Sidebar gadgets a security risk?

Discussion in 'other security issues & news' started by The Red Moon, Dec 17, 2012.

Thread Status:
Not open for further replies.
  1. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Just wondered what members felt about sidebar gadgets and do they consider them a security risk at all.
    I have just one gadget which shows ram usage and my IP.
    Any thoughts?
     
  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Why do you worry? They don't even have to connect to the internet, right? I have the weather gadget that does connect, but don't worry.

    In order to exploit something, you must somehow make code to execute. You go a site, there is a Flash exploit, code gets executed through the hole and you get infected. Why should one bother to try to exploit your offline gadgets and how would he do that? If he gets to run code in your PC that can hijack your gadgets, then i am sure he can hijack much more important processes in your Windows that also have firewall rights to phone out.
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    That much is a valid point. If someone could get something on your machine to begin with it would probably be something else. But from what I have seen all gadgets run under the sidebar.exe process which connects to the internet (or at least prompts for firewall exceptions) regardless of what gadgets you have running. Having any gadget run at all a security risk? Yes. But I doubt it is a huge risk unless you install some untrusted 3rd party gadgets.
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  5. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    Doesn't seem like a likely attack vector, but that's treading lightly on the issue of computer security. Fully agree with the above comments ... watch what you download. I'd imagine that if the sidebar was to be exploited it would probably be something simple. I'm thinking back to scripts for windows clock, calendar, & of course Clippy. I don't know of any damage caused by such exploits, but they seemed amusing at the time.
     
  6. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    I think microsoft have scrapped the gadgets in windows 8 altogether.I dont use windows 8 and i assume the sidebar would be scrapped also?
     
  7. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    My computing style dictates that I do not find much need/use in sidebar gadgets. Considering that I stand nothing to lose and system resource to be gained, it's among the 1st thing I do on a fresh install of Windows.

    Nevertheless, the MS Advisory (which I've seen before) just gave me an excuse to justify my biased choice. Splendid, isn't it? :p
     
  8. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Neither do I. :thumb:
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Why does the new version of comodo internet security include a gadget if this is such an issue,
    Avast also has a gadget.
    If there were real security risks then surely these gadgets would not be included.:cautious:
     
  10. Dogbiscuit

    Dogbiscuit Guest

    Sandboxie
     
  11. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Because the vulnerability is theoretical:

    Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.

    Recommendation. Customers who are concerned about vulnerable or malicious Gadgets should apply the automated Fix It solution as soon as possible

    http://technet.microsoft.com/en-us/security/advisory/2719662

    Theoretically, pretty much anything that has access to internet could have a vulnerability that can be remotely exploited. Not for this you must disable internet in your computer.
     
  12. RonCam

    RonCam Registered Member

    Joined:
    Aug 28, 2009
    Posts:
    12
    ... the answer is posted ... and, the thread goes on, without skipping a beat ... :cautious:

    If anyone on this forum, with a greater knowledge of how Gadgets work, would like to take a look look at this post, and critique the solution so far, it would be much appreciated.

    I'd like some confirmation that the approach in the linked thread is, in fact, heading in the direction of running Gadgets with complete security (or, at least as close as is possible).
     
Loading...
Thread Status:
Not open for further replies.