Windows 7 and Vista Gadgets Revisited
by CaptainPC | 1,101 Views | 1 Comments
"Windows 7 and Vista Gadgets Revisited" considers the vulnerabilities of gadgets as described by Microsoft. It seems that gadgets are written in unsecured html code that presents an open door to malware that can potentially take over a user's system.
- 2 Published Aug 9, '12
Microsoft Security Advisory (2719662), published this past July 10, warns that Windows 7 and Vista Gadgets and Sidebar are vulnerable to malware intrusion. The stated vulnerability is the execution of arbitrary code by Windows Sidebar while running insecure Gadgets. Insecure Gadgets also includes those Microsoft developed and made available on their Gadget Gallery site, which no longer allows you to download Gadgets, as well as Gadgets from untrusted sources.
The nature of the insecurity rests in the HTML code in the Gadgets, which contain no security features and no sandboxing to lock out malicious code. Gadgets that are under attack can be used by bad guys to access your files, show you objectionable content, or change the Gadget’s behavior at any time. The advisory goes on to relate that an attacker who successfully exploits a Gadget vulnerability can run arbitrary code in the context of the current user. If the current user is logged on to the computer with administrative user rights, the attacker can take total control of the affected system. The truth is that any malware or attacker that gains access to your computer will enjoy the same rights on your computer as do you. If you are logged on as administrator, then your attacker will have administrative rights as well. This can allow the attacker to copy, move, rename, delete, or otherwise have full access and control over your files and programs. On the other hand, if you have a limited rights user setup available, and you log in as a limited user, an attacker or malware will also have the same limited rights, thus limiting the scope of the damage that can be inflicted. Most users, particularly home users, are logged in to Windows using an administrator user account.
The advisory article further relates that users can access the Microsoft Knowledge Base Article 2719662 to download a “Fix-it” work around solution to disable the Sidebar and Gadgets. The “Fix-it” can be found in the section labeled “Fix it for me”. There are two “Fix-it” buttons available. One is for disabling Windows Sidebar and Gadgets, and the second one is for enabling Windows Sidebar and Gadgets. It is a good idea to download both at the same time. When you click on each, a download of the Fix-it will deposit the file on your hard drive. The second “Fix-it” is provided so you can enable the Sidebar and Gadgets when Windows provides an Update to once and for all eliminate the Sidebar and Gadgets. The Sidebar and Gadgets must be enabled for any appropriate Windows Update to do its job. After downloading and applying the disable “Fix-it”, you can copy both files to a USB Flash Drive to use them on any other Windows computers you may own.
While Microsoft could develop Gadgets that are more secure, the company apparently decided to just do away with them, encouraging users to move to Windows 8, whose Metro interface will provide similar features, howbeit in a much more secure environment.
Do you use Gadgets? If so, will you disable them? What are your thoughts? Your comments are very welcome.Last edit by Joe V on Aug 11, '12
CaptainPC has been hanging around computers since 1982, when audio cassette tapes were common storage media in home computing. He is the Administrator of his church network, and holds Comptia's A Plus Certification for PC Hardware Maintenance & Repair, as well as Comptia's Network Plus certification in general networking. The Captain spends his time maintaining computers and cleaning malware infections.
60 Years Old; Joined May '09; Posts: 329; Likes: 545.0Aug 13, '12 by nursel56 GuideThank you for this article, Captain PC!
The answer is yes, I do use gadgets. My laptop has Windows 7 and my desktop (which I don't use very much) has Vista, which is constantly being ridiculed. I really like the gadgets,too. I had a couple of translator gadgets, world clock, weather, etc. It certainly isn't worth the litany of troubles described there, though!
Sounds like I won't be using them anytime soon, as a new computer isn't on my horizon.
Thanks for the heads up!