Char Jackson said:
Dave \"Crash\" Dummy said:
John Williamson wrote:
MowGreen wrote:
Microsoft Security Advisory (2719662) Vulnerabilities in Gadgets
Could Allow Remote Code Execution
https://technet.microsoft.com/en-us/security/advisory/2719662 [...]
Going back to XP's looking like a better idea all the time.
Going back to XP won't stop you from installing malware. The
vulnerability is to user installed, third party gadgets, not MS gadgets.
Neither XP nor Windows 7 are immune to idiots.
I mostly skimmed the article, but it sounded to me like the MS gadgets
were equally (or primarily, even) the subject of concern.
I don't have enough information on that to justify a personal opinion, but
the analyses I've seen of the issue suggest that the problem is primarily
the difficulty of producing secure gadgets and not the MS-supplied
gadgets. Most gadgets talk to the outside world, and (by definition) talk
to the user's desktop...meanging that malware - either deliberately
written into the gadget, or injected into it through a vulnerability -
could do all sorts of "interesting" things without the computer owner's
knowledge or consent.
I'll admit that there's some interesting speculation on why Microsoft
abruptly pulled the "Gallery" distribution web pages but with no public
explanation other than posting "we're changing our recommendation: kill
the gadgets!"
And I trust that many of the readers here have already noted the absence
of gadgets (or at least gadgets as we've come to know them) in Windows 8.
Joe
