Chapter 10. Malicious Java Applets

Browse a web page containing a Java applet, and by default, it executes. Often, you don’t even know it’s happening. The creators of Java understood how powerful self-executing code is and included built-in security features. In the Java world, untrusted code is forced to run in a secured environment. If you trust an applet, what it can do depends on what browser you are using and what permissions you’re allowed. Chapter 10 will cover hostile Java code and browser Plug-ins. Chapter 11 covers ActiveX and digital signing.


Java , developed by Sun Microsystems (, is a programming language just like any other you might be familiar with. Although it is not C++, it was intentionally written with a similar syntax to decrease the learning curves of the many C++ programmers today. It is easier to learn than C++, has better memory management, and has been optimized for network distribution. Today, when you hear Java, it can mean the Java programming language or the whole platform of programming tools designed to support the core language.

Sun Microsystems’s Java Software Division, now known as the freestanding JavaSoft™ ( company, started developing Java in the early 1990s as a programming language to interact with common consumer appliances and devices. The vision of the IP-connected toaster is probably not as far-fetched as people used to believe. Imagine your air conditioning thermostat automatically adjusting ...

Get Malicious Mobile Code now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.