Re: Widget Security - dslreports.com

Author	All Replies
JJ Beat It, Bill Premium,MVM join:2000-02-18 Madison, WI	reply to shavano Re: Widget Security The widget has to ask the user for permission to run the first time if it wants access to the system: »developer.apple.com/documentatio···n_1.html
JJ Beat It, Bill Premium,MVM join:2000-02-18 Madison, WI	to forum · permalink · · 2005-05-06 13:28:03 ·
jDyno Premium join:2001-02-20 Washington, DC clubs:	But it doesn't really tell you that it may be a security risk or that it accesses private system stuff. It just asks permission to run for the first time. Also, no such warning exists when a widget needs Net access. Yes, apps exist to monitor net traffic, and of course one is SUPPOSED to scan everything you put on your computer, but that's just not a practical security paradigm. Even if everyone did have the discipline to check for security risks in every Widget (or any other thing they put on their machine), you can't expect everyone to have the knowledge to know what to look for. Hell, I'm a developer and I wouldn't be able to spot everything - probably even if I knew it was there. And no, these do no more than any other Applescript could do, but Widgets and Automator actions will be used and downloaded many hundreds of thousand of more times than Applescript just by the very fact in how they are now more built-in adn accessible by the everyday user. I am of the opinion that the security of Dashboard Widgets (and Automator actions) needs to be addressed by Apple ASAP. -- Smart Marketing
jDyno Premium join:2001-02-20 Washington, DC clubs:	to forum · permalink · · 2005-05-06 13:46:26 ·
shavano Even in America -- I long for America join:2003-06-08 Dallas, TX	said by jDyno : But it doesn't really tell you that it may be a security risk that's just not a practical security paradigm. Even if everyone did have the discipline ... you can't expect everyone to have the knowledge to know what to look for. I am of the opinion that the security of Dashboard Widgets (and Automator actions) needs to be addressed by Apple ASAP. Exactly! I just took a few minutes this morning to see what it might take for me to write my own. I saw the note on the Apple page about system commands and looked inside a couple of widgets. My immediate reaction was "holy sh*t!!!!!". Though not a professional developer, I'm reasonably competent at the Unix command line and have done some HTML and C programs. And I immediately knew they will easily be so complex there is no chance I would be able to tell if a widget was going to do something malicious. -- Seek truth, not validation of existing beliefs.
	to forum · permalink · · 2005-05-06 14:01:00 ·


Monday, 09-Nov 03:43:44	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF