Java 有内置的防病毒软件吗?这是真的吗?
Java 有内置防病毒软件吗?
我的一位朋友告诉我 JVM 本身就存在 - 它被称为“沙箱”。这是真的吗?
Does Java have a built-in Antivirus?
One of my friends told me there is in the JVM itself - it's called the "sandbox". Is it true?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
Java确实有一个与安全相关的概念,称为“沙箱”,但它的工作原理与典型的防病毒产品有很大不同。后者通常在执行之前尝试通过签名或代码分析来捕获病毒。
另一方面,Java 沙箱允许您运行 Java 代码,同时禁止其访问可能被用来做坏事的系统资源,例如不能访问任何文件。
但是,默认情况下,只有 Java applet 和 Java Web Start 应用程序在沙箱中运行。常规 java 应用程序可以完全访问您的系统。
Java does have a security-related concept called "sandbox", but it works very differently from typical anti-virus products. The latter usually try to catch viruses via signatures or code analysis before they are executed.
The Java sandbox on the other hand allows you to run Java code while witholding from it access to system resources that could be used to to bad things, e.g. no access to any files.
However, only Java applets and Java Web Start applications run in a sandbox per default. Regular java applications have full access to your system.
疑。也许他指的是 JVM(某种程度上)沙箱 Java 程序的执行,以帮助防止它损坏主机操作系统。
Doubtful. Perhaps he was referring to the fact that the JVM (somewhat) sandboxes execution of a Java program, to help prevent it from damaging the host OS.
不,他们没有内置防病毒软件。他4月1日告诉你这件事了吗?
为了消除您的疑虑,沙盒不是防病毒软件。
No they do not have a built-in antivirus. Did he tell you this on April 1st?
To clear your doubt, sandbox is not an antivirus.
不。
No.
Java 有一个内置的安全模型,允许它执行不受信任的代码。这种模型被称为“沙箱模型”。
它不是病毒扫描程序。相反,它限制了不受信任代码的可能性,以便网页上的小程序无法访问计算机硬盘上的文件。
您可以阅读有关 Java 安全架构的更多信息。
Java has a security model built-in that allows it to execute untrusted code. This model is called "the sandbox model".
It is not a virus-scanner. Instead, it limits the possibilities of untrusted code so that applets on a webpage do not have access to files on your computer's hard drive.
You can read more about Java's Security Architecture.
java使用一个名为SecurityManager的类来确定程序可以做什么或不能做什么,因此在某种意义上它实现了反漏洞代码,但不是专门的反病毒。
http://java.sun.com/ j2se/1.4.2/docs/api/java/lang/SecurityManager.html
通常意义上的防病毒功能会检测文件中的病毒并将其删除。这不是内置于java中的。
java uses a class called SecurityManager to determine what a program can or cannot do, so in some sense it implements anti-exploit code, but not specifically anti-virus.
http://java.sun.com/j2se/1.4.2/docs/api/java/lang/SecurityManager.html
anti-virus in the usual sense of the word detects viruses in files and removes them. this is not built in to java.
不。它的作用是在(某种程度上)与操作系统分离的环境中运行程序,在大多数情况下,这应该可以防止恶意代码造成任何损害。有点像运行 VMware - virii 和其他恶意软件对主机操作系统没有影响。
No. What it does is running the program in an environment that is (somewhat) separated from the operating system, which should, in most cases, prevent malicious code from doing any damage. Sort of like running VMware - virii and other malware have no influence on the host OS.
我听说垃圾收集还可以作为一种方便的抗菌剂,使您的应用程序 99.99% 不含细菌。
每次使用后请清洗。
I heard garbage collection also acts as a handy anti-bacterial, making your applications 99.99% free from germs.
Wash after every use.
JRE 中最接近字面意思的“防病毒”是签名 jar 的黑名单功能。如果发现签名的 jar 会导致安全问题,则可以将其阻止。这是为了防止意外的安全缺陷而设计的,而不是阻止故意的恶意代码。如果启用,还可以使用 CRL(证书吊销列表)或 OCSP(在线证书状态协议)吊销证书。传统的防病毒软件由专业的防病毒产品负责,而不是试图生产一个不成熟的替代品。
(当今的防病毒产品不仅仅检查已知病毒。)
The closest thing in the JRE to literal "anti-virus" is the blacklisting feature for signed jars. If a signed jar is found to cause a security issue, it can be blocked. This has been designed for accidental security flaws rather than blocking deliberately malicious code. Also it is possible to revoke a certificate using a CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol) if enabled. Conventional anti-virus is left to specialist anti-virus products, rather than trying to produce a half-baked alternative.
(Today's anti-virus products do more than just check for known viruses.)