Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Lose the gadgets  (Read 2564 times)

guest

  • Guest
Lose the gadgets
« on: July 13, 2012, 08:29:51 AM »
MS have issued a security advisory which basically recommends you turn off gadgets and sidebar :

http://technet.microsoft.com/en-us/security/advisory/2719662

"Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time.

An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33888
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Lose the gadgets
« Reply #1 on: July 16, 2012, 07:07:23 PM »
Quote
Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time.

But I guess that can apply to anything, be it gadgets or full blown programs.  Whats not clear from there is whether AV would pick up malicious code from gadgets. 
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

guest

  • Guest
Re: Lose the gadgets
« Reply #2 on: July 17, 2012, 09:44:23 AM »
Apparently a couple of gentlemen at a security presentation are about to demonstrate lots more "features" of gadgets/sidebar which remotely own Windows7/Vista - MS are just using some nice bland weasel words there ;)

The briefing is called "We have you by the gadgets".

Gadgets are just JavaScript, CSS and html - which are all embedded into Windows7/Vista - so I'm sure there's some interesting attack vectors.

Re antivirus - unless your AV monitors gadget traffic then I wouldn't imagine its any use at all. The one I use (Eset Endpoint Antivirus) does but thats not your average AV package.
Logged