Think of them as stink bombs on the Internet.
Obnoxious Java applets are beginning to appear on some World Wide Web sites. The applets are small programs that, when downloaded as part of a Web page, make loud noises, crash a Web browser or tie up a computer's processing power with pointless activities.
And though corporate users say they aren't especially concerned about the problem, developers at Sun's JavaSoft unit are working to minimise the effects of the obnoxious applets.
More conventional security problems are on the minds of corporate information systems shops that use Java, says Michael Brando, an engineering manager at Perkin-Elmer in San Jose, California. "What people are most concerned about is downloading some program that can wipe out their hard drive or do whatever it wants. With Java, that can't happen," he says.
But the obnoxious Java applets can tie up a computer that downloads them using a Java-enabled browser such as Navigator 2.0 from Netscape Communications or PowerBrowser from Oracle.
Obnoxious applets typically make noises or fill the computer's screen with extra windows. They use simple programming tricks to prevent the user from stopping the applets. Once an applet has tied up a machine, the user usually must reboot the computer to regain control.
For the most part, obnoxious applets are more annoying than dangerous, says Michael Shoffner, a security specialist at Prominence Dot Com, an Internet development firm in Chapel Hill, North Carolina. Java is specifically designed to prevent downloaded applets from gaining access to files on a user's machine.
But some obnoxious applets can attack and shut down other Java applets, Shoffner says.
That indicates a bug in Java's security -- one that JavaSoft developers says they are working to fix.
JavaSoft also plans to let users limit how much computing power an applet can use and let users manually kill specific applets, according to Marianne Mueller, a JavaSoft security engineer.
The new capabilities probably won't be added before the next major release of Java, which is due by September, she says.
In the meantime, a little common sense will help most corporate users deal with Java stink bombs, Shoffner says.
"If you're just surfing the Net and a Java applet hogs up your browser, it's not that big of a deal," he says. "But you don't want to run a Web browser on a machine that's the mail hub for your network. If you're doing something that's got to be secure, then you take extra precautions."