Re: Widget Security

Forums » Tech and Talk » OS and Software » All Things Macintosh » Widget Security


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·The ATM FAQ (Kool-Aid time) ·Mac Tweaks ·For New Mac Users ·The Permanent Greeting ·RC5

[X] Freeware DVD audio extractor / ripper for OS X? »
« Networking

jDyno
Premium
join:2001-02-20
Washington, DC
clubs:

But it doesn't really tell you that it may be a security risk or that it accesses private system stuff. It just asks permission to run for the first time.

Also, no such warning exists when a widget needs Net access.

Yes, apps exist to monitor net traffic, and of course one is SUPPOSED to scan everything you put on your computer, but that's just not a practical security paradigm.

Even if everyone did have the discipline to check for security risks in every Widget (or any other thing they put on their machine), you can't expect everyone to have the knowledge to know what to look for. Hell, I'm a developer and I wouldn't be able to spot everything - probably even if I knew it was there.

And no, these do no more than any other Applescript could do, but Widgets and Automator actions will be used and downloaded many hundreds of thousand of more times than Applescript just by the very fact in how they are now more built-in adn accessible by the everyday user.

I am of the opinion that the security of Dashboard Widgets (and Automator actions) needs to be addressed by Apple ASAP.
--
Smart Marketing

permalink · 2005-05-06 13:46:26 · Print ·

shavano
Even in America -- I long for America

join:2003-06-08
Dallas, TX

Re: Widget Security

said by jDyno

:

But it doesn't really tell you that it may be a security risk

that's just not a practical security paradigm.

Even if everyone did have the discipline ... you can't expect everyone to have the knowledge to know what to look for.

I am of the opinion that the security of Dashboard Widgets (and Automator actions) needs to be addressed by Apple ASAP.

Exactly!

I just took a few minutes this morning to see what it might take for me to write my own. I saw the note on the Apple page about system commands and looked inside a couple of widgets.

My immediate reaction was "holy sh*t!!!!!".

Though not a professional developer, I'm reasonably competent at the Unix command line and have done some HTML and C programs. And I immediately knew they will easily be so complex there is no chance I would be able to tell if a widget was going to do something malicious.
--
Seek truth, not validation of existing beliefs.

permalink · 2005-05-06 14:01:00 · Print ·

your comment..

Forums » Tech and Talk » OS and Software » All Things Macintosh	[X] Freeware DVD audio extractor / ripper for OS X? » « Networking


Thursday, 26-Nov 09:14:35	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF