homepage Welcome to WebmasterWorld Guest from 54.167.96.124
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / The Macintosh Webmaster
Forum Library, Charter, Moderators: travelin cat

The Macintosh Webmaster Forum

    
Tiger's Dashboard Makes Macs Vulnerable
tedster




msg:975050
 5:21 pm on May 11, 2005 (gmt 0)

There may be a serious security issue with the Dashboard 'widgets' feature of the new Tiger OS X - it looks like personal data of all kinds can be exposed.

A new feature of Mac OS X Tiger, Dashboard is a suite of simple programs called widgets that often access information on the internet... For the convenience of users, most widgets automatically install themselves. But experts fear any program that auto-installs is ripe for exploitation....

Further, there is no immediate way to delete a widget that has been installed. According to Tiger's own Help file, "You cannot remove widgets from the Widget Bar or change their order."

[wired.com...]


 

EliteWeb




msg:975051
 5:36 pm on May 11, 2005 (gmt 0)

Im sure this 'feature' will be deactived by default from now on. iCalendar also allows for automatic addition with events sent via email.

tstaheli




msg:975052
 7:29 pm on May 11, 2005 (gmt 0)

"Further, there is no immediate way to delete a widget that has been installed. According to Tiger's own Help file, "You cannot remove widgets from the Widget Bar or change their order.""

On your Hard Drive click Library > Widgets > Then drag the widget you don't want to the Trash. Sounds pretty simple to me to remove.

EliteWeb




msg:975053
 7:51 pm on May 11, 2005 (gmt 0)

tstaheli, correct that is how you do it :) I think those directions may scare some people. :D They dont want you to play with files!

timster




msg:975054
 8:21 pm on May 11, 2005 (gmt 0)

A funky thing about Widgets is right now, they decide for themsleves how much access they get to the user's system, and you have to check out the source code for the widget if you want to see how much it uses.

I hope Apple will soon give the user more information control here before the Widgets run, such as popping up a message such as:

The Widget : "Dancing Widget" is requesting full access to your computer's ______. This may be a security risk. Allow/Deny/Delete.

In the meantime, users should be as cautious running new Widgets as they (hopefully) are running new applications.

Kennyh




msg:975055
 11:14 pm on May 11, 2005 (gmt 0)

None of the Widgets I've downloaded automatically installed - they had to be manually put in /Library/Widgets. And as has been said above, removing them is just a matter of moving them to the Trash.

This seems to be yet another scare story based around misinformation together with speculation based on a theoretical hypothosis, which in this case is flawed.

Macs aren't immune to attacks, and we should all be vigilant, but scaremongering is nt helpful.

jamesa




msg:975056
 7:45 am on May 12, 2005 (gmt 0)

No different than downloading and installing any software. Widgets are just applications.

The Safari behavior of auto-installing Widgets needs to change, however. That's just brain-dead.

Slone




msg:975057
 6:26 pm on May 17, 2005 (gmt 0)

Apple released an update today for the Widget auto-installation (potential vulnerability) issue. They added Widgets to the items that Safari prompts for before a download is complete.

Thought to share...

chueewowee




msg:975058
 11:18 pm on May 22, 2005 (gmt 0)

Daft! Is it the clock or the dictionary that worries you?

I don't see why a widget should have any security issue just because its called a widget. If I changed the name to safehouse, would that help? Or made it bigger like to spread over the wole desktop, more visible?

Its an application that searches the web, possibly more. So your own firewall's and keychains, permissions etc.. are the protection you have anyway for all applications when conneted to the web, including your browser.

Take them out of the widget folder and chuck them in the bin if you don't like them. You can't remove them from the dashboard, like it says.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / The Macintosh Webmaster
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved