JavaOne: Gosling says Windows is virus vulnerable

Java co-author and Sun evangelist James Gosling says the recent spate of viruses and worms affecting corporations worldwide is a result of Windows' and Windows NT's structure, and that Unix, Linux, and Java environments are almost entirely immune.

Java co-author and Sun Microsystems evangelist James Gosling said yesterday that the recent spate of viruses and worms affecting corporations worldwide is a result of Windows' and Windows NT's structure, and that Unix, Linux, and Java environments are almost entirely immune.

Talking with reporters at the JavaOne conference here, Gosling said that Microsoft's operating systems were not initially designed with networks in mind. That makes it easier for malicious hackers, like the author of Friday's worm attack, to enter those systems with nefarious intentions. Many users have lost files from the recent, e-mail-distributed assault, which is under investigation by the FBI.

The original Microsoft object linking and embedding (OLE) technology used to swap information in and out of Windows 3.x applications on a single desktop was adapted for use on networks and in later operating systems, and has left it easier for viruses, such as the Melissa culprit earlier this spring, to infect Windows desktops and file servers, Gosling said.

"Windows NT is a little bit better, but not where it needs to be," said Gosling, adding that Unix, Linux, and Java platforms are built with an emphasis on security from the get-go. "We have an iron-clad history," he said.

Microsoft employees themselves were hit by last week's worm, even though the Redmond, Wash.-based network that supports the company's 17,000 campus users is up and running on the Beta 3 release of the new, vaunted Windows 2000 operating system, said Microsoft officials.

"You can always do more for security. So far there's not any great solution to it," said Jim Allchin, senior vice president of the business enterprise division at Microsoft, and overlord of the Windows 2000 development effort.

Allchin suggested that corporations take steps, including wide use of anti-virus methods, to staunch the flow of damaging code into their midst. He also advocated that corporations -- including Microsoft -- adopt policies that prevent unwanted user access to systems.

"Putting in process restraints on getting code is better than technology changes in the operating system," said Allchin on Monday to a group of International Data Group editors in Redmond. "It's the movement of code that opens you up to this issue."

But that flies in the face of what Java's Gosling said today. Such architectural technologies as the "sandbox" in Java and the network-oriented design of Unix and Linux can largely prevent such invasions, Gosling said, adding that hacking Unix is not impossible, but has proven rare in recent years, whereas Windows-based problems seem to be accelerating.

Microsoft's Allchin said that Windows 2000, due in final form by the end of the year, uses a more standards-based approach to security created at the Massachusetts Institute of Technology.

Windows 2000's security enhancements are a good reason to upgrade from Windows and Windows NT, Allchin said, even though widespread use of the feature-complete Windows 2000 platform at Microsoft itself did not prevent the most recent worm from doing its damage.

"Security issues are a compelling reason to upgrade," Allchin said.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]