Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Kills Windows Gadgets Via Security Update

timothy posted more than 2 years ago | from the cutting-losses dept.

Microsoft 161

benfrog writes "Microsoft has taken the unusual step of killing the Windows Gadgets feature completely via a security update. According to an advisory issued Tuesday, an attacker could take over a user's system if they are logged in as admin and they install a vulnerable gadget. Microsoft has pulled the plug on its official Gadgets Gallery and is offering a Fix-it that completely disables the Windows Sidebar and Gadgets. Researchers Mickey Shkatov and Toby Kohlenberg are scheduled to give a presentation on the vulnerability at the upcoming Black Hat conference called We Have You By the Gadgets."

cancel ×

161 comments

Sorry! There are no comments related to the filter you selected.

Misinformed Title (5, Informative)

Mike Wag (2683017) | more than 2 years ago | (#40629457)

Slashdot's title gives the idea that Microsoft is using Windows Update to disable gadgets while in fact they are not. The article, however, is correct so this is just Slashdot trying to be sensationalist.

What Microsoft is giving is 'Fix It' executable on their website. These are entirely optional and are proactively downloaded and enabled by users. They also contain the full info of what they do.

As for the "vulnerability", well, duh. You download executable code, you might get pwnd. Even Chrome warns you that addons can pwn your system.

Re:Misinformed Title (3, Insightful)

ackthpt (218170) | more than 2 years ago | (#40629533)

Slashdot's title gives the idea that Microsoft is using Windows Update to disable gadgets while in fact they are not. The article, however, is correct so this is just Slashdot trying to be sensationalist.

What Microsoft is giving is 'Fix It' executable on their website. These are entirely optional and are proactively downloaded and enabled by users. They also contain the full info of what they do.

As for the "vulnerability", well, duh. You download executable code, you might get pwnd. Even Chrome warns you that addons can pwn your system.

Some of us are the beneficiaries of updates pushed out to us by IT departments where they take whatever Microsoft puts up, without much reading, because they don't know who they might step on.

But your point is well taken.

Re:Misinformed Title (5, Informative)

Sc4Freak (1479423) | more than 2 years ago | (#40629691)

This is a fix-it update, which doesn't appear through windows update and isn't pushed out through WSUS...

Re:Misinformed Title (5, Insightful)

Dog-Cow (21281) | more than 2 years ago | (#40630183)

And even if it was, it wouldn't matter. IT departments that push patches indiscriminately deserve any negative feedback they get.

Re:Misinformed Title (0)

Anonymous Coward | more than 2 years ago | (#40630863)

Some of us are the beneficiaries of updates pushed out to us by IT departments where they take whatever Microsoft puts up, without much reading, because they don't know who they might step on.

But your point is well taken.

Only on your work computer, which is owned by your employer anyway. That computer is, hopefully, distinct from your personal computer(s).

Re:Misinformed Title (-1, Troll)

GameboyRMH (1153867) | more than 2 years ago | (#40629621)

An MS shill provides useful information for once. How's your wife Jenny [slashdot.org] BTW?

Re:Misinformed Title (1)

Anonymous Coward | more than 2 years ago | (#40630149)

I know you were modded "Troll", but I just looked at your link and there is a Mike Wag and a Jenny Wag whose userids are only 2 away from each other (2683017 and 2683019). And their comment history shows them commenting only in this thread and saying almost exactly the same thing. Looks fishy to me.

Re:Misinformed Title (0)

Jesus_C_of_Nazareth (2629713) | more than 2 years ago | (#40630313)

People pretending do be who they are not is pretty annoying. I won't send the to Hell, but certainly they won't be getting top shelf liquor in Heaven. Good news though. You're getting the good stuff!
JC

Re:Misinformed Title (4, Funny)

rodrigoandrade (713371) | more than 2 years ago | (#40630781)

I won't send the to Hell

Please do; I'm afraid I'll not be able to kill Diablo on my own this time.

Re:Misinformed Title (1)

Ossifer (703813) | more than 2 years ago | (#40630669)

Don't trust anyone with a seven-digit uid.

Re:Misinformed Title (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#40629655)

I'm no Microsoft fan; but this sort of thing is common enough(especially among what I imagine Slashdot's readership to be), that I'd expect better.

For better or for worse, MS is eyeballs-deep in the corporate market, which generally doesn't give a fuck about the cube drones' desire to have a shiny clock wasting 50 pixels on whatever screen was cheap from Dell 3 years ago; but does care about getting 0wn3d.

For this reason, while they adopt a somewhat milder hand toward home users with autoupdate on, MS more or less continually offers fairly draconian 'apply this to axe $EXPLOITABLE_FEATURE' packages to their IT minions in the corporate world.

Re:Misinformed Title (4, Insightful)

racermd (314140) | more than 2 years ago | (#40630899)

As a former enterprise-grade desktop support staffer (i.e.: one level up from the front-line call-takers), I know there have always been ways to disable the Windows Gadget platform. If not through GPO, at least through most other alternative rights-management schemes. Ultimately, it's as simple as removing the sidebar.exe file from the Program Files folder(s). Alternatively, an anti-malware utility (that's centrally managed, right?) can prevent the executable from starting.

This should not be news to any company large enough to have a (competent) IT staff. Anything that runs applets or other code locally is potentially vulnerable. Disabling the platform entirely is one of the most effective ways of preventing this sort of vulnerability from being any sort of problem on a large-ish network. As such, assuming they're competent, they've already disabled or restricted this functionality long before a formal vulnerability existed.

And, like you said, what IS sorta newsworthy is the subtext - that Microsoft is choosing to eliminate the Gadget platform altogether rather than patch it appropriately. Heading into Windows 8, I'm betting they didn't want to expend the resources necessary to do a proper repair job and, instead, focus developer time on Windows 8, Windows Server 2012, and optimizations on their new tablet platform.

Re:Misinformed Title (-1)

Anonymous Coward | more than 2 years ago | (#40629763)

Pwn? Really? We're still using "pwn"? I bet that gets lots of 'lolz'

Re:Misinformed Title (0)

Anonymous Coward | more than 2 years ago | (#40629941)

I think you'll find that the security community uses the term very actively (and no, by security community I don't mean the myg0t forums), so you're the only one being an ignorant child here.

Re:Misinformed Title (0)

Tarlus (1000874) | more than 2 years ago | (#40630425)

I bet that gets lots of 'lolz'

We call them "lulz" now.

Re:Misinformed Title (0)

datavirtue (1104259) | more than 2 years ago | (#40630685)

PWN is here to stay!

Re:Misinformed Title (3, Insightful)

jellomizer (103300) | more than 2 years ago | (#40630071)

But we want Microsoft to be EVIL and Blundering. As we giggle in glee of all of Microsoft Mistakes knowing these are mistakes of Pure Evil. While we use our own Pure OS, which by the nature of the fact that we chose to run it, is Good and infallible (unless it in some ways have been corrupted), but would be quickly purified by the forces of good. While the same problem by Microsoft is part of a devious plot to keep its corruption to an all time high.

Re: The gadget gallery is gone (1, Interesting)

PraiseBob (1923958) | more than 2 years ago | (#40630085)

The gadgets still work, but when I click on the "Get more gadgets online", it brings me to a webpage that says Microsoft doesn't host gadgets anymore because they are too busy making Windows 8.

Instead if gives me the really helpful advice to not download gadgets from untrusted sources. This strikes me as unusual, since I was hoping Microsoft would be a trusted source where I could get safe gadgets. Apparently they aren't interested in doing that.

Re: The gadget gallery is gone (2)

FearTheDonut (2665569) | more than 2 years ago | (#40630429)

It has been this way for some time - At least as of a few months ago. That message isn't related to what's happening now.

Re:Misinformed Title (1, Troll)

hairyfeet (841228) | more than 2 years ago | (#40630621)

Not only is it bullshit I'd say its just one more move to try to get people to move over to Win 8. I mean who DIDN'T KNOW that running an executable as admin is a BAD THING, hmm? Are MSFT honestly trying to get us to believe that they don't even have enough common sense to keep malware off their own damned site? if so their security team should be fucking ashamed of themselves!

Most of my users use gadgets and I will be telling them to simply ignore this, because they already have the gadgets they want. But I'm sure MSFT figured out that if you wanted your OS to be a tweeting twitting FB shitting social OS like Win 8 you could just use the gadgets in Win 7 so what do they do? Why lets get rid of the gadgets! Are you HONESTLY telling me you just NOW figured out gadgets run as admin from untrusted sites could be bad MSFT, really? because I find that frankly unbelievable.I know I won't be giving up MY gadgets and I seriously doubt any of my customers will either.

Just one more dick move by MSFT to get functionality that could compete with Win 8 out of Win 7. I have a feeling as the run up to Win 8 gathers steam we'll all have to watch like hawks for more "security updates" that tie a fucking boat anchor to Win 7 to try to make win 8 look better. If you are gonna spout horseshit MSFT, at least TRY to make it believable horseshit,mmmkay?

