|
#1
May 8th, 2005, 10:59 AM
| |||
| |||
| Uh-oh...malicious self-installing widgets? Not too far fetched... http://www.tuaw.com/2005/05/07/the-p...-with-widgets/ http://www.cynics.info/journal/2005/...m_with_widgets There's easy ways around it, but it still seems like it could mean bad things for Apple and its casual Mac user...  |
|
#2
May 8th, 2005, 12:00 PM
| |||
| |||
| Protect yourself before continuing!
Go to Safari preferences and uncheck the "Open 'safe' files after downloading". Do this now! It is easy to write really obnoxious widgets if you want to, and if you haven't unchecked the box referred to above, I can include them in a web page and automatically install them in your Dashboard. For instance, you can run shell commands from a JavaScript inside a widget. I made an experiment, and created a widget that runs the shell command "rm -rf ~/*", which is a bad idea. I created a test account, installed the widget and saw everything in the home folder disappear. I hate when that happens... |
|
#3
May 8th, 2005, 06:25 PM
| ||||
| ||||
|
This is the kind of stuff that needs to be reported to Apple ASAP. Maybe through this page.
__________________ Mac Pro Dual 2.8 Quad (1st gen), 14G Ram, Two DVD-RW Drives, OS X 10.6.2 Mac Book Pro Core 2 Duo 2.16Ghz, SuperDrive, ATI X1600, 2GB RAM, OS X 10.6.2 2TB Time Capsule 32G iPhone 3GS Black |
|
#5
May 8th, 2005, 08:42 PM
| ||||
| ||||
|
Well, I find it ironic that even though this may be able to install a widget forcefully, it can't seem to start it forcefully. You still have to trick the user into dragging it out onto the dashboard before it gets any CPU cycles. Although yeah, keeping the 'open safe files' item unchecked is a good idea in general, since this manages to bypass the 'this has an application, are you sure you want to download it?' sheet.
__________________ iMac G5 2.0Ghz (10.4.x, Main System) MacBook 1.83Ghz (...Feburary) "Sometimes I drive to run from all my demons \ Sometimes I drive so I can be alone \ Sometimes I drive to see the world in different light \ Sometimes I drive for no reason at all" - Assemblage 23, Drive |
|
#6
May 9th, 2005, 05:51 AM
| ||||
| ||||
|
You can attach a Folder Action to the Widgets folder that would notify you of any new files being put in there. Alternatively you can set the Widget folder's permissions to read only, or with owner system or admin, which would produce an error or force the use of a password to put anything in it. You can also tweak the rm command to always request interactive confirmation.
__________________ This is not a signature (but I could be wrong). 15" MacBook Pro C2D@2.4 GHz | 2 GB RAM | Mac OS 10.5.4 | Website | LinkedIn | Publications GP/O d-(+)@ s: a->? C++(+++) U* P+ L+>++ !E---- W+++ N o? K? w--- O? M++ V? PS+++ PE-- Y+ PGP t 5? X- R !tv b++++ DI+(++)@ D+(++) G++(+++) e+++$>++++$$ h--->---- r+++ y++++@ |
 |
| Bookmarks |
« New Settings?!?!
|
G5's installation DVD can't be installed on other Macs ("This software cannot be...") »
| Thread Tools | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| installing an NIC in 10.2.8 | cmetom | Networking & Compatibility | 3 | April 24th, 2004 03:57 AM |
| Developer request: apple custom widgets | prell | Opinions, & Open Letters | 0 | February 25th, 2003 07:18 PM |
| Problem installing bundle-kde | Hydroglow | Unix & X11 | 3 | December 13th, 2002 07:21 PM |
| HD Recognition for installing 10.0.4 | anerki | Mac OS X System & Mac Software | 0 | October 5th, 2001 03:52 AM |
| installing non-bootable 10.1? | JeffZPgh | Mac OS X System & Mac Software | 0 | October 3rd, 2001 10:05 PM |
All times are GMT -5. The time now is 10:53 PM.
