How to protect java archive (jar) files in Win XP?

Discussion in 'other security issues & news' started by bktII, Jun 6, 2006.

Thread Status:
Not open for further replies.
  1. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    Currently use a couple of handfulls of java applications on my PCs. In particular, I am concerned about the vulnerability of executable jar files, but also other jar files. I regard these files as "system" files.

    A restricted account user has complete access to *.jar files in Win XP (e.g., renaming, deleting, modifying, etc.).

    I use ProcessGuard to protect the *.exe files, but it does not protect *.jar files.

    I use Prevx Pro 2005 (licensed) to protect system files including *.exe, *.dll and *.bat files, but it does not protect *.jar files.

    I am trying out Javacool Software's FileChecker which provides intrusion detection (IDS) capability, and also hogs my CPU (I have a lot of *.jar files) sadly to the point of being a nuisance. Not a criticism of JC FileChecker, I am probably monitoring far too many files.

    Would a simple upgrade to Prevx1 provide protection for *.jar files?

    Any other recommendations?

    Thanks,

    bktII

    PS1 Have done a search at WSF for protecting jar files but came up empty.

    PS2 Java is disabled on my web browsers and I rarely find a web site where I need to enable it. My software firewall is configured to ask whether or not a java executable can access the internet.
     
  2. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Hi bktII,

    Execution protection for Java JAR and .class files is under development for Prevx1.

    It's not a common request, so we haven't had it as high priority.

    Regards,

    ghiser1
     
  3. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    ghiser1,

    Thanks for your prompt reply.

    Somewhat surprised to hear that it is an uncommon request as most users have a JRE installed on their PC. Seems like "java -jar something.jar" is somewhat analogous to "rundll32.exe something.dll".

    Glad to hear that Prevx is aware and moving towards jar and .class file protection. Any idea of when this feature might be available in the future? Also, when it is available, will it be a default setting or will a user have to enable it?

    Regards,

    bktII
     
    Last edited: Jun 7, 2006
Loading...
Thread Status:
Not open for further replies.