I've recently been programming J2ME apps for Mobiles when it struck to me - something I remembered: "A virus infected my mobile!".
I find it strange. Obviously, the regular EXE files don't work on JVM so can no way infect mobile phones. So there should be Java-specific viruses, but J2ME forbids much on the "Sensitive" settings & it alone shouldn't be sufficient.
Basically, what do the anti-virus applications do?
Any light on the above matter will be helpful?

P.S. Let's just take the Java Platform & not the Symbian/Android.

Nisheeth Barthwal

A lot of the security with java has to do with permissions. A java applet if you accept its certificate when you go to its web page, can write to your computer, open and launch other programs. I think it can even wite to the registry.

I have written to the hard drive with an applet. I have started other programs like i started a chess program in order to allow users to examine games in an interface i created and get engine analysis.

If a java applet who's certificate you agree to can use your internet to download, write files to your hard drive, and launch other programs, I would guess it could do a world of hate if it wanted to. Typically you get a certificate from an issuing authority, and they would revoke it if your program caused trouble, but you can also simply sign your own certificate, be your own authority, though an anti virus program might warn the user.

A stand alone can do all this too without any certificate.

An android program by itself lives on a phone that is UNIX. each program gets it's own user name or UNIX account. it cant touch anything outside it's sandbox. But it can on install ask for permissions ( which you must accept or don't download the program) With these permissions it can conceivably ask to do most anything on your phone, if it asks for enough permissions.


Well that may be true for Java applets on the Windows environment, which I agree with you, can be affected. However, I meant the J2ME for Java Phones.
P.S. Even if you provide the required certificates, there are certain things J2ME won't allow (such as accessing the Phone Message Inbox)

Nisheeth Barthwal