In a security advisory released on Tuesday, Microsoft announced that it has released a fix that will disable the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. While many end-users may pout that they can no longer play virtual piano or giggle at their kitty cat clock, Microsoft insists it's in everyone's best interest, as vulnerabilities have been discovered that will allow remote code execution.
"Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets," Microsoft reports. "In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time."
Microsoft warns that if an attacker successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system," the company adds. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
The advisory arrives just two weeks prior to Black Hat where Mickey Shkatov and Toby Kohlenberg are scheduled to present research on Windows Gadget flaws and exploits. As the warning indicates, Microsoft has acknowledged the problem, but the company has yet to detail the vulnerability, pushing users to ditch their favorite desktop Gadgets.
Taking place on July 26, the presentation will be called "We Have You By The Gadgets" and will note "a number of interesting attack vectors" discovered in Gadgets. "We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets," the presentation's description states.
News of the Gadget exploit arrives after a recent internal build of Windows 8 -- 844x -- revealed to contain no references to desktop Gadgets in the control panel or desktop mode. Currently Gadgets are supported in Windows 8 Consumer and Release Preview editions. Microsoft also recently cleaned "Gadget house" online, as the company now offers a "Greatest Hits" collection of 29 internal and 3rd-party developed Gadgets.
"Because we want to focus on the exciting possibilities of the newest version of Windows, Microsoft no longer supports uploading new Gadgets. But that doesn't mean you can't still get Gadgets. The most popular and highest-rated gadgets are still available on this page," the Gadget page officially reads towards the bottom.
Desktop Gadgets have been around since the launch of Windows Vista, and have proved to be quite useful and entertaining. They were originally required to be docked (or contained) within a special sidebar in Windows Vista. Visually this feature was removed in Windows 7, allowing Gadgets to float on the desktop or be attached to the left or right side of the screen. However all Gadgets are still owned by the sidebar.exe process, as seen in the Process tab of Windows Task Manager.
But now it seems that desktop Gadgets will experience an early death before the arrival of Windows 8. For more information about disabling the Windows Sidebar and Gadgets, read Security Advisory 2719552 here.
Suit A: "So, we want less gadgets in Windows 8. Hell, we really don't want any. Capiche?"
Suit B: "The people aren't gonna like that."
Suit A: "Hmmm...true....well, lets just release a 'security' warning about how 'unsafe' they are."
Suit B: "I like they way you think, sir."
Suit A: "I know."
I agre-
Oh look, a smiley face cursor! Hmm, it requires a 50 MB download. Meh, I want it anyways!
They do offer their basic function but underneath most track everything you do on the internet and reports it back to the publisher.
I agre-
Oh look, a smiley face cursor! Hmm, it requires a 50 MB download. Meh, I want it anyways!
Some of them are kind of handy. I run the MS CPU/Memory gadget so I can know what's going on at any given time with CPU and Memory resources without having to go to Task Manager. I also run the MS Weather gadget that can be configured to show the predicted weather for the next few days coming up. So yes, there's a couple useful ones, but most are not.
Next they'll be advising not to use the desktop or screen-savers because a security hole was found.
I really hope I mis-read the article in my skimming of it. If this was Apple the haters would be cumming all over themselves in self-righteous glee.
Frick'n disqusting.
Suit A: "So, we want less gadgets in Windows 8. Hell, we really don't want any. Capiche?"
Suit B: "The people aren't gonna like that."
Suit A: "Hmmm...true....well, lets just release a 'security' warning about how 'unsafe' they are."
Suit B: "I like they way you think, sir."
Suit A: "I know."
These are the exact gadgets I use as well, along with another that displays network traffic. They seem useful to me.
That would be my guess. . .Get the people convinced it is bad and that they do not need the feature anyway, that was they will not miss it. Next watch MS try to tell us the START menu is bad and is open to security issues
you would never know they were there. It's not like your mouse would move, or that windows would open without you doing things. They would get in, copy everything, and get out entirely without notice, and the only proof you would have is the credit card bill at the end of the month.