Is it possible for a Java JAR file to damage your system and how can you check what it's doing?

Solution 1

1. You could use software from Sysinternals: http://technet.microsoft.com/en-us/sysinternals/bb842062

You can see is program's writing or deleting something from hard drive with HardMon, or monitor any changes with RegMon... Check out their website, they have much programs and you can monitor practically everything!

2. Or you could install Sandboxie: http://www.sandboxie.com/

and then run you program within sandbox ("virtual filesystem"). When you run a program inside of sandbox, you can see what files did the program make, and the best thing is that any changes that the program did will be undone when it exists, so it can't harm your system. :)

3. Also, you could try to decompile JAR file: http://www.google.hr/search?sourceid=chrome&ie=UTF-8&q=java+decompiler

Solution 2

First, you can use a JVM set with SecurityManager to do run your application in a way that it can have limited access to sensitive functions.

You can also set up a "sandbox" so the jar cannot have permissions outside of the sandbox... you could use chroot or a similar tool in a linux/unix environment.

Solution 3

Yes and No. By default java programs can do the same things any native program on your system can do. This includes deleting and replacing any file it can access, depending on your operating system and your user privileges this may affect system critical files.

It is possible to restrict what java applications can do, applets and webstart programs usually are secured this way. Alternatively you can run any program as a different/restricted user or in a sandbox to limit the damage it can do.

If you do not trust the library/program always run it in one of the restricted environments mentioned above. It may crash if it does something it should not do, but it will be unable to do any damage.

Author by

Admin

Updated on June 25, 2020