Huge security hole in .NET: Java creator

Gosling, who is currently CTO of Sun's Developer Products group, made the comments as part of his speech to developers at an event in Sydney earlier this week. He further commented that by including the two languages into Microsoft's software development platform, the company -has left open a security hole large enough to drive many, many large trucks through".

According to Gosling, the security hole is based upon the fact that several features of the older languages are ambivalent with regards to security: -C++ allowed you to do arbitrary casting, arbitrary adding of images and pointers, and converting them back and forth between pointers in a very, very unstructured way.

"If you look at the security model in Java and the reliability model, and a lot of things in the exception handling, they depend really critically on the fact that there is some integrity to the properties of objects. So if somebody gives you an object and says 'This is an image', then it is an image. It's not like a pointer to a stream, where it just casts an image," said Gosling.

Microsoft developer evangelist Charles Sterling didn't entirely disagree with Gosling's comments, but he sought to clarify the issue with .NET's security. Stirling pointed out that .NET defines different sorts of code. "Managed" code is code that is executed under the control of the .NET framework. New languages such as C# and Visual Basic.NET only produce managed code.

However, Gosling is concerned about "unsafe" code, which is produced by traditional languages like C and C++. Unsafe code is old code that does not strictly follow the rules of type safety that .NET defines, and this sort of code requires additional permissions to execute. According to Sterling, "you as a developer take it upon yourself" to utilise unsafe code in your .NET applications.

An important point is that the so-called unsafe code does have the potential to run faster than "managed" code due to some languages' ability to include machine-specific features that may sacrifice platform portability for speed. Sterling acknowledged this as he said that the choice between the two platforms is all about risk: if developers are willing to "accept the risk" of unsafe code then they may gain access to "the best performance system on the planet".

Sterling also gave the debate a reality check when asked of his personal knowledge of .NET developers actually implementing C or C++ code under a .NET framework. Of the approximately one thousand developers that Sterling knows, he could only recall one directly developing under the C++ code. Whether this indicates an unwillingness on the part of developers to utilise code that is unsafe is notclear.

• Related stories

• Alerts

Add your opinion

Both .NET and Java are brain-d ...Anonymous -- 05/02/05

Both .NET and Java are brain-damaged attempts to make incompetent programmers harmless, even if it results in delivering slow, bloated and generally low-quality software to customers.

• Reply to comment
• Reply to story
• Report offensive content

Java suffers from the same pro ...Anonymous -- 05/02/05

Java suffers from the same problem.

Anyone read sun's docs on calling native methods or doing JNI?

Under .NET, there is a clear separation between safe and unsafe code.

• Reply to comment
• Reply to story
• Report offensive content

Gosling either doesn't underst ...Anonymous -- 05/02/05

Gosling either doesn't understand or doesn't want to admit that running C++ is not endangering the .NET CLR at all! C# already supports unsafe code. But whether it is C# unsafe code or C++ code, it can't run at all on a user's machine unless it is explicitly given full permissions to the user's system.

Check out all the responses on Slashdot:
http://it.slashdot.org/article.pl?sid=05/02/04/2139259&tid=172&tid=109&tid=108&tid=102&tid=1

• Reply to comment
• Reply to story
• Report offensive content

Very interesting point, indeed ...Anonymous -- 05/02/05

Very interesting point, indeed.
I would particularly like to point out that, althogh Mr. Sterling points out that only one in thousand developers is using one of those two languages, that person most probably is a Microsoft developer working on a Longhorn application that requires performance, such as IIS, for example.

• Reply to comment
• Reply to story
• Report offensive content

No independent, industry accep ...Anonymous -- 05/02/05

No independent, industry accepted security standards or criteria are referenced by either Mr. Gosling or Mr. Sterling. Thus the credibility of the discourse between the two depends on who is the more credible industry celebrity. *cough* The reported claim and rebuttal are at best a childish "is to! is not!" argument and corporate sponsored FUD (fear, uncertainty, doubt) at worse. A real discussion would use criteria such as U.S. DoD security accreditation standards as a reference to ****ess the merits Java's and .NET's security arguments.

• Reply to comment
• Reply to story
• Report offensive content

As with any language and/or sy ...Anonymous -- 05/02/05

As with any language and/or system - you can create safe or unsafe. As I see todays application developers (sorry) they better have a safe system to work. The times when applcations and systems were strictly separated is gone (IMHO). I write comm. systems with ****embler, C, C++ , C#, Delphi, Python BUT the applications running on top of that layer ARE UNSAFE ( independent what the system is ) even if the applications developers are supposed to be good the comm. layer has to do all the work protecting the system - they ( and their managers ) have absolutely no idea what it takes to protect against any kind of memory overflow, unauthenticated connection, unauthorized access to some service, etc.. A never ending story..

• Reply to comment
• Reply to story
• Report offensive content

Ah ah! I can't believe it! Gos ...Anonymous -- 05/02/05

Ah ah! I can't believe it!
Gosling lost every ounce of credibility he had left...If at leat he understood what .Net is about.

