Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [Full-disclosure] Next generation malware: Windows Vista's gadget API

From: "Strykar" <str () hackerzlair org>
Date: Mon, 17 Sep 2007 23:04:28 +0530

Firstly, "the sky isn't falling, the risks posed by the gadget API
already
existed elsewhere in Windows generally, but this is another new attack
surface without any legacy dependencies".  This is my general view on
the
gadget API.



Yahoo widgets.

 

Finally, why on earth does the trust model for gadgets consist of full
trust
and nothing more.  Why not allow gadgets to state in their manifest
that for
example they don't need to execute things, won't make use of ActiveX
controls
and will only connect to a specific host?



Or have the OS force a restrained environment for them to run within.
The usability and convenience offered by them isn't worth the opportunities
they proffer.
Previous By Date Next
Previous By Thread Next

Current thread: