Why is Java considered so unsafe?

Status
Not open for further replies.
Solution
Java shares the duality of being both safe and unsafe. The reason Java is often considered unsafe is because people don't update their JVM when they should. One can compare this to Flash in the sense that updates roll around all the time, though they're ignored by the average user. Thus, it is (in part) the user to blame for their incompetence in regularly updating against viruses, malware, and exploits which crop up from time to time.

This aside, Java's direct memory access class(es) are painfully unsafe and easy to exploit.

itmoba

Estimable
Aug 14, 2015
153
0
4,660
Java shares the duality of being both safe and unsafe. The reason Java is often considered unsafe is because people don't update their JVM when they should. One can compare this to Flash in the sense that updates roll around all the time, though they're ignored by the average user. Thus, it is (in part) the user to blame for their incompetence in regularly updating against viruses, malware, and exploits which crop up from time to time.

This aside, Java's direct memory access class(es) are painfully unsafe and easy to exploit.
 
Solution

mobyaki

Estimable
Jun 29, 2014
4
0
4,510


Thank for the responses so far guys.

So Java has direct memory access but technically is meant to have no access to system files because of
it's sandbox?



 

itmoba

Estimable
Aug 14, 2015
153
0
4,660
Think of it more like this: just about any programming language can be used to write malicious code, like, wrappers, hooks, and injectors to achieve nefarious purposes. When you look at C, for example, the CTOR "__attribute__((constructor))" and DTOR __attribute__((destructor)) -- both of which are specific to GCC and Clang --, allows you to initialize things and run code prior to entering into the main() function. Similar results are possible in Java, and this is just one of the things that makes Java unsafe. However, by this logic, one may assert that languages like C, C++, C#, and Objective-C are also unsafe. Invariably, what ultimately matters is inherently dependent upon whether or not the user is up-to-date with their software and whether or not the parties responsible for language specifications, OSes, libraries/frameworkrs/APIs are vigilant in correcting problems that surface.
 
Status
Not open for further replies.