Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comparison of Java and .NET security

Zonk posted more than 8 years ago | from the one-likes-coffee-the-other-not dept.

Java 461

prostoalex writes "The Computer Science Department at the University of Virginia has published a comparative study of security in Java and .NET in Portable Document Format. DevMktg blog on MSDN summarizes the findings saying that due to careful design process, .NET presents security advantages over Java platform in several areas." From the article: "Where Java evolved from an initial platform with limited security capabilities, .NET incorporated more security capability into its original design. With age and new features, much of the legacy code of Java still remains for backwards compatibility including the possibility of a null SecurityManager, and the absolute trust of classes on the bootclasspath. Hence, in several areas .NET has security advantages over Java because of its simpler and cleaner design."

cancel ×

461 comments

Except... (4, Funny)

Anonymous Coward | more than 8 years ago | (#13414191)

Except it run on Windows.
D'OH!

Re:Except... (1, Insightful)

goobster (880542) | more than 8 years ago | (#13414215)

This system is shutting down. Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly.

I'm monopenxourcist on AMD64 recently,3 against 1. (1, Interesting)

Anonymous Coward | more than 8 years ago | (#13414422)

mono-1.1.8.3.tar.gz [go-mono.com] +
ikvm-0.14.tar.gz [go-mono.com] +
eclipse-JDT-SDK-3.2M1.zip [ufl.edu]

IS BETTER AND MORE SECURE than

jdk-6_0-ea-bin-b49-linux-amd64-25_aug_2005.bin [java.net]

;)

By + + + J.C. Pizarro + + + ATH OK.

Mono! Do free you from the evilness, please! (0)

Anonymous Coward | more than 8 years ago | (#13414447)

+ classpath-0.17.tar.gz [gnu.org]
+ ikvm-0.18.0.0.zip [sourceforge.net]

By + + + J.C. Pizarro + + + ATH OK.

Re:Except... (1)

eneville (745111) | more than 8 years ago | (#13414310)

And on other platforms too... check out apt-get install mono

AND SEE THEE THE EMPTY CHASM! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13414192)

DOTH THE FRIST POST COMETH MINE OWN WAY? I WONDER!
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/INSERT\_(_____>__|_/_____t_ _
s______/_/\|___C_____)__COCK_|__(___>___/__\____s_ _
e_____|___(____C_____)\_HERE_/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_


Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Zonk (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13414202)

You fucker

wow, i expect linux-touting crap when i open /. (0, Troll)

ScuttleEnough (898616) | more than 8 years ago | (#13414204)

this differs from the usual slashdot crap like "linux kicks ass because you can use vi instead of word."

Re:wow, i expect linux-touting crap when i open /. (-1, Troll)

terrox (555131) | more than 8 years ago | (#13414229)

Unfortunately slashdot is now worse than it used to be. I hate all the stupid story headings (the ones which are attention grabbing, but wrong - USA PRESIDENT DIES!!! .... Article reads: his hair.) and product promoting. It has become boring, catering to the average user rather than the "nerd".

Re:wow, i expect linux-touting crap when i open /. (-1, Offtopic)

bnitsua (72438) | more than 8 years ago | (#13414235)

worse than it used to be? boring, catering to the average user?
you obviously don't remember JonKatz...

Re:wow, i expect linux-touting crap when i open /. (1)

gabba_gabba_hey (309551) | more than 8 years ago | (#13414305)

I recall mr Katz but one must admit, lately it's getting pretty brutal around here. At least today isn't quite as bad. must...resist...urge...to join...trolls.....

ugh

Re:wow, i expect linux-touting crap when i open /. (1)

Hurricane78 (562437) | more than 8 years ago | (#13414377)

ACK. I could not resist anymore. look where it look me: Karma: Bad But at the end this is always a thing between two entities. If my karma is bad for them, then this implies that their karma is bad for me too. And in this case i'm okay with this. ;) (As long as it does not become the heise.de golem.de situation. ;)

Had to switch from Java to .NET (3, Interesting)

TheShadowHawk (789754) | more than 8 years ago | (#13414205)

Since starting in my new job, I had to switch from Java to .Net... so this is a little bit of good news. I guess....

I still miss the Eclipse IDE though... Visual Studio blows chunks in comparison. :(

Re:Had to switch from Java to .NET (1, Insightful)

ars matica (880590) | more than 8 years ago | (#13414211)

you're kidding me, right? anyone who actually has used Visual Studio will acquiesce that is the best IDE ever conceived. Even the most hardened OS automatons. If by chunks you mean chunks of superiority then yeah you are exactly right.

Re:Had to switch from Java to .NET (0)

Anonymous Coward | more than 8 years ago | (#13414222)

Well, right, but I usually hear that from Visual Studio fans who haven't tried Eclipse... =)

Re:Had to switch from Java to .NET (2, Interesting)

ars matica (880590) | more than 8 years ago | (#13414237)

Yes, and present to me how many VS users you know that have made a conscious switch to Eclipse?

Re:Had to switch from Java to .NET (0)

Anonymous Coward | more than 8 years ago | (#13414297)

How maybe how many VS users have even thought about not using what Microsoft provides for them ?

Re:Had to switch from Java to .NET (4, Interesting)

IWorkForMorons (679120) | more than 8 years ago | (#13414332)

He doesn't know me...but I'm one...

I have quite a number of years experience with VS6, more specifically VB6. Recently I started a job that, while not a programming role, allows me the time and flexibility to create programs to do my job how I want to code them. At first, since this an MS shop, I grabbed the .NET "Learning Edition" or whatever they're calling it nowadays. I understood that I wouldn't be able to create executables, but I could send my code to systems and get them to do it. After using the IDE for a couple of days, I found it so convoluted that I just gave up. Then I downloaded Eclipse with the Visual Class editor. Nice, simple, and it reminds me of the VB6 IDE. Only cleaner. Now I will say that I've had some problems with the Visual Class editor not rendering properly, but that hasn't stopped me from coding. In 2 weeks of coding on and off, I've created my first program and have been using it to do my job. Granted, it's not complex. Just does a database search and grabs data. But I still prefer the Ecplise IDE, even without the Visual Class editor working properly, over the VS.NET IDE. And I don't need to jump through MS' hoops just to get an executable. I'm distributing the program to the rest of the team next week after the boss tests it, and other departments are getting interested in it too. And with any luck, I'll get out of this support position and into a nice well-paid programming job at the same time.

Re:Had to switch from Java to .NET (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#13414279)

Have any of the mods even looked at screen shots of Eclipse ???

Re:Had to switch from Java to .NET (1)

CaptnMArk (9003) | more than 8 years ago | (#13414302)

No, he's completely right. I have been using both Visual studio 2003 and now 2005 beta 2 and I prefer Eclipse any day.

If you are into drag-and drop cobbling the code together, MS may have nice wizards that make simple things easier and hard things harder. For coding, Eclipse is easily better (than 2003 certainly and VS 2005 still has far too many bugs).

One extremely annoying thing is "design time" concept and files that are generated during editing and not during build time as they should be. There are slight improvements in VS 2005, but still not enough (dataset stuff actually became worse). The MS way of doing things easy with Wizards instead of improving/extending the framework itself is just a dead end (unless you like clicking).

Visual Studio also has a NIH (not-invented-here) problem with build systems -- the 2003 is crap, and msbuild still has growing up problems (none of msbuild,nant,and are as mature as using make files -- they seem to suffer from too verbose output and too many unnecessary rebuilds).

Only Intellisense is slightly in VS due to showing the parameter names.

And web projects were never done well in VS and still don't work well (I get unexplainable 5 minute builds for something that usually rebuilds in 30 seconds)

VS 6.0 was very good (for C/C++), but everything after just isn't as mature and usable as Eclipse is for Java.

Re:Had to switch from Java to .NET (1)

Homology (639438) | more than 8 years ago | (#13414311)

VS 6.0 was very good (for C/C++), but everything after just isn't as mature and usable as Eclipse is for Java.

Yes, VS IDE 7.1 has some very annoying quibles, but the C++ compiler is much, much better. If you are using templates, or templatized libraries like Boost you should upgrade to 7.1.

Re:Had to switch from Java to .NET (1)

burnstone (769550) | more than 8 years ago | (#13414401)

"Only Intellisense is slightly in VS due to showing the parameter names."

Eclipse does that too, if you attach the source-code.

Re:Had to switch from Java to .NET (2, Interesting)

zootm (850416) | more than 8 years ago | (#13414427)

As a contrary opinion, I've used both and found them both good in different areas. And I've certainly not found any difference in reliance on "Wizards" between the two packages.

I've found that, in general, VS.NET is a little better integrated with its languages, whereas Eclipse has far superior refactoring support and integration with build processes (as you mention). 2005 is going some way to fixing this.

They're both fantastic IDEs though. I'd recommend either (although the only C# plugin I've found for Eclipse is very, very basic so far, which is a real shame).

Re:Had to switch from Java to .NET (1)

shutdown -p now (807394) | more than 8 years ago | (#13414439)

Ever heard of refactoring?

Re:Had to switch from Java to .NET (0)

Anonymous Coward | more than 8 years ago | (#13414285)

Sounds like someone needs to learn there new debugger ;)

Personally i found vs 6 more stable and less quirky but you have got to be niave to even make that argument.

Re:Had to switch from Java to .NET (0)

Anonymous Coward | more than 8 years ago | (#13414317)

I use VS for c# at work, eclipse for python programming at home. VS blows eclipse away.

Re:Had to switch from Java to .NET (1)

boa13 (548222) | more than 8 years ago | (#13414375)

You made a logical fallacy. The correct conclusion is: "VS for C# blows away Eclipse for Python".

Eclipse is mostly used to program Java, support for other languages is still catching up. I've heard C++ support has become quite good in the Eclipse 3.1 release. I don't know about Python support. Maybe you should try more specialized Python IDEs? There are also people who claim that Python needs less of an IDE because it is more powerful.

Re:Had to switch from Java to .NET (1)

b1gn4tb00bs (910640) | more than 8 years ago | (#13414431)

You dont have to use visual studio, I used emacs to develop .net stuff because the company I worked for were to tight to pay for it lol

Difference in ages (4, Interesting)

Anonymous Coward | more than 8 years ago | (#13414209)

In the first page of the study they document the difference of age of .net and java. Java has been out for over 9 years, .net, 2-3. Let's see how .net is doing in number of vulnerabilities in 9 years.

Re:Difference in ages (4, Insightful)

Three Headed Man (765841) | more than 8 years ago | (#13414219)

Do you really think that age has anything to do with current vulnerabilities, or does security stem from good design, rather than patches?

Re:Difference in ages (2, Interesting)

eCecuguru (910634) | more than 8 years ago | (#13414232)

I agree with you, but also think the anoncow is right. The chart is misleading, indicating that java has oh so many cumulative holes. If we looked at Apache like that, it would be less secure than IIS. Also, was this strictly applets? Or was it all things ever written in Java? That's a lot of variations, platforms, etc, which although the fact that a java app will run differently on my mac versus my windows box is itself potentially unsecure, the fact that it has that capability beats the current functionality of .net. Which, IMO, brings this down to, the more functionality, the less secure it's going to be. Java has more functionality, it's inevitible it will be less secure.

Re:Difference in ages (5, Interesting)

boa13 (548222) | more than 8 years ago | (#13414282)

That's a lot of variations, platforms, etc,

Actually, 10 of the 45 vulnerabilities that the authors chose to use in the chart were (or are?) in Microsoft JVM.

I think including them in the chart is misleading at best.

Re:Difference in ages (3, Insightful)

kbw (524341) | more than 8 years ago | (#13414254)

Performance over time is a measure of success. And so .NET's performance over 9 years would be a fair comparison.

Over the years I've seen many remarkable architectural designs, including the Windows NT Security Model (back when NT meant New Technology), which were thought to be ideal. 11 years on, no one could seriously claim that the Windows security model is ideal.

