Finjan

I just stumbled across the FINJAN SITE thought it might be useful to some of you folks. I did the tests and got clear marks on everything except the "Executables" test but I wouldn't ordinarily have opened the attachment, so I don't feel too vulnerable.

The overview they present is also enlightening and perhaps points the virus war in a different direction.

Comments?

 

First I checked out the site using groups.google and it is legitimate. I only tried the Java applet test. Using Netscape Communicator 4.78 I got a Netscape "Java Security" dialog box similar to the image shown at this site under the following paragraph:
5. Signed applets i.e. trusted applets
Java Development Kit version 1.1 provided means for applets to escape the sandbox security restrictions by offering a possibility for signing applets digitally. Digital signatures are based on public key cryptography [19] and are used to verify the integrity of an applet and the identity of the signer. Signed applets can request additional privileges in order to circumvent applet sandbox restrictions. When a signed applet is loaded from a web page and run, the user is shown a confirmation dialog that contains identification of the applet's author and the privilege that the applet is requesting. An example of this dialog is shown in picture 1 below.
(Image here)

The Netcape Java security dialog box that came up asked to grant or deny additional privileges and said that granting the following was "high risk ":
"reading modification or deletion of any of your files ".
If I DID NOT grant permission, no folder was created on my desktop if I clicked OK on the Javascript application box that also came up.
If I did grant permission then the folder with copied files inside appeared.

I tried the same test with IE 5.5Sp2 and also got a Security Warning asking "Do you want to Install and Run Finjan Software Java Demo signed on 12/28/00.....
I said no to that also and nothing happened. I didn't bother to agree to download and run, since I assumed saying Yes would also copy the files.

If I understand it right, that is what is supposed to happen. The sentence on the Finjan test page, "Applets can run automatically in the background, however this demo will be visible." was therefore somewhat misleading.

I did find the following on Intenet Explorer's Java VM vulnerability, corrected by build 3234 (my version of the Java VM is 3802)


Malicious Java Applet May Be Able to Read, Write, or Delete Files on the Computer of a Web Site Visitor (Q240346)
(quote)
A scenario has been identified through which a Java applet can operate outside the bounds set by the sandbox and perform normally unauthorized functions on your computer. Exploiting the vulnerability is only possible through a very carefully managed series of steps, and cannot happen accidentally. However, if a malicious Web site operator hosts a Java applet that exploits this security vulnerability, it could read, write,
or delete files on your computer when you visit the site.
(snip)
This problem has been corrected in build 3234 of the Microsoft Virtual Machine (VM)

MS99-031: Virtual Machine Sandbox Vulnerability FAQS