Hey, Windows Vista lovers! Microsoft has some bad, or possibly good, news.
It's recommending that all users disable the Windows Sidebar and Gadgets — immediately.
"Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets," states a security advisory released July 10 by Microsoft. (Msnbc.com is a joint venture of Microsoft and NBCUniversal.)
"In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time."
Fidget, widget, gadget
Gadgets are those little mini-applications, resembling animated icons, that hang around the desktop to tell you the time, weather, news headlines and so on. (Other software makers, including Apple and Yahoo!, call them "widgets.")
Gadgets, and the Windows Sidebar they live in, first appeared in 2007 as a default setting in Vista. Many users hated them, complained that they took up too many computer resources and turned them off immediately.
Windows 7 has Gadgets built in as well, but they're turned off by default. Instead of being in a sidebar pinned to the right edge of the screen, Gadgets are in a floating window that can be placed anywhere on the desktop.
If you're running Windows 7 and really want to see them, right-click on your desktop and select "Gadgets."
But Microsoft now wishes you really wouldn't. Its security advisory points to a download page that contains a tool users can run to disable Gadgets and, in Vista, the Sidebar.
The page where Microsoft used to host additional Gadgets for download now states, "The Windows website no longer hosts the gadget gallery."
Pre-emptive execution
Graham Cluley of the British security firm Sophos thinks Microsoft's sudden decision to kill a five-year-old piece of software has to do with a presentation, entitled "We Have You by the Gadgets," scheduled for the Black Hat security conference later this month in Las Vegas.
"We will be talking about the Windows Gadget platform and what the nastiness that can be done with it," state the presenters in less-than-perfect English on the Black Hat website. "We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets."
Presumably, the presenters will demonstrate how easy it is to create Trojan-horse malware in the form of gadgets.
It's likely that the problem lies with third-party gadgets, not Microsoft's own, but Cluley found it noteworthy that Microsoft isn't even trying to fix the problem.
"Microsoft hasn't issued a security patch to fix the vulnerability," he wrote on Sophos' Naked Security blog. "They're suggesting you completely nuke your Windows Sidebar and Gadgets."
Gadgets have not yet appeared in the preview versions of Windows 8, due this fall, and likely never will.
- 10 Computer Threats You Didn't Know About
- Why Do Software Holes Take So Long to Fix?
- 10 Best Anti-Virus Products
Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.