Re:Difference in ages (0)

Anonymous Coward | more than 8 years ago | (#13414299)

no one could seriously claim that the Windows security model is ideal.

Actually you could (and many do) claim that the model is quite good, but it has never been used like it could/should, neither by MS or app developers.

Re:Difference in ages (0)

Anonymous Coward | more than 8 years ago | (#13414372)

but it has never been used like it could/should, neither by MS or app developers.
... and therefore it's worthless.

Re:Difference in ages (1)

Homology (639438) | more than 8 years ago | (#13414386)

no one could seriously claim that the Windows security model is ideal.

Actually you could (and many do) claim that the model is quite good, but it has never been used like it could/should, neither by MS or app developers.

Perhaps it's a good security model, but it seems to be unusable in practice and difficult to configure correctly. As for the .Net security model I'm sure it offers miles of rope to hang yourself with.

Re:Difference in ages (1)

Hurricane78 (562437) | more than 8 years ago | (#13414314)

I think .net could have more vulnerabilities, but they need the time to be detected. So the comparision isn't that fair. And .net has to be secure on only one system (windows). Additionally because of the closed source it will even be harder to detect bugs in .net and this will take longer. whether this is good or bad is up to your point of view.

Re:Difference in ages (0)

Anonymous Coward | more than 8 years ago | (#13414236)

You have a point, bugs and vulnerabilities do tend to surface, but the important aspect is the difference in security by design, where .NET seems to have a clear advantage, even though it is hard for us to believe ;)

PDF text (5, Informative)

Anonymous Coward | more than 8 years ago | (#13414230)

Brr... (1, Insightful)

MemoryDragon (544441) | more than 8 years ago | (#13414231)

wake me up... when .Net ends to be a vehicle to lock users and developers more and more into windows... From day 1 .Net was designed to lure over the Java devs so that they get rid of the dangerous cross platform capabilities of Java! And dont come with Mono we all know where it stands!

Re:Brr... (0)

Anonymous Coward | more than 8 years ago | (#13414416)

The central part of .net -- the virtual machine, c# and the base class libraries -- were all designed to be cross-platform. You can see that for yourself if you take a look. The guys who built the basics of .net were really trying to make something that was genuinely universal... what seems to have happened is what usually happens at Microsoft. The marketing guys got hold of it and turned it over to the idiot application monkeys who ran away and started building additional class libraries that are Windows through and through (often for no good reason -- there are parts that expose Window handles for no Earthly reason). There's a marked difference in quality between the base and the crap slathered on top on... it's shocking how closely it mirrors the Windows kernel/Windows interface and apps split.

Java, on the other hand, may be cross-platform from top to bottom, but it also happens to be crappy too. Have you tried the latest Mustang builds -- it's even fatter and slower than ever, and there's been no noticable improvement in the dire performance of Swing.

Re:Brr... (2, Interesting)

Anonymous Coward | more than 8 years ago | (#13414418)

Well, I use .NET to build web apps which run on our corporate intranet. These are HR, purchasing, scheduling and budgeting apps that run a medium-sized film production company. We have a mix of clients (600+) - Linux, OSX and Windows - in roughly equal numbers that access these applications. Ironically, I picked .NET simply becaue we had the hardware and license resources available after consolidating a lot of W2K3 servers into a few Netapp filers. The browser we use is Firefox because it's the only one that really works in a uniform fashion across all platforms in a way you can predict and work with.

So, my apps run on a bunch of Windows boxes behind the scenes, but ultimately using .NET has not meant lock-in to MS products, it's actually allowed us to use the best tools for the jobs in hand; .NET for the back-end code, Firefox as a browser, and any OS you need for your particular job. Has it locked us in to MS products? No.

I'd agree with you about Mono though, it reminds me of many hair-losing moments I had a few years ago converting someone's classic ASP code to run on that Chilisoft approximation. Bits worked, bits didn't, and this is what I'd expect from Mono. YMMV though.

.NET? Is this thing still around? (3, Insightful)

Mensa Babe (675349) | more than 8 years ago | (#13414233)

It's not truly cross-platform so it's out of question for any serious production environment. Sorry, but until Micro$oft releases the most important classes under a free license and port them to Linux I won't touch it with a ten foot stick. Java is closer but it's hardly fast enough. If Sun adds real OOP features like multiple inheritance, operator overloading, traits, mixins, and introduces optional strong or weak dynamical typing, I might consider using it. But right now I am stuck with Perl, Ruby, Lisp, Smalltalk, Eiffel, Scheme and Python, and what I am really looking forward is a study comparing their respective security and how the development of the Parrot VM will affect it. Of course since it's a blog on M$DN I am not holding my breath.

Re:.NET? Is this thing still around? (0, Flamebait)

ars matica (880590) | more than 8 years ago | (#13414255)

Dynamical? Wow, and the rest of your post was so intelligent and cohesive, I would have never guessed you were full of **** until I came across this word.

Wow (0)

Anonymous Coward | more than 8 years ago | (#13414321)

Dynamical? Wow, and the rest of your post was so intelligent and cohesive, I would have never guessed you were full of **** until I came across this word.
Reading a dictionary must be a real adventure for you:
Pneumonoultramicroscopicsilicovolcanoconiosis? Wow, and the rest of your dictionary was so intelligent and cohesive, I would have never guessed you were full of crap until I came across this word, you Oxford fools!
It must be difficult to live in the information era for such an illiterate jerk.

Re:.NET? Is this thing still around? (0)

Anonymous Coward | more than 8 years ago | (#13414266)

At first I was thinking: How under a rock is it possible to live to not know the prevalence of .net development today?

But then I saw the clever Micro$oft spelling, next after the blanket "serious production environment" statement.. and it was actually funny! I hope it was meant to be.

