Microsoft has issued a “Security Advisory” warning that gadgets (in windows 7 and Vista) are unsafe
I am trying to ignore the “fingernails on blackboard” sensation in my head at seeing the word “advisory” used as a noun instead of an adjective (I get the same sensation when the noun “leverage” is used as a verb).
The headline reads “Vulnerabilities in Gadgets Could Allow Remote Code Execution”. (source). If you are running a Mac or Windows XP computer then you can allow yourself a smirk as you are not affected. If you are running Windows Vista or Windows 7 then you could be vulnerable.
What are gadgets? They are the small “one trick ponies” that can sit on your computer’s desktop and perform a single function such as giving weather forecasts, news tickers, a clock, currency exchange rates etc (see pictures). They arrived as part of Windows Vista, and were the successors to the failure that was “active desktop” in Windows XP. Running under Vista, they were confined to an area of the desktop called the “sidebar”. When Windows 7 came along they were allowed to just sit anywhere on the desktop. I would estimate that about half of my own computer support clients use them – especially the weather gadget and the currency exchange one.
What’s the problem? Until this month there was no apparent problem. But now, in Microsoft’s own words, “Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time. ” (Microsoft Security Advisory 2719662).
What’s the solution? Microsoft have issued a “fix it” (available here). Just click on the link (or logo above the link) that relates to “Fix It 50906″. At the time of writing there is a mistake on the Microsoft page as it shows the heading “Enable” above the Fix It that actually disables.
Microsoft used to supply lots of free gadgets, but their web page now says “the Windows website no longer hosts the gadgets gallery”. This is almost certainly because the forthcoming Windows 8 (due for final release in the autumn) will have its own “metro” interface that aims to compete with Apple and Android “apps”. This will make the “gadgets” of Windows Vista and Windows 7 redundant. That’s fair enough, but is it too very cynical of me to wonder if it’s more than coincidental that Microsoft have only now (July 10th, actually) issued their “security advisory”? Would it be too very cynical to suggest that there may be a connection between them saying that something old (that they’ve been supplying and supporting for about four years) should suddenly become unsafe just a week or two after announcing the launch date of the product that includes its successor?
Cynicism aside, where does that leave us? Would it be good advice to suggest disabling the gadgets? I’ve tried to research this, but all I’ve found so far is half a dozen sites that report the facts of Microsoft’s actions but don’t offer opinions or advice. There is some more information from Microsoft (available here) that you might like to read.
Anyway, if I want amusing little toys I’ll put apps onto my iPhone or Sony tablet and leave the Windows computers for “proper stuff”.