Java and .NET Security compared


The university of Virginia has published a report available here that compares Java and .NET security.


One of their key conclusions “Where Java evolved from an initial platform with limited security capabilities, .NET incorporated more security capability into its original design. With age and new features, much of the legacy code of Java still remains for backwards compatibility including the possibility of a null SecurityManager, and the absolute trust of classes on the bootclasspath. Hence, in several areas .NET has security advantages over Java because of its simpler and cleaner design.”

 


Comments (19)

  1. AC says:

    lies and statisrics and #¤%#@ bias!

  2. Anonymous Fat Cow says:

    why do I have hard time believing this?

    Maybe because in the last page they argue why the 9 vulnerabilities in .NET (that we know of) don’t really count… those found in pre-1.0 don’t count either, those silently patched don’t count,

    .. but the 10 vulnerabilities introduced by Microsoft in their JVM implementation DOES COUNT and are a sign of the insecurity of Java???

  3. Anonymous Coward says:

    Being an avid Linux user and sort of converted from a Microsoft user to an anti-Microsoft user by a colleague of mine, I would have to agree that .NET is pretty secure compared with Java.

  4. David Shaw says:

    The problem of course, is that .NET runs on a Microsoft platform. You don’t have to bother cracking the .NEt security — simply compromise the box on which it runs and take over from the other side.

    Anyone who uses .NET for mission critical apps is a fool.

  5. Joel Ivory Johnson says:

    "Compromising the box" gets into levels of security that is outside the scope of this document. The article is speaking of application security and the ability to restrict the actions of an untrusted application. This is stated in the document’s abstract and introduction.

  6. Something I never figured to see on /., an article that highlights a study published by the CS department…

  7. Charles Wagner says:

    "Anyone who uses .NET for mission critical apps is a fool."

    A claim that you can’t backup. True Professionals use the technology solution that best fits the problem. Java will not always be that solution, unless that is the only technology you know.

  8. Rob says:

    I’ve been using Java since version 1.0.2 showed in ’96 or ’97. Anyone remember this? It was designed to be run primarily in web browsers, and the two primary features were 1) cross-platform and 2) security. This was a direct response to the dangers of Active-X.

    Remember the "sand-box"? Remember the checked arrays, and lack of pointers? There’s no such thing as a buffer overrun in Java. I’m no .NET expert, but I do believe you can still write "unsafe" code with direct pointer manipulation if you just flag that section as unsafe. Hmm.

    There have certainly been the occasional bug in the virtual machines over the years, many of them only in Microsoft’s implementation… and most of them quite quickly fixed.

    None of this proves which environment is less secure, in the end… but I do suspect a flawed study when I see suggestions like that.

  9. Tony A. says:

    Yes I remember the sandbox and security features that began in the summer of 1995 with 1.0.2.

    Saying that Java began w/o security is showing ignorance of history. It was JUST THE OPPOSITE.

    I agree with Rob.

  10. Doxycycline says:

    Re: <a href=http://medjetnet.info/doxycycline/buy-doxycycline.html>Doxycycline</a>”>http://medjetnet.info/doxycycline/buy-doxycycline.html>Doxycycline</a> is used to treat bacterial infections, including pneumonia and other respiratory tract infections; Lyme disease; acne; infections of skin, genital, and urinary systems; and anthrax (after inhalational exposure). It is also used to prevent malaria. Doxycycline is in a class of medications called tetracycline antibiotics. It works by preventing the growth and spread of bacteria. Antibiotics will not work for colds, flu, or other viral infections.

    [URL=http://medjetnet.info/doxycycline/buy-doxycycline.html]buy doxycycline[/URL]|

  11. dokka says:

    I have a problem in your design. I use Firefox in Ubuntu.

  12. mokka says:

    Very ineresting web site. I like many post. I have say you THANK YOU VERY MACH

  13. Kuklad says:

    Open this post and read what I think about that:,

  14. balabo3_cp says:

    <a href= http://index3.vopowil.cn >auguste rodin</a> <a href= http://index2.lenirad.cn >cobb house building</a> <a href= http://index2.sytovow.cn >timor-leste</a> <a href= http://index3.sytovow.cn >diane williamson</a> <a href= http://index2.saxycuc.cn >head over heels go</a>

  15. balabo3_aa says:

    <a href= http://index1.ypamoti.com >birthday cake pictures of fairys</a> <a href= http://index2.ypamoti.com >paul zenon</a> <a href= http://index3.ypamoti.com >sun laboratories inc</a> <a href= http://index4.ypamoti.com >camarow concept</a> <a href= http://index5.ypamoti.com >bc lions</a>

Skip to main content