Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Macintosh » Widget Security
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·The ATM FAQ (Kool-Aid time) ·Mac Tweaks ·For New Mac Users ·The Permanent Greeting ·RC5
[X] Freeware DVD audio extractor / ripper for OS X? »
« Networking  
AuthorAll Replies


shavano
Even in America -- I long for America

join:2003-06-08
Dallas, TX

reply to jDyno
Re: Widget Security

said by jDyno See Profile:

But it doesn't really tell you that it may be a security risk

that's just not a practical security paradigm.

Even if everyone did have the discipline ... you can't expect everyone to have the knowledge to know what to look for.

I am of the opinion that the security of Dashboard Widgets (and Automator actions) needs to be addressed by Apple ASAP.
Exactly!

I just took a few minutes this morning to see what it might take for me to write my own. I saw the note on the Apple page about system commands and looked inside a couple of widgets.

My immediate reaction was "holy sh*t!!!!!".

Though not a professional developer, I'm reasonably competent at the Unix command line and have done some HTML and C programs. And I immediately knew they will easily be so complex there is no chance I would be able to tell if a widget was going to do something malicious.
--
Seek truth, not validation of existing beliefs.
to forum · permalink · · 2005-05-06 14:01:00 · Reply to this


jDyno
Premium
join:2001-02-20
Washington, DC
clubs:

reply to JJ
But it doesn't really tell you that it may be a security risk or that it accesses private system stuff. It just asks permission to run for the first time.

Also, no such warning exists when a widget needs Net access.

Yes, apps exist to monitor net traffic, and of course one is SUPPOSED to scan everything you put on your computer, but that's just not a practical security paradigm.

Even if everyone did have the discipline to check for security risks in every Widget (or any other thing they put on their machine), you can't expect everyone to have the knowledge to know what to look for. Hell, I'm a developer and I wouldn't be able to spot everything - probably even if I knew it was there.

And no, these do no more than any other Applescript could do, but Widgets and Automator actions will be used and downloaded many hundreds of thousand of more times than Applescript just by the very fact in how they are now more built-in adn accessible by the everyday user.

I am of the opinion that the security of Dashboard Widgets (and Automator actions) needs to be addressed by Apple ASAP.
--
Smart Marketing
to forum · permalink · · 2005-05-06 13:46:26 · Reply to this
Forums » Tech and Talk » OS and Software » All Things Macintosh[X] Freeware DVD audio extractor / ripper for OS X? »
« Networking  

Thursday, 26-Nov 15:04:23 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [109] New AT&T Ad Campaign Hits Back At Verizon
· [106] Time Warner Cable Fires Broadside At Broadcasters
· [95] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [69] TiVo Sees Record Customer Losses
· [57] In-Flight Internet Headed For Bumpy Landing?
· [37] ICANN Slams DNS Redirection
· [36] Thanksgiving Open Thread
· [34] Senators Want ACTA Made Public
· [34] Despite Billions In USF Fees, U.S. Libraries Lack Bandwidth
Most people now reading
· I'll Just Unplug That... [No, I Will Not Fix Your #@$!! Computer]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Newegg Black Friday Sale started [Users Find Hot Deals]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· SSD [Computer Hardware Discussion/Reviews]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· Not strictly "Home" related - but WOW anyways... [Home Repair & Improvement]
· Ottawa South Highspeed - WOW! [Canadian Broadband]
· HOW-TO: QoS and Tomato (fixes "choppy voice") [MagicJack]