Copy Link
Add to Bookmark
Report
Java Coffee Break Newsletter Volume 3 Issue 07
Java Coffee Break Newsletter Volume 3, Issue 7
http://www.javacoffeebreak.com/
ISSN 1442-3790
=================================================================
In this issue
* Featured Java Websites
* Article : Java Viruses - are you at risk?
* Q&A : What can cause an object to fail to initialize properly?
* Q&A : I'm trying to compile a Java source file, and get
the error message "bad command or filename".
What did I do wrong?
* Q&A : What is a "magic number" in Java, and why does it
sometimes go bad (referring to a bad magic number
error when loading applets) ?
=================================================================
/*
* Looking for answers to those tricky Java problems?
* Sure you can try newsgroups, or read FAQs. But if you
* need an answer -now- , then try HotDispatch.
* HotDispatch is an open community of Java experts, where
* you can get accurate and low-priced consulting support.
* How low? You set the price!
* Best of all, new users receive $25 credit (limited time only)
*
* --> http://www.hotdispatch.com/home?aff=235138707
*/
=================================================================
Featured Java Websites
Here are a selection of websites that may be of interest to
readers.
Moving from Java to XML doesn't need to be a chore
XML and Java are two hot topics in their own right. Combine
them together, and you've got sizzle. Sun Microsystems
offers this free tutorial that shows you how to integrate
XML with Java. The tutorial covers three critical issues:
understanding XML theory, walking through XML documents
sequentially using the SAX model, and parsing XML
documents as a tree of objects (using the DOM model).
If SAX, DOM, and XML sound like meaningless jargon, this
is the tutorial for you. With plenty of code and
step-by-step instructions, you'll be writing XML
in no time.
http://java.sun.com/xml/tutorial_intro.html
Software Development Magazine Online
If you're a serious software developer, then you need
Software Development Magazine. Unlike many publications,
SDM puts their best articles online for free, and there's
an extensive archive of back-issues. There are articles on
programming techniques, debugging, tools and IDEs, software
design, and much more. There are also regular articles on
individual languages such as Java and C++. This is a great
read for developers, packed full of useful tips and tricks
to improve your software.
http://www.sdmagazine.com/
=================================================================
/*
* Want a great deal on books, music, movies, software, or
* garden & patio items? Yes - Amazon now sells garden & patio
* items, along with electronics, health and tools. Whatever
* you're looking for, you'll find it at Amazon.com
*
* --> http://www.amazon.com/exec/obidos/redirect-home/davidreillysprog
*/
=================================================================
Article : Java Viruses - are you at risk?
Computer viruses can attack any operating system and
computing architecture. Until recently, however, it
was believed that Java was immune, since it didn't
use native code. StrangeBrew, and others like it,
are amongst the world's first portable OS-neutral
viruses -- By David Reilly
Few people today would be unaware of the very real threat of
computer viruses. Even if you're not computer savvy, the
likelihood that a computer failure would affect you at some
point in your everyday life is fairly high. When you use an
ATM, buy groceries, swipe a credit card or drive on the roads,
you are relying on the services of computers - even if you're
not actively aware of it.
Now I certainly don't want to alarm readers, but computer
viruses can have some pretty nasty effects. While sometimes
they are mild annoyances, there are some pretty serious viruses
around that can cause loss of data, or can cause loss of
service (such as the spate of email viruses last year that
brought down the mail servers of Fortune 500 companies). So a
keen awareness of viruses is important, particular for software
developers. Ignorance can be dangerous, and can give one a
false sense of security.
Until recently, it was generally believed that viruses had to
be written in assembly language or low-level machine code.
However in the last few years a growing number of viruses have
been written in interpreted languages and program macros for
applications like Outlook and Word/Excel. So it was only
inevitable that eventually, the Java language would be used
to write viruses.
Of course, the fact that it was inevitable didn't mean that
the Java community saw it coming. Indeed, even long after the
release of the first Java virus (dubbed StrangeBrew), even
some noted experts tried to bury their heads in the sand and
deny that it was really a virus. The thought that Java,
billed as a secure programming language, could be susceptible
to viruses was frightening; too frightening for some to
accept.
Enter the virus
The world's first Java virus was identified by Symantec's
automated virus search engine in late 1998, and dubbed
StrangeBrew. StrangeBrew used a novel approach - it was
capable of replication by modifying the byte-code of Java
class files. Like other viruses, it was written in machine
code, but in the case of StrangeBrew, the machine code was
Java byte-code capable of executing on a Java Virtual
Machine (JVM). StrangeBrew could search for .class files,
just like a .COM or .EXE infector searches for application
software.
But Java is secure.... right?
