Quote: Originally Posted by larrinski It has got to do with idisk syncing services. If you allow the change, idisk then shows up on your desktop. I get a bit paranoid too after …

Warning: the following link will auto-download a widget that will then auto install: http://stephan.com/widgets/zaptastic/ It kills all the widgets in ~/Library until you trash …

First, nothing happend automatically, probably because I have opening of "safe" files turned off in Safari. Second, when one first starts a widget (including this one) Dashboard a…

Lotsa default installs out there, and lotsa users that don't know to change the prefs. Did you read the whole page? I've got a default install of 10.4 going here, and I didn't get…

there a thread about this same issue going on at Ars. Interesting. Could the honeymoon be over? http://episteme.arstechnica.com/eve/...m/200006323731

Quote: Originally Posted by TETENAL So don't download and run anything from a source you don't trust. Also note that the download was initiated by merely clicking a link t…

Dear God; it's ActiveX all over again. No, I'm serious. The whole reason ActiveX is so insecure is that Microsoft insists on auto-opening executable code in the name of convenienc…

Quote: Originally Posted by chris v Warning: the following link will auto-download a widget that will then auto install: http://stephan.com/widgets/zaptastic/ It kills all th…

Quote: Originally Posted by Millennium The only way to close this hole is to remove the feature. Not just "make it an option"; completely remove it. Disable "Open 'safe' fil…

Why would they do that! It's just silly. There should be: 1) A scary warning. 2) You should physically have to move the widget to the widget library (or have a big scary screen say…

You guys didn't hear? They're moving to signed widgets, and you have to buy a Widget Developer's License from Apple get a widget signing key.

Quote: Originally Posted by TETENAL Disable "Open 'safe' files" in Safari and the widgets are not installed automatically. Before a widget is run the first time Dashboard asks. …

Quote: Originally Posted by Millennium You don't understand; the point is that this misfeature gives widgets a mean to self-spread. What could have been a simple Trojan can beco…

Quote: Originally Posted by TETENAL Widgets can not "self spread" because Dashbaord asks the user whether they are allowed to run when they are run the first time. They can only…

I've got the same experience as chris v; most widgets that I've downloaded haven't asked me anything. The exceptions have been when the app contained a binary code, shell script, o…

Quote: Originally Posted by TETENAL Widgets can not "self spread" because Dashbaord asks the user whether they are allowed to run when they are run the first time. They can only…

Quote: Originally Posted by TETENAL Widgets can not "self spread" because Dashbaord asks the user whether they are allowed to run when they are run the first time. They can only…

Listen, chris, there is absolutely no need of shouting. This was just lack of extensive testing on my side before composing my replies. Of course I have set the "Open 'safe' files…

Quote: Originally Posted by theolein This is exactly the same way that Internet Explorer is abused to download viruses, spyware and other malicious stuff onto a user's Windows s…

Quote: Originally Posted by Mithras Dashboard only asks `are you sure?' for widgets that request system access -- the ones that could potentially delete your home folder. Ordina…

Quote: Originally Posted by TETENAL Well, eventually you have to allow the user to run applications. What more can you do than ask whether the user wants to allow this? It's not…

Reposted from ars: I made a web page that silently downloads a slate full of widgets that looked just like the Apple widgets, and appeared to have the same names, but could have ha…

Evil tracker.

Quote: Originally Posted by Millennium Spread this far and wide, Chris. Tiger hasn't been out for long, so there's still a chance we can get Apple to remove the auto-install fea…

You can try my little page o' evil widgets if you like.