x64 W7 SP1 Norton Security and Malwarebytes Premium. I did like the temperature sitting on the desktop! Thank you!
Microsoft have killed gadgets and have said they are a security risk. It is a risk I'm willing to take, but third-party gadgets / widgets could certainly be a risk. http://windows.microsoft.com/en-AU/windows/gadgets https://technet.microsoft.com/library/security/2719662 The weather gadget hasn't worked for over a month anyway.
The only gadgets I've ever used are the built in clock and CPU/Ram meters in Windows 7. Installing Internet 11 is supposed to kill them but I did that in two almost identical machines and in one, IE 11 is working with both gadgets still active. On the other, the gadgets made IE unstable and I could have them but not use IE 11. Not much of a loss since I don't use it anyway. I removed the gadgets and IE 11 still didn't work and I couldn't put the gadgets back on the desktop. I ended up reverting to IE 9 and restoring the Gadgets. I don't see these two gadgets as much of a security risk.
They are the two I use but haven't had any problem with them or IE11 on my two machines. installing IE11 on either machine has never disabled gadgets for me.
Glad you brought this up! Was wondering the same thing recently. I disabled gadgets on my WIN 7 build a couple of years ago when MS first issued the security alert.
Just a suggestion - if you are looking for clocks, weather, etc, you might try Rainmeter - it's free, it very small load on pc and it's very customizable. No Windows registry files are changed by using it. I've used it for years with absolutely no problems. Deviantart has many free skins for customizing it. Some of the desktops I've used in the past are shown on: http://johnburns.deviantart.com/ You can download Rainmeter at: http://rainmeter.net/
Quoting the Security Advisory from Technet: "Customers should consider the following ways that an attacker could leverage Gadgets to execute arbitrary code: Microsoft is aware that some legitimate Gadgets running in Windows Sidebar could contain vulnerabilities. An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could create a malicious Gadget and then trick a user into installing the malicious Gadget. Once installed, the malicious Gadget could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. In addition, Gadgets can access your computer's files, show you objectionable content, or change their behavior at any time. Gadgets could also potentially harm your computer." These concerns are valid for every 3rd party sofware you run. Don't run software you don't trust, that goes for Gadgets as well. Indeed, I never understood the fuss about this.
That MS document is too vague so I can't make out what the actual vuln/exploit is, but I guess it is only exploitable on local. If so, not a much risk as long as you take measure against all common attack paths.
I thought this had been answered before? We had the same question from the same poster 2 years back.... https://www.wilderssecurity.com/threads/are-w7s-widgets-still-considered-a-security-risk.340938/ We have you by the gadgets - A Security Analysis of the Microsoft Windows Sidebar Gadget Platform: http://media.blackhat.com/bh-us-12/...nberg_Blackhat_Have_You_By_The_Gadgets_WP.pdf The inherent risks with gadgets (especially 3rd-party ones) are all listed under "Gadget Security Model" and "Overview of attack surface". Recommended mitigation would be to install gadgets from known trusted sources or remove the sidebar altogether if you do not use gadgets.