05-11-2005, 07:03 PM #1Ex_PC_PukeGuestApple issues press release on Dashboard Security issue !!!!!!
Apple Executives Admit That Dashboard Widgets Can Do Harm To Computer Files In Their New Operating System - Tiger. (AP Wire Services - Cupertino, CA).
In a brief press release, senior Apple executives admitted that a highly touted feature in the newly released OS X - Tiger called the Dashboard could open the system to malicious software. Within 2 weeks of Tiger’s debut, an independent developer demonstrated how a Dashboard element called a Widget could insert itself in the Dashboard and not be removed. Thus exposing a possible security hole into the system.
“Yes we admit to being caught off guard on this particular aspect of the Dashboard environment” noted Rob Schoeben VP of Applications Product Marketing at Apple. He continued “Our enthusiasm to deliver a new and useful tool to our users should have been tempered by a more realistic look at the issues of allowing third party applets to be easily loaded into our operating system. We firmly believe that Dashboard and widgets will be a key aspect of all future Apple operating systems, but that security elements to protect both the user and the system from malicious or poorly written widgets needs to be in place”.
He went on to say that a Tiger task force has been created to immediately address and solve these issues with the Dashboard element of Tiger. An update is planned by end of May 2005.
05-11-2005, 07:04 PM #2Ex_PC_PukeGuest
Ha - Ha - Ha
I couldn't resist --- this is how a computer co. should react when they mess up a product
But only in a fantasy world
05-11-2005, 07:16 PM #3untoastytoastGuest
05-11-2005, 07:18 PM #4
- Member Since
- Dec 28, 2003
- Long Island, NY
- 15" MacBook Pro & 23" ACD
err..so is this true or not?
05-11-2005, 07:18 PM #5
- Member Since
- Dec 24, 2002
- Los Angeles, California
- 2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi
Hopefully they resolve that problem within a week or so, instead of end of the month.Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!
05-11-2005, 07:28 PM #6untoastytoastGuest
I'm pretty sure the security flaw is true, but the press release part isn't.
05-11-2005, 08:12 PM #7KokopelliGuest
I do not think this is a real announcement. It was an attempt at humor and so should have been in Anything Goes. Regardless, it is not really a security flaw in Dashboard so much as a inequity in Safari.
1) Safari should not auto install Dashboard widgets. This is easily solved by uncecking "Open Safe Files after Downloading" (which I really would not recommend leaving checked anyways.)
2) Dashboard widgets should give the same warning as programs the first time they are run. I do not think they do, but since I do not use Dashboard and have never installed a widget I am not certain.
Given these two elements a Widget is no more dangerous than any other program on your system. Actually less considering the partial sandbox in which widgets run.
05-11-2005, 08:16 PM #8
Originally Posted by Kokopelli
- Member Since
- Nov 11, 2004
- Toledo, Ohio
- Macbook, iMac G5, iPad, iPhone 4, iPod (MANY)!
05-11-2005, 08:41 PM #9KokopelliGuest
Well there you go. I could create an app that wipes out your home directory when you run it. I could even wipe the whole system if you type in the admin password. Does that constitute a security hole? You downloaded it, then you vouched that you wanted it to run. A poorly programmed widget could cause problems on your system or "spy" on you. So could any other app that runs all the time.
This security hole as it stands is way over rated. Perhaps someone will come up with something more malicious but as it stands there is no reasonable security issue that has not existed before. Just the perception of one. It could be used to make spyware, but this is why you do not install widgets indescriminately and monitor which ones are running. Just like any other app.
05-11-2005, 08:50 PM #10Ex_PC_PukeGuest
05-11-2005, 09:02 PM #11KokopelliGuest
Ah... The substitution as described on that page is worse. Not epic in scale but it should not be allowed.
Again uncheck the automatically open safe files in Safari or use an alternative browser and this is less of an issue. IMHO it should not have been checked in the first place since I do not consider any file downloaded from the internet safe. The problem does need to be corrected within Dashboard, but it is an easily mitigated risk.
05-11-2005, 10:22 PM #12Ex_PC_PukeGuest
Well ...... I remain in the camp that widgets and the dashboard are a great "concept" --- but not ready for prime time
Only a matter of time before some one creates a phishing widget .... where a security hole puts the "user" in the position of having to decide what this message on the screen means ??? and should I click Ok or Cancel ??
Would let your mother or grandma use widgets ????? I wouldn't
05-12-2005, 12:44 AM #13
- Member Since
- Aug 25, 2004
- New Zealand
- 13" MBA. 15" MBP. iPhone 4. 3G Pad 2.
PC Puke, there are Mothers & Grandmothers here as members.
We are NOT idiots.~ 13" MacBook Air. OSX 10.9 ~ iPad 2 & iPhone ~
05-12-2005, 09:23 AM #14KuruMonkeyGuest
The real "problem" isn't the current severity or not of this particular issue.
Its more the fact that it demonstrates that
A: dashboard was released FAR from finished (no user-friendly removal system at all?).
B: elements of what was not finished largely includes the "having thought about potential security problems" aspect.
Its more worrying in the potential for apple dev. going down the MS route of "release, let public fall into security hole in the wild, fix at leisure", which is, bluntly, what drives some of us switchers to SWITCH in the first place...
Oh, and my mother manages to use WinXP quite safely (virus scanner, firefox and a stern "phone me before opening attachments!" from me sorted that pretty well), frankly I'd rather she used dashboard than that, but there you go...
05-12-2005, 01:15 PM #15
- Member Since
- Jun 11, 2003
- Mount Vernon, WA
- MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2
Torchy I don't think he was calling grandma's or mother's idiots. I think he brings up a very good concern, which is not limited to mother's or grandma's. I know my grandmother is on an eMac and I have not updated her to Tiger yet due to the problems. And I know I would not want my grandmother using dashboard with those security problems, for her.. it wouldn't matter.. if I said go ahead and use them.. she probably wouldn't since it's outside the realm of her comfort level.. She does email and surfs the web.. that's pretty much it. That's not calling her an idiot, that's just saying that like her, a lot of grandmother's, mother's, father's etc just want to use a certain part of the computer and that's it and they don't care to learn about any of the other things you can do with a computer. That lack of knowledge and desire of knowledge in this example could do some damage if she surfs to a page and it automatically loads up a new widgit that does damage. Definitely not an idiot, but definitely uninformed and this type of security hole should not be in existance, especially for casual users who trusts in someone else to manage their computer for them.---> Join the Mac-Forums Folding team: use 37954 as your team number.
View Mac-Forums Folding team statistics (More Info)
Don't forget to use the User Reputation System
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By schweb in forum Apple Rumors and ReportsReplies: 108Last Post: 07-16-2010, 01:53 PM
By schweb in forum iPhone Hardware and AccessoriesReplies: 0Last Post: 07-02-2010, 09:08 AM
By the8thark in forum iPad Hardware and AccessoriesReplies: 24Last Post: 05-13-2010, 04:10 AM
By Ex_PC_Puke in forum Apple Rumors and ReportsReplies: 21Last Post: 05-13-2005, 01:35 PM