The recent Dashboard : Widget ( In)Security article raises some interesting and valid concerns about Tiger ’s new Dashboard widgets . Of special worry is the fact that a widget can do anything in your user space that you may do — including erasing files , changing possession and permission , fly the coop AppleScripts and command - pedigree utilities , and so away .
These are certainly scary thing to see , especially establish Apple ’s marketing focus on the “ warm and fuzzy ” nature of widgets . However , I care that the article may disperse a bit more concern over the dangers of gubbins than there actually should be .
Why do I say that ? count for a moment not a widget , but a unconstipated app . Applications have the power to do everything thingmabob can do … and much more . call in the last time you installed an software . You probably put it in the system - encompassing Applications leaflet — so now any user can track down it . You may have also been ask to provide your administrative word as part of the installation appendage . But did you stop to see that this software could do anything at all it wants to when you double - click it ? Perhaps you did , but most of us have become so accustomed to just download , installing , and using program that we may not have given it a 2nd thought .
But what if the program program ’s author had malicious intentions ? In that showcase , you ’re in big trouble . During initiation , specially if you provide your admin password , the program could have set up , for instance , a background process that logs all your key stroke and then sends them out to a collection host . Or it could have a clock time bomb befool inside the program , such that on your 35th launch of the program , it deletes your full substance abuser ’s directory . Many more such things are potential , specially give that app writer have access to the full might of OS X ’s maturation environment . ( François Joseph de Kermadec has a dependable write - up on this comparison of applications and widgets in hisO’Reilly Developer Weblogif you ’d like even more detail on the content . )
And yet , despite the shivery capabilities of third - company applications to completely destruct our machines , we continue to download and use them . And we in all likelihood do so without digging into their package contents or grepping filing cabinet for bid that might erase file . Why ? Because we swear the reference of the program , and the programs do utile affair for us . doodad are exactly the same as applications in this sense : while they are truly utilitarian , they have the magnate to damage our machine .
How do we break up then the battle between usefulness and potential demolition ? First , I completely agree with Dori Smith ’s advice in the “ Widget ( In)Security ” clause — everyoneshould disable Safari ’s “ Open ‘ safe ’ file after downloading “ . ( I find it ironic that Apple chose to put “ secure ” in quotes , implying that these items are n’t really safe … which is actually the true statement ! ) This is the simplest step you may take to insure that you do n’t accidentally install a widgetoran practical program that you did n’t stand for to set up . This will also take tutelage of the rightfully malicious Web page which apply JavaScript to automatically download a gimmick without your knowledge . ( Still , such appliance wo n’t be dynamic until you click one in the Dashboard panel . )
And finally , back up your key files ! This is probably the most prudent advice of all — if you have a respectable , current backup , then even the most destructive of doohickey or coating will only stimulate you a bit of fall behind fourth dimension to restore your fill-in . Without a good championship , you ’ll be in much worse shape .
I do think Apple needs to update Safari so that safe downloads are not enabled by default — enabling this feature was a very unwise move on the society ’s part . I also remember the system should apprise you via a pop - up dialogue box if a new widget or app is add to the Widgets or Applications directory , and you have n’t been involved in the outgrowth ( that is , you did n’t initiate the process nor reply to a dialog corner ) . And there should be an easy manner to remove a widget from the Dashboard bar , so users do n’t have to dig into folders in the Finder to do so .
But Idon’twant Apple to get down limiting the power of thingamajig , because if they do , thingumabob will be less useful . What ’s more , overall organisation security department wo n’t be much good — applications will still have the power to do whatever they want , for exercise . Do we then start limiting applications ’ capabilities , for fear of malicious programs ?
But even if Apple does n’t change anything , am I going to lose any sopor over the apparent malicious capabilities of an evil widget ? Certainly not any more than I lose worrying about malicious diligence — which is to say , none .
Update : After post this web log entry , I saw a new page with someadditional Dashboard concerns . While this does n’t change my overall conclusion that widgets are not inherently more severe than any program , it does point out a couple of fresh things that Apple really must address .
First , a malicious widget can put back a system - provided widget simply by using the same name — the exploiter ’s widgets take precedence over the blood widgets . Second , and even bad , if a widget has been auto - installed via Safari , there ’s no admonition about the inside nature of the widget . Finally , the page talk over a method of privilege escalation that could theoretically allow a thingummy to unravel with radical privilege without any user intercession . claim together , these bug would allow a malicious developer to do some nasty material , especially for those who have n’t disabled Safari ’s car - install feature of speech .
If you do nothing else , please disable Safari ’s automobile - install choice . Until Apple releases some update , that ( or using another web web browser that wo n’t auto - install ) is your best trade protection , scant of not append any raw gismo to your system of rules .
