Java QA: Is java is secure and how?
Security has been implemented in Java since day one.
On four levels:
First, On the language level. Java has tokens to define private spaces (private members, packages, namespaces)
Second, On the runtime level with its bytecode verifier. The bytecode verifier checks to ensure that the class bytecode hasn’t been tampered.
Third, With a Sandbox model guarded by a Security Manager. For example, a SecurityManager object disallows file/net access when running as an applet.
Fourth, With security packages that allow application developers to do things like encoding/decoding/trusting certificates etc.
Although no platform is 100% secure, most of the times you hear about java viruses, trojans, malware etc they do not represent holes in the Java language/platform but in specific implementations of a JVM, (i.e. explorer’s JVM)