Re:.NET? Is this thing still around? (5, Insightful)

dotslashdot (694478) | more than 8 years ago | (#13414268)

Operator overloading, multiple inheritance? Are you crazy? These things ultimately make code very difficult to maintain and scale because a developer can unnecessarily overload all kinds operations and make it difficult for others to figure out just what the hell is going on. C++ sucks for that very reason when it comes to a production environment. These are only useful in useless settings like school or maybe a Mensa meeting. Have you heard of Mensa? You should join. Especially because you are so subtle and humble about it. :)

Re:.NET? Is this thing still around? (1, Funny)

Anonymous Coward | more than 8 years ago | (#13414286)

Operator overloading, multiple inheritance? Are you crazy? These things ultimately make code very difficult to maintain and scale because a developer can unnecessarily overload all kinds operations and make it difficult for others to figure out just what the hell is going on.

Screwdrivers? Are you crazy? These things ultimately make buildings very difficult to maintain and scale because a constructor can unnecessarily add all kinds of screws and make it difficult for others to figure out just what the hell is going on. Nails and hammers are always the best tool for the job, any job, for everyone, so I prefer never having any other tools at my disposal and therefore no one should ever use any tools that I am too dumb to master!

Re:.NET? Is this thing still around? (1, Interesting)

Anonymous Coward | more than 8 years ago | (#13414328)

"Operator overloading, multiple inheritance? Are you crazy?"

Operator overloading is great, as long as it is done in a sane fashion. If you define a class that can be added and subtracted, it helps greatly to be able to use '+' and '-' to do so. Multiple inheritance, otoh, is indeed a can of worms.

"C++ sucks for that very reason when it comes to a production environment"

I guess that accounts for why it never was a commercial success ;)

Sane operator overloading... (1)

Hurricane78 (562437) | more than 8 years ago | (#13414350)

> Operator overloading is great, as long as it is done in a sane fashion.

As i first learned java soem years ago, i learned that java's concept was to be very sane and portable.

So it would not be java's concept to leave the sanity as a task for the user, but rather java should enforce sanity.
In that case i agree that operator overloading would be a great thing.

(until then i will rave about haskell's way to solve this thing ;)

Re:.NET? Is this thing still around? (0)

Anonymous Coward | more than 8 years ago | (#13414449)

Serious production environment where .NET fits: M$ servers running SOAP services where the clients can be on any platform, so portability matters less. No, you wouldn't be able to change the server OS if the app uses .NET, but for a shop that's already committed to Windows (by licence investment and by training of admins), that matters less. .NET is extremely good for making SOAP services. .NET + Visual studio is ~10x faster in SOAP development than basic OSS equivalents. It takes me over an hour to make a SOAP service use java and Axis and Eclipse. My colleagues who use .NET can do a simple service in under 10 minutes. If the service needs WS-Security, then teh .NET advantage is even greater.

GO .NET! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13414239)

WINDOWS + .NET, secure and stable, JUST LIKE GOD INTENDED.

Professionals use C for everything (5, Funny)

Anonymous Coward | more than 8 years ago | (#13414248)

C is portable, fast, very complex and since 35+ years the leading standard for professional OS and APP development.

C is so successful that C++ had to be invented to get more people into OO style C programming. C++ was designed as an syntax aid for people who lacked the skill writing OO in C by disciplined use of structs and func pointers.

C is obviously too complex for the average CS student who crouch from one alternative to the next.

Java? .NET??? ...amusing.

Re:Professionals use C for everything (1, Insightful)

Anonymous Coward | more than 8 years ago | (#13414413)

C is not as portable as it seems. Just because there is a C compiler does not mean that any program written in C runs on a platform.
It is complex indeed. Which is not good. It is the cause for many errors which are hard to find. (Strings in C are about the worst you can get.)
Professionals who use C for everything should be fired because they should use a language suitable for the task instead.

They looked at Java and improved it! (5, Insightful)

vdex42 (858798) | more than 8 years ago | (#13414250)

Well ignoring the fact that Microsoft is mean to be 'teh evil' and looking purely at the framework that their engineers have produced I have found very little to criticize.

It feels like they looked at Java and stripped out the bad and produced easy to use clean languages. The first things that spring to mind:
* Easier exception handling.
* Transparency with the whole string class/primitive issue.
* Really easy to create and catch events.

The Visual studio IDE however! Piece of HTML mangling non XHTM compliant &*$£

Re:They looked at Java and improved it! (2, Informative)

Krimszon (815968) | more than 8 years ago | (#13414291)

2 more months and we should have VS2005, the devs promised it wouldn't touch code and would produce valid xhtml.

If it does, that's a good (although somewhat late) improvement (which should've been a free upgrade, since I consider the absence of that 'feature' a bug).

Re:They looked at Java and improved it! (1)

Hurricane78 (562437) | more than 8 years ago | (#13414292)

> It feels like they looked at Java and stripped out the bad and produced easy to use clean languages.

Well, i don't know if this was just false rumor, but i heard microsoft hired the initial designer of java. In that case of course it feels like that because the designer wanted to do the next generation of his idea where some things are tought further. ;)

Can anyone confirm this?

Re:They looked at Java and improved it! (2, Insightful)

MemoryDragon (544441) | more than 8 years ago | (#13414346)

Add to that that you basically have half the classes sitting with a thin layer on a 20 year old api designed with no security at all in the mind of the developers and some stuff basicall moved 1:1 over.... .Net can have lots of security features as long as you can pump a string directly into win32 in half of the classes, which triggers a buffer overflow everything is null and void in this article.

Re:They looked at Java and improved it! (2, Informative)

vdex42 (858798) | more than 8 years ago | (#13414393)

The whole point of a a virtual machine is to sandbox your code. So it doesn't matter how un-secure the layer is that is running it. The only way to get out of the virtual machine and buffer overflow the real PC would be to first buffer overflow your virtual machine, or find some other type of vulnerability in the VM first. Which as this article points out is pretty solid.

Re:They looked at Java and improved it! (2, Interesting)

zootm (850416) | more than 8 years ago | (#13414442)

Easier exception handling.

Now, I'll grant it's easier (since you don't have to!), but in systems where reliability is a requirement the lack of checked exceptions can be a bit of a hassle, too easy to overlook and requiring good documentation (which, on the other hand, is a good thing).

Transparency with the whole string class/primitive issue.

Java does have autoboxing as of 5.0, but I know that's not really what you're on about. Being able to switch on strings and so on is handy though. Their special handling of strings seems a little "non-OO", but it eases development and is mighty handy.

Really easy to create and catch events.

Yes. Yes. Yes. Delegates are a fantastic construct.

Totally bogus (4, Interesting)

Anonymous Coward | more than 8 years ago | (#13414253)

Security in Java is multi layered and complex, you cannot possibly cover all its faces. ".Net" managed code is very rare and all .NET applications I know of (that are real applications) use native code thus removing any sense of security.
Java has had years of full source code visibility (not open source) and had several holes plugged by the community, .NET has no such thing.
Saying that .NET is more secure is just about the stupidest thing someone can say... Its like saying Windows is more secure than Linux since its newer than UNIX and Linux is based on UNIX.

Re:Totally bogus (0)

Anonymous Coward | more than 8 years ago | (#13414391)

"all .NET applications I know of (that are real applications) use native code thus removing any sense of security."

That's none of the .NET apps that I know of. Search sourceforge for Mono apps and count how many of them drop to native code, unless of course they are not REAL apps for you.

"Saying that .NET is more secure is just about the stupidest thing someone can say."

Nice thing about Academics is they don't just "say". They say "why" they have come to those conclusions.

Source code access (5, Insightful)

boa13 (548222) | more than 8 years ago | (#13414258)

First of all, it's interesting to note that 10 of the 45 Java vulnerabilities that the researchers take in account are due to Microsoft. They are specific to the ill-famed Microsoft JVM.

Furthermore, 10 of the remaining 35 vulnerabilities were discovered and fixed in the first six months after the initial Java release. I consider that quickly-fixed flaws in a young product.

So, we're left with 25 vulnerabilities found in a mature product, between 2 and 3 every year. Not quite pretty, not quite a disaster either.

Now, question is, why are there no vulnerabilities discoveries in the .Net runtime? The researchers talk at length about the better .Net design, which is unsurprising given it was designed after many years of experience with the JVM.

However, they fail to assess any impact the availability of Java source code might have on finding vulnerabilities and fixing them. The whole source code for the JVM is available (free as in beer), anybody can have a look once they register with Sun. I don't know if the same applies to the .Net runtime, somehow I doubt it. Some partners might have portions of it, maybe.

So, availability of source code might be enough to generate two or three vulnerability discoveries per year.

Note that I'm not saying that there are six to nine vulnerabilities yet to be discovered in .Net; maybe Microsoft did it right this time, and spent they money where it matters most in the long run.

Re:Source code access (-1, Flamebait)

JeremyALogan (622913) | more than 8 years ago | (#13414303)

Having worked with both Java and .Net a bit it is my belief that the .Net framework is the only GOOD piece of "software" that Microsoft has EVER turned out. All the libraries (that I've ever used) have worked correctly, all of the apparent risks of vulnerability have been due to my own code, and, if nothing else, you execute a program and it will run before next Christmas (not something you can say for Java). I've been pleased with it and I wish more people would make use of it (though maybe in MONO form as I don't think their server "solutions" stack up to this piece of wonderfullness).

Re:Source code access (1)

Hurricane78 (562437) | more than 8 years ago | (#13414331)

> you execute a program and it will run before next Christmas (not something you can say for Java).

poeple keep on using this "argument".
but they silently ignore that it's up to your choice:

1. do you want it to run on all systems
OR
2. do you want it to be optimized to run fast on a system

normally you can't have both, and i think it's a great achievement that the java virtual machine (still a non-removable layer of conversion) can do it that fast on so many different systems.
(while .net an practically get compled straight to windows-stuff)

so please don't use that false argument anymore (or bring some details why it's legal)

thank you

---
"gibst du dem opi opium, bringt das opium den opi um"

Re:Source code access (2, Informative)

boa13 (548222) | more than 8 years ago | (#13414360)

you execute a program and it will run before next Christmas (not something you can say for Java)

Heh, that part is quite a troll.

I use Java apps daily (Eclipse, Moneydance, JAlbum), and now that you make me think of it, they might not be "lightning fast", but they're fast enough that I don't think about their speed. In my book, that's the definition of being "fast enough".

I don't have experience with .Net apps however, so it might well be the case that they're faster. As others have commented, they only run on one platform, someone also said it's easy to embark native code in .Net, this might make a huge difference.

Anyway, Java is not "slow" anymore, it may be not as fast as others, but it's fast enough.

Re:Source code access (1)

aug24 (38229) | more than 8 years ago | (#13414385)

you execute a program and it will run before next Christmas (not something you can say for Java).

Hallo trolly, trolly, trolly. OK, to be fair, I'm not sure that was trolling, but it sounds like it, as I develop rather large websites for rather large customers, and we don't seem to have any speed issues.

Are you by any chance using the Microsoft JVM? I suggest that might be your problem.

Justin.

Re:Source code access (5, Informative)

Johnno74 (252399) | more than 8 years ago | (#13414348)

Most of the source code for .Net is available here [microsoft.com] - Its called "rotor" and is Microsoft's open source implementation of .Net. It doesn't cover the complete framework, but it includes the runtime, C# compiler, and the parts of the framework that were submitted to ECMA.

Anyone is free to download, modify and distribute rotor, it compiles on OSX and BSD. I believe someone has modified it to compile and run on Linux. Unfortunately the license prohibits commercial use...

The major differences between Rotor and the full framework are a simplified garbage collector, and a simplified JIT compiler. Microsoft aren't saying how much of the framework code is shared between Rotor and the full version, but I've been told by people with access to the source that the answer is "pretty much all of it"

Re:Source code access (1)

Mr2001 (90979) | more than 8 years ago | (#13414352)

The whole source code for the JVM is available (free as in beer), anybody can have a look once they register with Sun. I don't know if the same applies to the .Net runtime, somehow I doubt it. Some partners might have portions of it, maybe.

