info/story.php?id=180

Leave a Comment

(required) 
required 
(required) 
 
Page view tracker