Sidebar gadgets a security risk?

Just wondered what members felt about sidebar gadgets and do they consider them a security risk at all.
I have just one gadget which shows ram usage and my IP.
Any thoughts?

 

Why do you worry? They don't even have to connect to the internet, right? I have the weather gadget that does connect, but don't worry.

In order to exploit something, you must somehow make code to execute. You go a site, there is a Flash exploit, code gets executed through the hole and you get infected. Why should one bother to try to exploit your offline gadgets and how would he do that? If he gets to run code in your PC that can hijack your gadgets, then i am sure he can hijack much more important processes in your Windows that also have firewall rights to phone out.

 

That much is a valid point. If someone could get something on your machine to begin with it would probably be something else. But from what I have seen all gadgets run under the sidebar.exe process which connects to the internet (or at least prompts for firewall exceptions) regardless of what gadgets you have running. Having any gadget run at all a security risk? Yes. But I doubt it is a huge risk unless you install some untrusted 3rd party gadgets.

 

See: http://support.microsoft.com/kb/2719662

 

Doesn't seem like a likely attack vector, but that's treading lightly on the issue of computer security. Fully agree with the above comments ... watch what you download. I'd imagine that if the sidebar was to be exploited it would probably be something simple. I'm thinking back to scripts for windows clock, calendar, & of course Clippy. I don't know of any damage caused by such exploits, but they seemed amusing at the time.

 

I think microsoft have scrapped the gadgets in windows 8 altogether.I dont use windows 8 and i assume the sidebar would be scrapped also?

 

My computing style dictates that I do not find much need/use in sidebar gadgets. Considering that I stand nothing to lose and system resource to be gained, it's among the 1st thing I do on a fresh install of Windows.

Nevertheless, the MS Advisory (which I've seen before) just gave me an excuse to justify my biased choice. Splendid, isn't it?

 

Neither do I.

 

Why does the new version of comodo internet security include a gadget if this is such an issue,
Avast also has a gadget.
If there were real security risks then surely these gadgets would not be included.

 

Sandboxie

 

Because the vulnerability is theoretical:

Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.

Recommendation. Customers who are concerned about vulnerable or malicious Gadgets should apply the automated Fix It solution as soon as possible

http://technet.microsoft.com/en-us/security/advisory/2719662

Theoretically, pretty much anything that has access to internet could have a vulnerability that can be remotely exploited. Not for this you must disable internet in your computer.

 

... the answer is posted ... and, the thread goes on, without skipping a beat ...

If anyone on this forum, with a greater knowledge of how Gadgets work, would like to take a look look at this post, and critique the solution so far, it would be much appreciated.

I'd like some confirmation that the approach in the linked thread is, in fact, heading in the direction of running Gadgets with complete security (or, at least as close as is possible).