Welcome to WebmasterWorld Guest from 54.160.177.33

Forum Moderators: travelin cat

Message Too Old, No Replies

Tiger's Dashboard Makes Macs Vulnerable

     
5:21 pm on May 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


There may be a serious security issue with the Dashboard 'widgets' feature of the new Tiger OS X - it looks like personal data of all kinds can be exposed.

A new feature of Mac OS X Tiger, Dashboard is a suite of simple programs called widgets that often access information on the internet... For the convenience of users, most widgets automatically install themselves. But experts fear any program that auto-installs is ripe for exploitation....

Further, there is no immediate way to delete a widget that has been installed. According to Tiger's own Help file, "You cannot remove widgets from the Widget Bar or change their order."

[wired.com...]

5:36 pm on May 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member eliteweb is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 5, 2001
posts:2723
votes: 0


Im sure this 'feature' will be deactived by default from now on. iCalendar also allows for automatic addition with events sent via email.
7:29 pm on May 11, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 6, 2003
posts:109
votes: 0


"Further, there is no immediate way to delete a widget that has been installed. According to Tiger's own Help file, "You cannot remove widgets from the Widget Bar or change their order.""

On your Hard Drive click Library > Widgets > Then drag the widget you don't want to the Trash. Sounds pretty simple to me to remove.

7:51 pm on May 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member eliteweb is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 5, 2001
posts:2723
votes: 0


tstaheli, correct that is how you do it :) I think those directions may scare some people. :D They dont want you to play with files!
8:21 pm on May 11, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 1, 2003
posts:815
votes: 0


A funky thing about Widgets is right now, they decide for themsleves how much access they get to the user's system, and you have to check out the source code for the widget if you want to see how much it uses.

I hope Apple will soon give the user more information control here before the Widgets run, such as popping up a message such as:

The Widget : "Dancing Widget" is requesting full access to your computer's ______. This may be a security risk. Allow/Deny/Delete.

In the meantime, users should be as cautious running new Widgets as they (hopefully) are running new applications.

11:14 pm on May 11, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 27, 2003
posts:41
votes: 0


None of the Widgets I've downloaded automatically installed - they had to be manually put in /Library/Widgets. And as has been said above, removing them is just a matter of moving them to the Trash.

This seems to be yet another scare story based around misinformation together with speculation based on a theoretical hypothosis, which in this case is flawed.

Macs aren't immune to attacks, and we should all be vigilant, but scaremongering is nt helpful.

7:45 am on May 12, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 15, 2002
posts:710
votes: 0


No different than downloading and installing any software. Widgets are just applications.

The Safari behavior of auto-installing Widgets needs to change, however. That's just brain-dead.

6:26 pm on May 17, 2005 (gmt 0)

Full Member

10+ Year Member

joined:Mar 29, 2002
posts:244
votes: 0


Apple released an update today for the Widget auto-installation (potential vulnerability) issue. They added Widgets to the items that Safari prompts for before a download is complete.

Thought to share...

11:18 pm on May 22, 2005 (gmt 0)

New User

10+ Year Member

joined:May 22, 2005
posts:2
votes: 0


Daft! Is it the clock or the dictionary that worries you?

I don't see why a widget should have any security issue just because its called a widget. If I changed the name to safehouse, would that help? Or made it bigger like to spread over the wole desktop, more visible?

Its an application that searches the web, possibly more. So your own firewall's and keychains, permissions etc.. are the protection you have anyway for all applications when conneted to the web, including your browser.

Take them out of the widget folder and chuck them in the bin if you don't like them. You can't remove them from the dashboard, like it says.