Here's the Rotor source code [microsoft.com] from MS. Feel free to pore over it looking for vulnerabilities.

True, it's not the exact same source code that's in the downloadable .NET runtime, and it's missing a lot of the libraries that make .NET what it is. However, it does implement some of the most fundamental parts, including the security model.

More than just source code (0)

Anonymous Coward | more than 8 years ago | (#13414429)

It goes deeper than .NET not being subject to the same rigorous kinds of source code review; .NET runs the advantage of not having been seriously tested in a production environment. Oh, sure, people are running .NET. But they're running it natively. The things this study covers are not the parts of .NET people are interested in actually using. Given this the security model is just a show pony. The Java security model is something that's been hammered against in the real world constantly for years in real businesses; in the academic sphere the jvm is getting hammered not just through source review, but in serious conceptual testing as people implement their own JVMs. The .NET security model ... well, is just kind of sitting there waiting for the day when someone tries to actually run serious applications on it. Not really as difficult; all it has to do is sit there and look pretty.

Meanwhile since .NET ties into win32, if you're wanting to do something malicious why bother hitting on the .NET security model? Why bother even looking for holes? Just call any one of the nasty Win32 functions. Hell, malware programs are able to do nasty enough shit to our windows machines totally within the windows security model. If you want to do something malicious to a Microsoft machine, it's so much simpler to attack it directly than to try to do so through .NET.

A possibly somewhat mean way of putting it would be to think of the .NET security model as a lone locked door sitting in the middle of a field. Nobody visits it, and if anyone actually came upon the door, all they'd have to do is walk around it. Now, in this context, should we find it impressive that no one has yet found a way to pick the lock?

Age vs Usage (2, Interesting)

ErrorBase (692520) | more than 8 years ago | (#13414259)

I've seen the crossplatform remarks already, but no one asked the question yet about how widespread implementations are. I currently see much more .Net implementations in Intranet environments, and java when the client is less known. my guess is that those more local implementations are much less scrutinized. opposed to the much more open and directly accesible implementations in java.

hardly objective (3, Insightful)

jilles (20976) | more than 8 years ago | (#13414281)

Im not going to read the article but the reasons stated in the summary suggests a strong (and maybe well funded) bias. In short, the summary is basically bullshit. The quoted material on the ms blog is suspicious and the scientific study might actually be quite good (I wouldnt criticize it without reading it first).

Security is not something you just switch on in a project. You design your project from the ground up to have security features. Both Java and .Net come with very similar security features. Both have finegrained role based security features. Id say Java is somewhat more flexible by providing an extensible model so that you may provide your own protocol implementations. For example, I used an oss pgp implementation recently that plugs into the default Java security api. .Net on the other hand has some nice language features like attributes. Java has null securitymanagers; .net has unmanaged code.

Javas security features are designed through the JCP process in which a broad range of industries and individual experts have been and continue to be involved. Indeed some of the older security features come from the earlier JDK versions developed by SUN. Overall I trust this process more than I trust the microsoft process which when it comes to security has received a lot of criticism over the past few years.

Re:hardly objective (1, Flamebait)

bwoodring (101515) | more than 8 years ago | (#13414298)

Im not going to read the article
Then why don't you just shut the fuck up?

Re:hardly objective (2, Interesting)

leakingmemory (750252) | more than 8 years ago | (#13414309)

"The most widely publicized security issue in .NET was W32.Donut, a virus that took control of the excecutable before the .NET runtime had control. Since the vulnerability occurs before the .NET runtime takes control, we consider this a problem with the way the operating system transfers control to .NET, not with the .NET platform"

Isn't the whole point with a VM that the executable will never be directly exposed to system resources? Why doesn't the same thing happen to JVM? As far as I can see, this reveals that the .NET system is having issues controling it's applications, which to me is a major security flaw.

Re:hardly objective (0)

Anonymous Coward | more than 8 years ago | (#13414357)

Im not going to read the article

That always makes it so much easier blasting it yes. Ignorance is bliss.

but the reasons stated in the summary suggests a strong (and maybe well funded) bias.

Damn, can't find the link to the Slashdot/MS version of Godwin's law someone posted a while ago, but this really nails it.

1 point for .net, -10 for Windows (1, Insightful)

Xtian (246) | more than 8 years ago | (#13414283)

Okay, so, .net is designed better. Now, unfortunately the thing only runs under MS Windows. Windows is a rather poorly designed Operating system . So, your .net is better, but it only runs on a OS with major security issues.

How far does that get you?

Re:1 point for .net, -10 for Windows (1)

jrockway (229604) | more than 8 years ago | (#13414396)

This is not a troll, this is a good point! OK, so nobody can compromise your .NET e-mail server, but they can blow away the RPC server and replace it with a rootkit.

The end result is the same, you're fucked. If your .NET mail program were running under Linux, then you might be secure.

A system is only secure as its least secure component. .NET being Windows-only significantly reduces its security.

Java had security from the start (1)

Trejkaz (615352) | more than 8 years ago | (#13414313)

Java has run everything a sandbox from version 1.0. I wonder how they twist this into a claim that it had no security.

Re:Java had security from the start (1)

boa13 (548222) | more than 8 years ago | (#13414400)

The researchers, the blog and the Slashdot summary claim that .Net has fared better than Java as far as security goes. I wonder how you twist that into believing they claim Java has no security.

"MS Pravda has proved .NET is zillion times ... (0)

Anonymous Coward | more than 8 years ago | (#13414315)

... than Java"
If it is said thru an independant chanel it must be true isn't it ;-)

Looking at global capabilities Java and .net platforms are 99% the same !

At the end the only real choice is : do I want vendor and platform lock-on or do I want to keep the choice of vendors and platforms ?

I mean, the day the complete specification of .net will be release I will seriously consider .net as a viable long-term alternative to Java. But for now it is not more viable that MS DNA oldies ;-)

Anyway, we'll see how it will turn in the next 5 years, but I really think it will be fun for MS ... the bigger you get the best target you are :) William IIIrd go and ask blue boys ;-)

By the way, is there anybody that got a link to the MS hydra picture (an update one). I mean all the cross shareholding with other compagnies ? In the late 90s the list was around a thousand covering lots of media, etc ...so I would be interrested to se an updated picture of the situation to see how is the lobby progressing. Tnx.

Re:"MS Pravda has proved .NET is zillion times ... (0)

Anonymous Coward | more than 8 years ago | (#13414402)

It their very own fault for the disputing with Sun. It better they use Java. Here we are using Java since three years ago. We not only using Java for the programmer increase (though we are: maybe ten times, maybe twenty times) we also now use it for everything from the commanding line stuff such as grep through to the web engine beans. Same speed C but faster. The security we are finding, and with the IDE too (Borland or IBM). Portability of course is of the deal.

blah... flawed logic (4, Insightful)

JeremyALogan (622913) | more than 8 years ago | (#13414318)

Ok... let me get this out there first. I like the .Net framework (not all the stuff M$ tried to label as .Net after they realized that they were on the right track).

However, this study is flawed. .Net 1.0 came out 6 YEARS after Java 1.0... it's not exactly fair to compare them as pure equals. Considering that they're so similar you have to take into account that M$ had time to see what was wrong w/ Java and fix it. It's kinda like saying "Well, this brand new bridge is far supperior to that one over there that was built 200 years ago. I mean, sure it's better looking, but this one is stronger AND lighter." People learn things and then implement them... is that so hard to understand?

Re:blah... flawed logic (1)

lazydog (694263) | more than 8 years ago | (#13414389)

So then maybe we should keep this in mind when comparing M$Windoze and Linux?

Re:blah... flawed logic (4, Insightful)

iapetus (24050) | more than 8 years ago | (#13414395)

Why is it wrong to compare them as pure equals? Speaking as someone wanting to implement a solution today, using today's technology, I want to know which one is better for my needs now. I'm not going to say "Well, Java sucks, but for the time it was great, so I'll use that instead of something that meets my requirements right now."

Re:blah... flawed logic (4, Insightful)

boa13 (548222) | more than 8 years ago | (#13414438)

I want to know which one is better for my needs now.

And this is why the comparison is wrong. It does not compare them "now", it compares them "overall". Do you care about ten-years-old flaws that were quickly fixed and have not bothered anyone since then? I think not. Do you care about flaws in a special vendor version that no sane person uses now? I think not. Would you be interested in knowing that the above-mentioned flaws were created by the very vendor the proprietary technology of whom you are trying to evaluate? I think you should.

What should interest you is how many security issues are found per year. The article lets you learn that (even though it doesn't explicitly do the math for you). What should also interest you is how the Java community and Sun reacted to the flaws, how fast and how well they were fixed. The article is tight-lipped about that.

Actually, since no flaws have been found for .Net, there is no way to know how Microsoft will react in such a case. Past reactions should at the very least have you worried.

(And actually, there have been flaws, but the authors of the study chose to ignore them, see appendix A for why. Unfortunately, there's no appendix B for how they chose the Java flaws.)

Just don't put .Net on a network (1, Informative)

wdmr (884924) | more than 8 years ago | (#13414336)

I notice the article did not talk much about the implications of having a .Net implementation on your network.

The one (and only) multi-tiered .Net implementation I have had to work with was a networking nightmare. The whole thing used DCOM which is a total pain in the ass. No NAT'ing (DCOM doesn't function across NAT) means that production DMZ's had to have routeable IP's. DCOM uses RPC which means that firewalls have to allow the entire high port range (>1024) between tiers. The transaction protocol in the framework likes to talk all the way from web layer to db layer so defense in depth is pretty much thrown out the window.

It may be that there is a way to use .Net without running into these issues, but the developers and the MS consultant all insisted this was standard and typical. Of course, they all also insisted that the environment would be better off flat and the MS consultant strongly urged not doing multi-tiered. So I suppose if you don't mind having your SQL server in the DMZ .Net is great.

Didn't like it. No sir. Not at all.

Re:Just don't put .Net on a network (1)

wdmr (884924) | more than 8 years ago | (#13414367)

Bad form to reply to myself but leaving for the weekend. By routeable IP's I mean internally routeable (the app and db layers needed to communicate between sites). But I don't trust the corporate network much more than the internet so it is still a problem in my book.

Re:Just don't put .Net on a network (4, Informative)

dedazo (737510) | more than 8 years ago | (#13414409)

The whole thing used DCOM

That's unfortunate, because .NET does not require DCOM at all.

DCOM uses RPC which means that firewalls have to allow the entire high port range

Yes, well, you can always open DCOMCNFG, switch to the protocols tab, select the TCP/IP entry and set the port range that suits you. Wow.

MS consultant all insisted this was standard and typical

An "MS consultant" told you you needed DCOM to jump over tiers with .NET and failed to tell you that you can select a port range to play nice with your firewall over the DMZ? Crap, I would have called his boss or the TAM at the regional office and have his ass fired.

consultant strongly urged not doing multi-tiered

You know what, while I don't doubt that there's someone dumb enough to recommend something like that out there, I really doubt it was an "MS consultant". Microsoft is moving away from heavy physical tier designs to avoid the wire overhead (which admittedly makes them look slightly stupid after years of telling everyone to use as many boxes as possible), but to recommend running the application and the database server on the same box is just plain retarded. MSCS (or whomever you were supposedly talking to) has some dumb people in the file and rank, but not *that* dumb.

I'm gonna have to call bullshit on your apocryphal story here, unless by "MS consultant" you mean some random dude that has an MCSD and has read "Software Fortresses" five times while moving his lips.