Re:Misinformed Title (2)

gorzek (647352) | more than 2 years ago | (#40630649)

Amazing how you figured that out within a minute of this being posted, yet the Slashdot "editors" apparently didn't even bother to check. These people get paid, don't they??

Wrong summary (5, Informative)

Jennifer Wag (2683019) | more than 2 years ago | (#40629467)

Microsoft Windows Update does not remove Windows Gadgets. To remove Windows Gadgets, you need to proceed to Microsoft website and download a Fix-It that can be then used to disable Windows Gadgets on your computer.

Re:Wrong summary (-1, Offtopic)

lister king of smeg (2481612) | more than 2 years ago | (#40629881)

here got thin link to the fixit. in fact it fixes a lot more than just that.

http://www.debian.org/CD/ [debian.org]

Re:Wrong summary (-1, Offtopic)

Dog-Cow (21281) | more than 2 years ago | (#40630209)

The parent is not offtopic. Rather, he is a troll who deserves to have his bridge collapsed on his head.

Re:Wrong summary (0)

Dishevel (1105119) | more than 2 years ago | (#40630793)

Seriously?
You were completely unable to find in humor in the GPs link?
Although it would have been more funny to post the real "Fix-It" link and the under that the Debian "Fixed-It" link.

What? (5, Insightful)

trifish (826353) | more than 2 years ago | (#40629499)

An attacker could take over a user's system if they are logged in as admin and they install a vulnerable gadget.

I always thought that if an attacker is logged in as admin, he owns the system already.

Why do they talk about a specific attack? There are zillions of them if you have admin rights.

Re:What? (0)

Mike Wag (2683017) | more than 2 years ago | (#40629515)

On top of that even Chrome/Firefox addons could be used to pwn the system. Who would have thought that Gadgets have code? Well, duh.

Re:What? (1)

afidel (530433) | more than 2 years ago | (#40630405)

Not on Vista/7/8, on modern Windows Chrome runs as a low integrity processes so there's no ownage unless there's another unpatched privileged escalation attack (which would have to work just as well against any normal user). Firefox addons are a bit vulnerable since Firefox runs as a medium security process but it still doesn't have your admin token.

Re:What? (1)

Sir_Sri (199544) | more than 2 years ago | (#40629553)

If the user is running as admin, which on windows lots of users (probably the vast majority of home users) then being able to gain remote control of the system is problematic at best.

It's unfortunate, because I actually find some of the gadgets really handy (weather monitor, CPU monitor etc), but it's not worth getting your computer remotely seized for.

It's not like there aren't other ways to do just about everything gadgets do anyway, it's just a poor mans live tile for small bits of info that are handy on the desktop.

Re:What? (1)

Mike Wag (2683017) | more than 2 years ago | (#40629581)

It's not remotely exploitable. Only if you install such gadget. You shouldn't be installign rand om softww wer anyways.

Re:What? (1)

gl4ss (559668) | more than 2 years ago | (#40629657)

It's not remotely exploitable. Only if you install such gadget. You shouldn't be installign rand om softww wer anyways.

that's even more stupid. if you as an admin install an program you can run it as admin? WHAT SHOCKING NEWS!!!!
will they be uninstalling windows explorer next?

is this their metro push plan? will they be uninstalling metro from win8 once it becomes known that if you install a malicious livetile program then that program can own you?

Re:What? (1)

Mike Wag (2683017) | more than 2 years ago | (#40629847)

They're not uninstalling anything, they're providing you a tool you can use to uninstall gadgets.

Re:What? (0)

Anonymous Coward | more than 2 years ago | (#40629569)

At first I though you were joking, but someone else posted the same thing, so...
I RTFA (advisory)-heh!
If the user is logged in as admin and installs a vulnerable gadget, then an attacker could take over the system.
Yeah, the use of pronouns (singular "they" and all) in TFS is ill-advised.

Re:What? (1)

Anonymous Coward | more than 2 years ago | (#40629639)

Did you know a thief could steal all of your valuables if they used a key to unlock your front door?

Re:What? (2)

dd1968 (1174479) | more than 2 years ago | (#40629675)

"Did you know a thief could steal all of your valuables if they used a key to unlock your front door?" And did you know that if you give the thief the key and tell the thief when you are going to be away from home you are more at risk?

Re:What? (1)

Anonymous Coward | more than 2 years ago | (#40629977)

Did you know a thief could steal all of your valuables if they used a key to unlock your front door?