Java applets executing within a web browser are tightly
controlled, and constrained by a rather strict security
manager (known as the 'sandbox'). Any unsigned applet is
prevented from file access, or from opening a network
connection to a remote machine other than the machine from
which it was loaded. So, StrangeBrew infected applets are
unable to propagate, since they can't access your hard drive.
So StrangeBrew is safe..... right?
StrangeBrew is still capable of infecting your system if it
is freed of the applet sandbox. This means that application
software (run from the command-line prompt) can infect other
application software. So StrangeBrew is more likely to affect
users that run Java applications, or Java software developers.
Other Java viruses
StrangeBrew may have been the first Java virus, but is
certainly not the last. In 1999, another Java virus was
identified (again by Symantec), and dubbed BeanHive. Nor is
this likely to be the last strain of Java virus identified.
Are Java viruses a threat?
So far, outbreaks have been minimal, and the payload included
with StrangeBrew and BeanHive has been fairly non-destructive.
BeanHive also contained bugs, which made it unlikely that it
would spread. It appears that both viruses were
proof-of-concept creations, designed to make the Java
community aware that it is not immune to the threat of viruses.
Neither present a serious risk to users.
That is not to say, however, that a more serious virus outbreak
can't happen. Indeed, the networking support within Java would
make viruses capable of extreme damage, such as spiriting away
password files or sensitive documents off a user's machine.
Summary
Java, like any computing platform, is not immune to viruses.
While the strict security restrictions on applets make it
unlikely applets will be used to transmit viruses, the
increasing use of Java applications by users make the
possibility of a serious viral outbreak very likely in the
future. Certainly don't panic - but be aware that Java is no
different to other operating systems like Windows and Unix,
and that a Java virus is capable of infecting both platforms!
=================================================================
Q&A: What can cause an object to fail to initialize properly?
When creating a new instance of an object, the JVM will call the
appropriate constructor, which is a method that initializes an
object's state. Objects can have overloaded constructors, which
are constructors that take more than one set of parameters. If
no constructor is defined, a default constructor will be called.
Initialization problems can occur in any constructor, and for a
variety of reasons. The most common reason is that invalid
parameters were passed to the constructor. Unless the
constructor relies on some external objects, this will be the
trigger. Sometimes, there could be a defect in the code, but
most likely, it is because invalid arguments have been passed,
or that a null argument was passed incorrectly.
How will you know if an object didn't initialize properly?
This will usually manifest itself in an exception at runtime,
and the most common exception will be a
java.lang.IllegalArgumentException, or in the case of an error
a java.lang.NullPointerException or a java.lang.RuntimeException.
Well crafted applications will either catch such exceptions, and
fail gracefully, or ensure that they don't violate some important
precondition about parameters (for example, passing an
out-of-bounds or null value). Always be sure to check the API
documentation for an object constructor, to prevent such errors.
=================================================================
Q&A: I'm trying to compile a Java source file, and
get the error message "bad command or filename".
What did I do wrong?
This is a VERY frequently asked question for Windows users of the
JDK. You need to add a path statement in your autoexec.bat file
on windows to allow the javac.exe program to be found.
For example, if you installed java to the c:\java\ directory,
you'd add the following to autoexec.bat
set path=%path%;c:\java\bin\
Hint: change the path to your installation dir
(e.g. c:\jdk1.1.7\bin)
Remember to rerun the autoexec.bat file or reboot before trying
to compile again, or the path setting will not be acted upon.
=================================================================
Q&A : What is a "magic number" in Java, and why does it
sometimes go bad (referring to a bad magic number
error when loading applets) ?
The class definition files (*.class) for Java applets are loaded
over the network. Sometimes during the transmission of files, the
connection may be aborted, or may be scrambled, causing class
loading to fail. Sometimes when copying files over to a web
server, they may become garbled or a disk error might occur.
For this reason, special care is taken by the JVM and the
class loader, to verify that classes are intact. One of the
precautions is that every class definition contains at the
beginning the magic number, a sequence of four bytes that
identify a file as a Java class definition file.
For those curious to know what the magic number is, it is the
hexadecimal number CAFEBABE, which is used by the class loader
to see if a file is really a class definition file. Please don't
ask me why it spells out cafebabe - my guess it was an attempt
at humor.
=================================================================
The Java Coffee Break Newsletter is only sent out to email
subscribers who have requested it, and to readers of the
comp.lang.java.programmer and comp.lang.java.help
newsgroups.
If you'd like to receive our newsletter, and get the latest
Java news, tips and articles from our site, then get your FREE
subscription & back issues from
http://www.javacoffeebreak.com/newsletter/
If you are an email subscriber and no longer wish to receive
the JCB Newsletter, please unsubscribe by emailing
javacoffeebreak-unsubscribe@listbot.com