Yeay! Security plus portability minus cost... (5, Interesting)

freeplatypus (846535) | more than 8 years ago | (#13414341)

.NET
price: free, You only need to have Windows 2003 Business Server for serious work
secure: rtfa in few years to make sure
portable: it runs on many systems, like Windows and ... Windows ... but not all of them.
speed: well actually speedy on Windows machine
IDE: brilliant Visual Studio, unfortunatelly no plugins

Java
price: free, well it is free
secure: most likely as secure as Your application
portable: well actually, even my SonyEricsson cell runs it :)
speed: a bit clumsy, but hey, almost all >1GHz desktop PC can run Java application in very responsive manner (Eclipse, Netbeans, Azureus, etc.)
IDE: Eclipse and/or Netbeans ROCKS!

This reply seems biased, but well, almost every opinion will be biased.

Re:Yeay! Security plus portability minus cost... (1)

iapetus (24050) | more than 8 years ago | (#13414390)

Eclipse only rocks if you've never used IntelliJ IDEA.

Re:Yeay! Security plus portability minus cost... (2, Insightful)

sosume (680416) | more than 8 years ago | (#13414394)

ok, I feel a strong need to shamelessly plug the .NET platform and refute your arguments..

>.NET: price: free, You only need to have Windows
>2003 Business Server for serious work
>portable: it runs on many systems, like
>Windows and ... Windows ... but not all of them.

mono and .GNU works on bsd, linux and windows. You are not required to use the System.Windows namespace if you're not developing for windows.
You shouldn't look at anything older that windows2 000 though..

>IDE: brilliant Visual Studio, unfortunatelly
>no plugins

really now. They are called 'add-ins'.

>Java: price: free, well it is free

Sure, but not as in beer. Can I independently create my own JVM and distribute it?

>secure: most likely as secure as Your application

Sure, you can always trust the developer.

>speed: a bit clumsy, but hey, almost all >1GHz
>desktop PC can run Java application in very
>responsive manner (Eclipse, Netbeans, Azureus,
>etc.)

Sure. So if i want speed i should just add more machines.

>IDE: Eclipse and/or Netbeans ROCKS!

and all that in a very slow manner indeed..

Re:Yeay! Security plus portability minus cost... (1)

freeplatypus (846535) | more than 8 years ago | (#13414425)

mono and .GNU works on bsd, linux and windows.

And of course they are ready for business, large scale applications?

You shouldn't look at anything older that windows2 000 though..

Damn! There goes portability.

>IDE: brilliant Visual Studio, unfortunatelly
>no plugins

really now. They are called 'add-ins'.


I didn't knew this.

Sure, but not as in beer. Can I independently create my own JVM and distribute it?

Well, no. But how many application needed to rewrite (write their own) JVM before coding of real application begun? But, yes. I do understand Your point. After all, SUN has to make some money ;)

secure: most likely as secure as Your application

Sure, you can always trust the developer.


No, not always. But You do agree, that it doesn't matter if the environment is secure and Your developer write poor code?

IDE: Eclipse and/or Netbeans ROCKS!

and all that in a very slow manner indeed..


Well, You know... 256MB is not enough since ages ;) This apps are not razor blades, but are realy decent and when You compare them to Visual Studio Beta 2005 they are VERY fast.

Re:Yeay! Security plus portability minus cost... (4, Informative)

Richard_at_work (517087) | more than 8 years ago | (#13414437)

Java: price: free, well it is free Sure, but not as in beer. Can I independently create my own JVM and distribute it?

Well, actually, yes you can. Theres nothing stopping you reimplimenting a JVM to the released specifications, infact Kaffe [kaffe.org] is one such reimplementation. Go get a book detailing the VM specifications and how to implement a good VM from Sun! [sun.com]

Cleaner design than Java? (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#13414381)

Hell, everything, with the possible exception of C++ has a cleaner and simpler design than Java.

NASA World Wind uses .NET (2, Interesting)

Anonymous Coward | more than 8 years ago | (#13414383)

As a side note NASA World Wind uses .NET:

http://worldwind.arc.nasa.gov/ [nasa.gov]

It's similar to Google Earth, except that its 180MB and once you download it it tells you you need to upgrade your version of .NET, and another dialog pops up saying Direct X needs to be upgraded too. At this point, I decided not to continue. I don't fancy reading one of MS's EULAs, don't care to download one of their hulking tarballs, don't want Direct X changed in case it breaks something.

Piece of shit Nasa, .NET is just a wrapper for Windows on the local machine, why didn't you just make native code you f**** idiots.

Open source java security projects (5, Informative)

iksrazal_br (614172) | more than 8 years ago | (#13414406)

I think this article overlooks the fact that many 'free as in speech' third party security libraries and frameworks are available for java.

1) ACEGI - Aspect-orientaded-programming using a dependency injection model to replace or complement JAAS for authentication and authorization in an Application server independant way. A subproject of the Spring framework:

http://acegisecurity.sourceforge.net/docbook/acegi .html/ [sourceforge.net]

2) XML Encryption and XML Digital Signatures. Used in Web Service security or independently.

http://xml.apache.org/security/ [apache.org]

http://ws.apache.org/wss4j/ [apache.org]

3) Container managed security implemented in every servlet container on the market, including tomcat.

In short, I'd like to see a comparison of the features and availablity of what people actually use in their applications, rather than an entirely fudgable comparison of reported/unreported security flaws.

"None are more hopelessly enslaved than those who falsely believe they are free. -- Goethe"

iksrazal

Who needs programming language security? (2, Interesting)

Ulrich Hobelmann (861309) | more than 8 years ago | (#13414410)

Whatever that would be. Use an operating system that gives you memory protection, and even better: capabilities (rights to read/write files and other things), and you can run ANY program, written in ANY language, without the programs even being ABLE to do any harm.

Oh, that would be too much of progress, wouldn't it?

Heh! (4, Insightful)

miffo.swe (547642) | more than 8 years ago | (#13414419)

The gall to put into account vulnerabilitys from Microsofts own JWM in a comparison to Microsofts .Net is astonoshing. What a way to belittle your competitor, make crappy implementation of their product and call them unsecure.

I lack words.

Who sponsored this? (0)

Anonymous Coward | more than 8 years ago | (#13414436)

Where is the raw data so anybody may review the methodologies and conclusions?
Perhaps Laura Didio can help explain it to everybody.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...