Dashboard widgets... a security threat??

124»

Comments

  • Reply 61 of 69
    gongon Posts: 2,437member
    Quote:

    Originally posted by johnq

    I didn't mean to imply Apple should add them to the Dock, just that they should increase the number of standard folders in ~/, especially a Downloads folder.



    Right now people just clutter the Desktop with downloads, needlessly.




    Not needlessly. Desktop is the easiest place to find, always one Expose away. Downloading to the desktop works great for my mom, and it works great for me.



    OTOH I also have an ~/io folder which has subfolders like ~/io/torrent and ~/io/bluetooth. But downloading small things from browser is so frequent the desktop is definitely the right place.



    Besides, what else would I use the desktop for if not a general "inbox" and workspace?
  • Reply 62 of 69
    power applepower apple Posts: 335member
    Oh dear, the security hole is actually much worse than first thought. Take a look at this link [safe, doesn't install anything bad]. And note part 3 and 4. This is serious stuff.



    How on earth could this pass QA (or whatever they call it)....
  • Reply 63 of 69
    maccrazymaccrazy Posts: 2,658member
    Quote:

    Originally posted by Power Apple

    Oh dear, the security hole is actually much worse than first thought. Take a look at this link [safe, doesn't install anything bad]. And note part 3 and 4. This is serious stuff.



    How on earth could this pass QA (or whatever they call it)....




    don't install the stickies widget - it's not funny!
  • Reply 64 of 69
    catman4d2catman4d2 Posts: 174member
    when i saw tiger for the first time i thought wow how cute "when i saw the widgets" and looked at all the major stuff we can do with automator etc.



    but somthing in the back of my mind went "THIS could be the beggining of the end.., and thought about all the holes that could possible exist with these widgets.... turns out i was right. everyday TIGER BECOMES MORE AND MORE OF AN ABOMINATION!!!!!!!!!!!!!!!! and again...

    dont get me started on quicktime 7



    p.s. it could now for the first time truly be said "that maybe we are only safe because we are 3 percent of the market"
  • Reply 65 of 69
    johnqjohnq Posts: 2,763member




    Unrealistic user expectations + wild, irresponsible, self-defeating hype from Apple = the usual Mac OS X upgrade.



    Nothing new to see here.
  • Reply 66 of 69
    gene cleangene clean Posts: 3,481member




    somebody got scared...





    ...get used to it guys: you want more Macs sold? You're gonna get more computers out there, and more computers out there means more people looking to compromise some of these computers.



    If you knew what Windows users face everyday... this would have seemed a little joke. And it is, literally, a joke. It's a joke that an unstable, imature, bug-ridden piece of software is shipped and charged for $129.



    But they got the press alright.
  • Reply 67 of 69
    glyphglyph Posts: 58member
    Quote:

    Originally posted by johnq

    I was going to say "You can lock your Widgets folder, to be extra safe.", but it seems it will still load the Widget anyway????



    WTH.



    (Note I was suggesting that as an alternative to unchecking 'open "safe" files after downloading' all the time).



    Update: Now the icon for the widget has gone generic and it is no longer draggable.



    It never wrote to the Widget folder, but it did load initially.



    Strange...




    i tried locking the widget folder...



    locking the widgets folder will only protect the file from being changed or deleted. you'll still be able to run what files you have in it. if you don't want your widgets to run, then change the permissions for the widget folder to 'no access'. then you can open dashboard and expose in system prefs and set the keyboard and mouse shortcut for dashboard to nothing '-'.
  • Reply 68 of 69
    johnqjohnq Posts: 2,763member
    Quote:

    Originally posted by glyph

    i tried locking the widget folder...



    locking the widgets folder will only protect the file from being changed or deleted. you'll still be able to run what files you have in it. if you don't want your widgets to run, then change the permissions for the widget folder to 'no access'. then you can open dashboard and expose in system prefs and set the keyboard and mouse shortcut for dashboard to nothing '-'.




    The point to that "locking" tip was to prevent Safari from being able to download to the ~/Library/Widgets folder. Nothing more.



    It's nice though that Safari does fail gracefully and falls back on downloading the widget to the set Safari download folder.
  • Reply 69 of 69
    rokrok Posts: 3,519member
    Quote:

    Originally posted by Power Apple

    Oh dear, the security hole is actually much worse than first thought. Take a look at this link [safe, doesn't install anything bad]. And note part 3 and 4. This is serious stuff.



    How on earth could this pass QA (or whatever they call it)....




    wow, i cannot believe there's that hole whereby you could have a web page auto-install a widget (or widgetS) upon a web page auto-refresh without knowing it, and if they're named the same as the default apple widgets, they will appear IN THEIR PLACE as dopplegangers. hell, you could even leave 98% of the code there so the user would be unawares that there was anythign wrong, except if they kicked on terminal/top or something.



    here's hoping the hole gets filled quickly (looks like it will), and that many people apply it without fail.
Sign In or Register to comment.