Come on James, go have a read! You're pathetic!

• Reply to comment
• Reply to story
• Report offensive content

he must be complete brain dead ...Anonymous -- 05/02/05

he must be complete brain dead.

First off I code with C++ .net (i prefer C++ .net over C#), and I use unsafe code. why you ask?

because i know how to use it. I have been developing in C & C++ for a long time, so i know the 'ins' and 'outs' of the language.

this isnt about the language, this is about getting java more developers and publicity.

• Reply to comment
• Reply to story
• Report offensive content

I see that there are many Micr ...Anonymous -- 05/02/05

I see that there are many Microsoft developers among the readers.

In the above comments I read things like "I'm a super good programmer, and therefore I don't make any mistakes that threaten security". To me that shows utter ignorance. Virus creators may also be "super good programmmers".
It should not be *possible* to write unsafe code. In fact, any such possibility must be considered a bug, because if the oportunity is there then someone will write code that exploits it.

The Windows NT kernel was written to the OS/2 3.0 specification. The spec was very security-oriented, and the original Kernel design (a micro-kenel) reflected that. But as Mr Sterling points out some people favour speed over security; compromises were made. The NT kernel now includes things like the graphical sub-system and some .NET compnents. The consequence? As we all know it is virtually impossible to create a reasonably safe installation of Windows NT/2000/XP. New patches every week! Viruses and worms. Global outages.

For Java (and Linux, and Unix), the default is the safe mode. Any exception will have to manually enabled by the guy with administrative privileges. For example, a Java applet does not, ever, allow JNI calls, unless the user specifically takes action to enable them.

In the DOS days reliability was in the hands of the programmers. It should not be that way in the new century.

• Reply to comment
• Reply to story
• Report offensive content

What the hell? Is this a joke ...Anonymous -- 05/02/05

What the hell? Is this a joke? Are you seriously trying to defame .NET because of people who are stupid enough to still program in C++ and C?

I don't think this should be a stab at .NET it should be a stab at C++ and C, but it gets redirected towards .NET some how?

Honestly, this is almost as bad as a "Macintosh is more secure than windows" article.

Don't post this garbage, ever.

• Reply to comment
• Reply to story
• Report offensive content

Poor attempt of a java adverti ...Anonymous -- 05/02/05

Poor attempt of a java advertisement. You can make the same mistake using JNI. Case closed - time wasted.

• Reply to comment
• Reply to story
• Report offensive content

Regarding the whole: MS added ...Anonymous -- 05/02/05

Regarding the whole: MS added things to the kernel and therefore it is the cause of virii getting through:

Uhm, which viruses and worms specifically? The majority of Windows worms and viruses come from a combination of unsafe ActiveX components and people running their boxes as Administrators. And more the latter than anything else.

An exploited application (read: a worm you've downloaded, an activex component, or a buffer overrun attack) is generally only as powerful as the permissions given to the application. So, if you aren't running your box as Admin, hey, it can't attack the files in your system, most of the registry, and the Program Files folder.

If you are going to ding Microsoft, pick your targets correctly.

• Reply to comment
• Reply to story
• Report offensive content

I find it extremely hard to be ...Anonymous -- 05/02/05

I find it extremely hard to believe that the CTO of a UNIX provider only knows 1 programmer using C++. I know Solaris isn't written in Java.

• Reply to comment
• Reply to story
• Report offensive content

James Gosling is right when he ...Anonymous -- 05/02/05

James Gosling is right when he talks about "risk" but probably less so when he talks about "huge mistake".

Writing device drivers and other low-level coding is still best done in C or C++. Microsoft had no choice but leave this option open. The industry will only be rid of such requirement when the entire stack of system components is built with embedded virtual machine primitives support. That's not likely to happen anytime soon, is it?

Perhaps Gosling is trying to stimulate component vendors to build more Java-enabled devices. If you are running Java, there's always a platform-specific layer which eventually runs a non-managed code of some sort. Nobody can provide a 100% managed-code solution platform at this stage, not even Sun. How could Microsoft not support that in .Net?

• Reply to comment
• Reply to story
• Report offensive content

I see that there are many Micr ...Anonymous -- 05/02/05

I see that there are many Microsoft developers among the readers.

In the above comments I read things like "I'm a super good programmer, and therefore I don't make any mistakes that threaten security". To me that shows utter ignorance. Virus creators may also be "super good programmmers".
It should not be *possible* to write unsafe code. In fact, any such possibility must be considered a bug, because if the oportunity is there then someone will write code that exploits it.

The Windows NT kernel was written to the OS/2 3.0 specification. The spec was very security-oriented, and the original Kernel design (a micro-kenel) reflected that. But as Mr Sterling points out some people favour speed over security; compromises were made. The NT kernel now includes things like the graphical sub-system and some .NET compnents. The consequence? As we all know it is virtually impossible to create a reasonably safe installation of Windows NT/2000/XP. New patches every week! Viruses and worms. Global outages.

For Java (and Linux, and Unix), the default is the safe mode. Any exception will have to manually enabled by the guy with administrative privileges. For example, a Java applet does not, ever, allow JNI calls, unless the user specifically takes action to enable them.

In the DOS days reliability was in the hands of the programmers. It should not be that way in the new century.

• Reply to comment
• Reply to story
• Report offensive content

Interoperability and performan ...Anonymous -- 06/02/05

Interoperability and performance demand C/C++.

The performance difference between Java, C#, and so forth versus C/C++ is really not too bad, until it matters. When it really matters, you really want to manage your own memory and have the low level control that C/C++ offer you.

Being able to program in C is also important for interoperability. Java, C#, Python, Ruby, they all have a way to connect to C because -- like it or not -- that's where the libraries are. If you want to write a program that can be used from any language, you provide C bindings, not COM, DCOM, CORBA, or whatever the latest trendy object model is. C is what everything can communicate with.

• Reply to comment
• Reply to story
• Report offensive content

If you are a Small to Medium s ...Anonymous -- 06/02/05

If you are a Small to Medium sized business and looking for a website to be developed or have an internal solution for billing etc. it is always better go for PHP or Perl with Linux platform. It is very cheap to host your website which reduces your on-going costs. If you are expecting some integration and necessary to implement Web Services, use Java in the middle tier and PHP in the presentation layer to reduce the development time and get the considerable performance. If you have less than half a million customers and not expecting more than 10000 customers at a time using your website, no need to look at commercial solutions. For any professional advice or consultation to discuss your needs vist htttp://www.webanalytics.net.au

• Reply to comment
• Reply to story
• Report offensive content

Risk Mitigation is the key. 1 ...Anonymous -- 06/02/05

Risk Mitigation is the key.

1 All companies need to slow down and define a global list of issues.

2 they need to collaborate on all security matter in coding, conventions etc

It's just not good enough of an excuse to me for a devloper to say there are lietrally millions of line s of code to search through.

Get your acts together and create code that is secure as possible before release.

I personally am sick of trying to help users who are constanly invaded by java, dso threats and the like.

It drives me mad that there are some many holes in peoples code.

• Reply to comment
• Reply to story
• Report offensive content

What does it means? We should ...Anonymous -- 07/02/05

What does it means? We should dismiss C++ or C or ****embly because they are 'unsafe'?

• Reply to comment
• Reply to story
• Report offensive content

Gosling should stop to smoke c ...Anonymous -- 07/02/05

Gosling should stop to smoke crack. Or work in Java. Both are brain damaging beyond any hope of redemption. For a "Chief Technologist", showing how less he knows about its competitor is certainly not a smart move. Well, this is Darwinism at work. Soon, the old dinosaurs Sun, Gosling will go for extinction. Good riddance.

• Reply to comment
• Reply to story
• Report offensive content

Was the author of this article ...Anonymous -- 08/02/05

Was the author of this article at the talk Gosling made? Or is ZDnet basing this on reports in builder.au? You've left out completely all the context of Gosling remarks while give the Microsoft guy free rein to reply to something he didn't even hear.

Please stop reduceing technical debate to the level of tabloid journalism.

• Reply to comment
• Reply to story
• Report offensive content

Re: "Both .NET and Java a ...Anonymous -- 16/02/05

Re: "Both .NET and Java are brain-damaged attempts to make incompetent programmers harmless"

I don't think that "incompetent" programmers are necessarily targeted, it's the evil ones -- who aren't making mistakes, but purposeful mischief and mayhem.

• Reply to comment
• Reply to story
• Report offensive content

Should we stop using c/c++? I ...Anonymous -- 18/02/05

Should we stop using c/c++? Isn't that what .net and c# is all about? Mr. gates didn't go to a copy of the Virtual Machine for amusement. As new architectures and OS's emerge from Mr. gates, he only has to port his VM to the new architecture. You do not have to port your mountain of business code. Mr. gates can move faster with less kicking and screaming from his development customers. The C/C++ code has to be marked as a possible port to new system calls. Usoft told me over a year ago that they really like centralized business logic serving many client types (EJB) and o/r mapping and planned to deliver both to his managed .net environemnt. Since then I have found out that the majority of usoft programmers don't understand this. I know change is tough when you've invested so much time in c/c++. So have I. I have also spent a lot of time (years) porting it. Java is safe and secure and is a perfect fit to OO. Mr. Gates realizes that enterprises running mission critical serverside code not only want, but need this (managed c#).
As for you folks being derogatory to Mr. Gosling, you are just showing us that you have not grown up yet, have no cl****, and have an immense lack of understanding of these programming issues, and as a result, are very insecure. Just my opinion that the industry would be better off without you, not Mr. Gosling.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials