T
Thud
Guest
This is not good....
http://www.tuaw.com/2005/05/07/the-problem-with-widgets/
I haven't installed the "demo" widget. But here's the summary:
1) Widgets cannot be removed from the widget bar once they are installed (according to Apple's help files), unless you edit an XML file and reboot.
2) By default, widgets will auto-install automatically through safari, WITHOUT PROMPTING or asking for a password. The article shows how to disable this "feature."
3) Widgets can be made to use an obscene image as its icon, which will then take permanent residence in your widget bar, until you do some XML file editing (see #1)
4) A widget can be programmed to load a particular web page in the browser (which also closes the dashboard). This means that you effectively cannot open the dashboard (because it closes immediately) and thus you can't remove the offending widget from the dashboard, after the widget was installed automatically without your permission!
Well, as both a windows and mac user, I would like to welcome mac users to the wonderful world of spyware, and something that doesn't exist in the windows world -- Dashboard Hijackers.
The question is, will Apple fix this gaping security hole before somebody exploits it?
http://www.tuaw.com/2005/05/07/the-problem-with-widgets/
I haven't installed the "demo" widget. But here's the summary:
1) Widgets cannot be removed from the widget bar once they are installed (according to Apple's help files), unless you edit an XML file and reboot.
2) By default, widgets will auto-install automatically through safari, WITHOUT PROMPTING or asking for a password. The article shows how to disable this "feature."
3) Widgets can be made to use an obscene image as its icon, which will then take permanent residence in your widget bar, until you do some XML file editing (see #1)
4) A widget can be programmed to load a particular web page in the browser (which also closes the dashboard). This means that you effectively cannot open the dashboard (because it closes immediately) and thus you can't remove the offending widget from the dashboard, after the widget was installed automatically without your permission!
Well, as both a windows and mac user, I would like to welcome mac users to the wonderful world of spyware, and something that doesn't exist in the windows world -- Dashboard Hijackers.
The question is, will Apple fix this gaping security hole before somebody exploits it?