Firewalls: Re: Finjan Surfin Gate Review

Firewalls
(November 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Finjan Surfin Gate Review
From:	Peter da Silva <peter @ baileynm . com>
Date:	Sat, 8 Nov 1997 16:18:08 -0600 (CST)
To:	firewalls @ GreatCircle . COM
In-reply-to:	<199711082103 . QAA21589 @ homeport . org> from "Adam Shostack" at Nov 8, 97 04:03:38 pm

> I'll mention that Security-7 (www.security7.com) has a product that
> will look through the Java classes or ActiveX controls and allow you
> to block things that you don't like.  (Thus, you could block all Java
> that calls the file io classes.)

It's not possible for it to do that even in theory for general ActiveX
controls, because they can contain arbitrary '386 instructions, possibly
encrypted or compressed with unknown algorithms to reduce size or protect
intellectual property.

For Java, I suppose you could do it. The problem is that the authors of
legitimate applets will have no way of knowing what the rules they're
subject to are. It's better to make that sort of thing explicit in the
specification for the applet language even if that prevents you from
doing some useful things.

References:

Re: Finjan Surfin Gate Review
From: Adam Shostack <adam @ homeport . org>

Indexed By Date	Previous:	Re: Hijak detection From: Jason Keimig <jkeimig @ idir . net>
Indexed By Date	Next:	Re: [ANNOUNCE] NASA Computer Security Conference From: "Richard A. Hill" <rhill @ icenetsys . com>
Indexed By Thread	Previous:	Re: Finjan Surfin Gate Review From: Adam Shostack <adam @ homeport . org>
Indexed By Thread	Next:	Re: Finjan Surfin Gate Review From: "Steve Jackson Brown" <sjbrown @ bellsouth . net>