Discussions

News: Do Java programs get handled poorly by antivirus programs?

  1. Charlie Hubbard asked if "Java [is] the victim of computer language equivalent of racial profiling? And, is this action perpetuating the myth that Java is slow?" on Javalobby. This isn't much of a serverside Java problem, one hopes, but given that the myth of Java's slowness affects continued adoption, it's worth considering.
    Have you ever tried to run Ant when McAfee is running in the background? Watch your CPU spike, and wonder why it takes 30 minutes to run your build? Only to find it's not Java chewing the processor. It's McAfee or some other client-side security application trying to scan the program for virii before Java is even started. Funny I don't see it go after Firefox, IE, or IIS even though countless vulnerabilities target those platforms. Why do security vendors like McAfee try and treat my Java program as hostile? It's like watching some bad late 70s film where the cops are shaking down a confession from a likely "suspect". "Come on Java we know you did it. Your kind is all the same."
    While those sound like truly interesting films... definitely worth a check to make sure your servers aren't doing things there's no need for them to do. Anyone have a confirmation on this behavior?

    Threaded Messages (14)

  2. In the past I had problems with this when I would try to run apps with a large number of jars such as Eclipse/WSAD. If these applications' bin directories were not added to the exclusions, it would take forever to load. I'll admit that I turned off the virus scan at certain times to maintain sanity. At my current place of work this doesn't seem to be such a problem. I'm not sure if McAfee addressed this, we have better configuration here or if it's just because I have a faster machine. In any event, I think I can confirm that turning off virus scanning did make a huge difference for large Java apps. I think it's because McAfee is (or was) scanning the full jar. Could it have something to do with that old Microsoft JVM vulnerability? On a side note, I had a realization that Java does present a security concern on the desktop. I got paranoid recently and decided to turn my firewall up to 11. As i was allowing or disallowing each application, I realized that once I allowed the 'main' Java installation out, any Java code running on it could get out to the internet unchecked. I know a few workarounds but I think the correct solution would be for the virus software to be Java aware. This might require something to be done with the VM. Does anyone know of security software that can already differentiate between different Java apps running on the same JVM installation.
  3. any substance to the claim?[ Go to top ]

    Has anyone out there ever found that one of these AV scanners every picked up "malicous" java code/jars ??? What are the chances..
  4. Absolutely and that's specially true with McAfee. I wonder if it's because JAR files are treated as ZIP files, making the AntiVirus scan each class as it is opened. With Firefox or any other executable, one should never expect the same performance impact, as those programs are mainly an executable and a couple of dll's. What I do usually is to disable McAfee while I'm developing or running a Java software or add directories with JARs/Classes to McAfee's ignore list.
  5. McAfee: Hold that Jar![ Go to top ]

    Hi there, It's got definitely to do with JAR files being treated as ZIP's, and scanned very thoroughly. Ever tried to copy a 200MB maximum compressed zip file from the network to your harddisk with McAfee's mcshield running in the background? McAfee sends your CPU spinning at 100% for 3 minutes, if you're lucky. Typically, that's exactly what ant or maven is doing: copying jars from a remote repository to a local repository. I agree with previous posters: 'net stop mcshield' is my favourite command line. I don't have any problems anymore once the jars are loaded in. So, in a server environment, you shouldn't have any problems once the server is running.
  6. From my experience I noticed that Macafee virus scan really kills productivity for java developers...It effects my.. 1) Eclipse startup time (~1min) 2) Build time triggered within in eclipse (few times it will take additional ~20sec) 3) External ant builds (particularly any file copies, are worse).. (for our build ~1min) So if I start my eclipse atleast 3 times a day, 10 times do the dev build and blame 5min for the sluggishness of eclipse on the scan, it will come to ~18 mins per day. And the frustration of using the Java apps. Initially I used to disable the scan, but sadly the security admins (which is totally a separate department in a different building..) figured out a way to push the security settings to every desktop with LAN Management every 30min and enable the scan if its disabled.. So now everyday I have to watch the scan process for 18mins to follow our security policies..and pray during the break "Please trust my Java Apps!!!" :-(
  7. Re: Ah.. the most annoying service..[ Go to top ]

    I never had any problems with Eclipse until I started running it under Java 1.5 and now it will run OK most of the time, but occasionally it totally locks up, generally when you least want it to (like prompting for an auto-complete). I tried switching to NetBeans and it's even worse. It's completely unusable with Java 1.5 and McAfee. I'd like to use some of the features in NetBeans but until this problem is resolved it's a complete non-starter for me. As soon as I start trying to do anything in NetBeans, the CPU leaps to 100% and the whole machine becomes totally unresponsive. I don't know what changed at Java 1.5 but that's when McAfee started having a problem. Before that, it was fine. And, yes, our tech support people have McAfee configured to restart every 10 minutes if it's disabled. Which is sensible enough, I suppose, from their point of view but annoying for me.
  8. Re: Ah.. the most annoying service..[ Go to top ]

    And, yes, our tech support people have McAfee configured to restart every 10 minutes if it's disabled.
    change the name of the exe. :)
  9. Re: Ah.. the most annoying service..[ Go to top ]

    Yep, a problem, however, you can configure most virus scanners to "not" scan nominated directories for read (eg eclipse plugins dir)
  10. Ahem.... net stop "McAfee Framework Service" net stop "Network Associates McShield" net stop "Network Associates Task Manager" for best results, include the above statements in your startup script. Cheers.
  11. Yeah good luck with that[ Go to top ]

    Ahem....

    net stop "McAfee Framework Service"
    net stop "Network Associates McShield"
    net stop "Network Associates Task Manager"

    for best results, include the above statements in your startup script.

    Cheers.
    On one of the client sites, I had to wrestle for local admin access before getting to the "McAfee situation". Rant aside, I don't really think Java programs are being "racial profiled" as OP put it. Anyone with a bunch of bags, each one with a bunch of small items in it, is bound to spend a lot of time getting through customs, isn't it? 8-)
  12. Does McAfee look at the content of files to decide what to scan or does it just look at file extensions? If just the extensions, whether for development or even production deployment, you could get Ant to generate jars with a different extension, e.g. "jas". java.exe doesn't care about that.
  13. Solution:[ Go to top ]

    Use a *real* operating system (hint: not Windows) :D Then you don't have to bother with virus scans, BODs, ...
  14. McCrapfee[ Go to top ]

    I remember the good old days of running McCrapfee. I got our entire company to switch to a different A/V. My favorite feature of McCrapfee wasn't how it made Java run slower - It actually made our Start menus slower. Sometimes impossibly slow. Each time I went to the Start menu it would scan every thing in it. I think it must have been following every link and scanning each executable.
  15. Re: McCrapfee[ Go to top ]

    In my opinion, McAfee is worst than a virus for Java developers. You must have a dual core CPU in order to be 100% productive with McAfee running in your computer. McAfee "On-Access Scan" daemon is a very dangerous virus.