And did you know that if you give the thief the key and tell the thief when you are going to be away from home you are more at risk?

Did you know that if you are actually at home on a hot date with the thief's mother when you said you'd be gone, and you've had the foresight to label a large bottle of deadly deadly poison as "EYE/BRAIN BLEACH" and leave it sitting in the front room, hilarity is essentially guaranteed?

Re:What? (1)

Anonymous Coward | more than 2 years ago | (#40630357)

Did you know a thief could steal all of your valuables if they used a key to unlock your front door?

And did you know that if you give the thief the key and tell the thief when you are going to be away from home you are more at risk?

Did you know that if you are actually at home on a hot date with the thief's mother when you said you'd be gone, and you've had the foresight to label a large bottle of deadly deadly poison as "EYE/BRAIN BLEACH" and leave it sitting in the front room, hilarity is essentially guaranteed?

And did you know the front door we're all talking about is the front door of motor home? Because otherwise, this analogy is non-automotive.

Re:What? (0)

Anonymous Coward | more than 2 years ago | (#40629697)

Eh?

Re:What? (-1)

Anonymous Coward | more than 2 years ago | (#40629829)

Did you know a theif could steal all of you're valuable's if they used a key to unlock you're front door. BTFY

Re:What? (0)

Anonymous Coward | more than 2 years ago | (#40629687)

I always thought that if an attacker is logged in as admin, he owns the system already.

It's the USER logged as Admin, I think.

Re:What? (1)

0racle (667029) | more than 2 years ago | (#40629743)

"An attacker could take over a user's system if they (the user) are logged in as admin and they (the user) install a vulnerable gadget."

Clearer?

Re:What? (1)

jmorris42 (1458) | more than 2 years ago | (#40629955)

So? It still resolves down to misunderstanding exactly what is meant by 'admin'. Whoever has admin/root can do whatever they darned well want.... or at least until the DRM hammer falls. But because they don't want end users to understand that they are blowing smoke up everyone's butt and removing a feature most of us consider a waste of cycles and memory but some people actually like.

Re:What? (1)

omnichad (1198475) | more than 2 years ago | (#40630937)

Maybe it's bypassing UAC. The article was unclear.

Re:What? (1)

TheRealMindChild (743925) | more than 2 years ago | (#40630089)

Sidebar Gadgets seem benign, but they are for all intents and purposes an IE window, running in the local zone (by default can create any ActiveX object on the system), with no scripting restrictions. So someone with admin rights can essentially install something that is telling them the weather, but can be quite mean. It isn't an obvious vector.

Uh (2)

FrYGuY101 (770432) | more than 2 years ago | (#40629513)

an attacker could take over a user's system if they are logged in as admin and they install a vulnerable gadget

Am I missing something? Because if the attacker has root privs, you're pretty much screwed no matter what, gadget or no...

Re:Uh (4, Informative)

Dynamoo (527749) | more than 2 years ago | (#40629525)

The same goes for installing ANY application. This is a stupid knee-jerk reaction.

Re:Uh (-1, Troll)

Jennifer Wag (2683019) | more than 2 years ago | (#40629541)

The same goes for installing ANY application. This is a stupid knee-jerk reaction.

Uh oh, someone doesn't like Microsoft!

Re:Uh (-1, Troll)

Mike Wag (2683017) | more than 2 years ago | (#40629543)

The same goes for installing ANY application. This is a stupid knee-jerk reaction.

It's most likely a smear campaign from Google...

Re:Uh (4, Funny)

CowTipperGore (1081903) | more than 2 years ago | (#40629807)

Oh that's a rich. A Microsoft troll account accusing Google of smearing Microsoft. Good stuff!

Re:Uh (-1)

Anonymous Coward | more than 2 years ago | (#40630287)

Oh that's a rich. A Microsoft troll account accusing Google of smearing Microsoft. Good stuff!

Just wait. Soon an Apple Fanboi account will accuse the Sony Shills of making up the Microsoft Troll to accuse Google of smearing Microsoft. And then the Amiga Collective will awaken...

Re:Uh (0)

Anonymous Coward | more than 2 years ago | (#40630929)

Mike Wag.
I see what you did there.

Re:Uh (4, Informative)

Marc Madness (2205586) | more than 2 years ago | (#40629971)

The featured article explains with a much less confusing use of pronouns:

"An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user," company officials said in an advisory issued Tuesday. "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system."

Re:Uh (1)

postbigbang (761081) | more than 2 years ago | (#40630097)

Your peaceful informative explanation brings clarity here. What were you thinking?

Re:Uh (0)

Anonymous Coward | more than 2 years ago | (#40630699)

Isn't that true of any software installed by the user with admin rights?

Dr. Claw's response (5, Funny)

Megane (129182) | more than 2 years ago | (#40629555)

"I got you this time, Gadgets!"

Re:Dr. Claw's response (0)

Anonymous Coward | more than 2 years ago | (#40629659)

THAT EASY JUST send the BSOD code

So stupid... (-1, Troll)

ilsaloving (1534307) | more than 2 years ago | (#40629665)

Instead of fixing or tweaking Gadgets and the sidebar to work better, they just strip it out entirely. They've basically given you the choice between having a useful but flawed system, or nothing at all. I have a couple of extremely useful gadgets installed, and don't want to see them go away. Better yet, I'd like to see something like Apple's Dashboard, which you will sorta get with the new Windows 8 start screen, but it's still annoying.

I didn't realize that Microsoft has been poaching execs from Sony. At least they're not forcing it down people's throats like Sony does with their PS3 firmwares.

Re:So stupid... (0)

Anonymous Coward | more than 2 years ago | (#40629783)

Microsoft has created an OPTIONAL "Fix It" to strip it entirely. If you don't need it, YOU can remove it. And that reduces your attack surface area.

Re:So stupid... (1)

EvanED (569694) | more than 2 years ago | (#40630067)

And not only that, but it's supposedly temporary, presumably while they work on a better fix.

Re:So stupid... (0)

Anonymous Coward | more than 2 years ago | (#40630003)

So which kind of idiot are you anyway? The kind that doesn't pay attention long enough to realize that this has nothing to do with automatic updates, or the kind of idiot that installs every MS iFixit application without looking at what it does and therefore feels robbed of a Windows feature?

They don't go away unless you want them to go away (1)

westlake (615356) | more than 2 years ago | (#40630131)

I have a couple of extremely useful gadgets installed, and don't want to see them go away.

They don't go away unless you want them to go away.

You don't need the Fix-It Tool.

Search>Windows Features>Turn Windows Features On or Off>Windows Gadget Platform

In other news... (0)

Anonymous Coward | more than 2 years ago | (#40629741)

...Microsoft has discovered that a user may be tricked into installed malicious software via the world wide web that could be use to take over the machine and run with permissions of the user. As a result, they are issuing an emergency fix that will completely disable all web traffic... :)

bro (-1)

Anonymous Coward | more than 2 years ago | (#40629747)

i got hella smelly farts right now

Why remove? (1)

Picass0 (147474) | more than 2 years ago | (#40629803)

Couldn't MS simply patch their Gadgets engine so it won't run in an account with admin privileges? Maybe present the user with a popup "unable to run, you're an admin, you shouldn't do that on your daily driver account, etc..."

This way users who like widgets will have an incentive to make their Windows profile safer.

Carrot vs Stick. Sometimes the carrot is better.

Re:Why remove? (0)

Anonymous Coward | more than 2 years ago | (#40630171)

Or just create a system account for widgets and run all widgets under the unprivileged system account.

Re:Why remove? (1)

VMSBIGOT (933292) | more than 2 years ago | (#40630503)

I'm not really sure what the hell the article is talking about. Unless you have disabled UAC, Sidebar.exe is running always under an unprivileged account. Take a look using Process Explorer and you will see that the "administrators" group is denied to that process.

Hell, at least on Windows 8, you can't even try to run it as an administrator. It spawns an unprivileged child process to run it if you do.

And nothing of value was lost (0)

gman003 (1693318) | more than 2 years ago | (#40629809)

Disabling gadgets is one of the first things I do on any new Windows system. They're never useful, all they do is eat up CPU time or distract you with constantly-moving readouts. Hate those things.

Re:And nothing of value was lost (1)

Picass0 (147474) | more than 2 years ago | (#40629989)

>> "They're never useful"

You shouldn't speak in absolutes. For some people they are. There are widgets that make things simple for everyday people instead of power users. Eg - When you tell your grandma it's more secure to turn her WiFi off in certain situations, a desktop toggle widget makes this a lot easier.

When you think someone's machine is running a bit hot you might be inclined to put temperature monitors where the user can help you keep an eye on things.

Re:And nothing of value was lost (1)

gman003 (1693318) | more than 2 years ago | (#40630693)

You say absolutes; I say hyperbole.

Re:And nothing of value was lost (1)

the_bard17 (626642) | more than 2 years ago | (#40630943)

Absolute or hyperbole; regardless of the word used to describe it, I'd recommend finding a better term than "never useful". It makes you sound like a pretentious asswipe who can't think past his own needs, wants, and preferences.

Unless you are a pretentious asswipe; in which case, carry on.

Re:And nothing of value was lost (1)

Anonymous Coward | more than 2 years ago | (#40630005)

Well, I use some gadgets that are very useful, such as Drive Activity, TopProcess and Clipboarder (this one is a must have for me), I don't think there are alternatives for all of them. And no, they don't distract me in any way.

Re:And nothing of value was lost (0)

Anonymous Coward | more than 2 years ago | (#40630101)

They're never useful

Some guy over there said Slashdot is never useful. Does that mean you will follow your own logic consistently, and stop posting to Slashdot yourself?

Re:And nothing of value was lost (0)

Anonymous Coward | more than 2 years ago | (#40630135)

Hey, I post here and I know damn well this place hasn't been "useful", by any definition, for like ten years now.

Re:And nothing of value was lost (1)

DigiShaman (671371) | more than 2 years ago | (#40630169)

Actually, I liked Windows Gadgets. I still using many of the ones offers by http://addgadgets.com./ [addgadgets.com.] Specifically the CPU, Network, and GPU meters. Hands-down should be included in the official Windows 7 Gadgets list.

Re:And nothing of value was lost (0)

Anonymous Coward | more than 2 years ago | (#40630241)

all they do is eat up CPU time

If your system is discernibly affected by running desktop gadgets, either (A) you're running way too many gadgets; (B) your computer is pitiful... how did you even get it to load a gadget-enabled Windows OS?; or (C) it's not the gadgets, but the botnet trojan you don't realize you have.

or distract you with constantly-moving readouts

Many higher organisms have the ability to consciously suppress instinctive reactions like immediately attacking or fleeing a perceived threat or being easily distracted by predictable movement in their peripheral vision. If you aren't one of those, I commend you on your readiness for the cut-throat Darwinian world of raw survival after the collapse of civilization, but would recommend you seek professional help in regards to compatibility with the world as it exists now.

Sysinternals. (1)

westlake (615356) | more than 2 years ago | (#40630419)

They're never useful, all they do is eat up CPU time or distract you with constantly-moving readouts. Hate those things.

For fact checking:

Sysinternals > sidebar.exe > Properties

Performance
Performance Graph
GPU Graph

On my system the current load is 0% GPU and 1.5-2% CPU.

The CPU and GPU monitors, almost certainly.

I've been tracking system and GPU cooling in our summer heat waves.

Hey guys hey guys!! First post! (0)

hatersgonnahate (2682937) | more than 2 years ago | (#40629831)

Check it out, pplz!!! I've been trying for years and I _finally_ got my first first post. hehehe... I feel giddy. Love you all. <3

uh-oh (1)

roc97007 (608802) | more than 2 years ago | (#40629839)

In a previous job, middleware admins had a custom gadget that displayed status on a wide variety of web apps for which the department was responsible. Personally, I wouldn't have done it that way (you never know what Microsoft ...stuff... will hang around and what won't) but I wasn't consulted.

So it occurs to me that, if the Windows admin group pushes out this update, it'll take a mission critical tool offline. I will have to call a former co-worker and see how that goes. Since Windows admin is outsourced, it probably won't even occur to them to tell the user community that they're about to disable gadgets.

Re:uh-oh (0)

Anonymous Coward | more than 2 years ago | (#40630711)

Sounds like ya'll need a change management process.

Sigh (0, Troll)

AdmV0rl0n (98366) | more than 2 years ago | (#40629863)

Seriously has Sinofsky's mits written all over this.
They killed this in 8, and it just means they have bullshit justification by saying 'it was insecure'.

Yes, run as admin and download/run executable can own your machine. (For the past 30 years. Its not new. )
Nobody should be running as Admin. And partially even when you do the OS impedes this to some degree.

I suspect what is likely is that Gadgets may be flawed to a level where UAC and OS protection can't cover off enough, and its unhinged. But they should be promoting not running as Admin and not promoting running like XP and throwing sticky plasters at bad practice.

I don't really use gadgets often, and its always seemed fairly limited to the odd decent one. But I have to say its a very bullshit and garbage reason to kill a feature/API.

But then thats MS in 2012. Remove and restrict features, charge you for what was free before, and generally be a fucking bunch of dicks.

And Sinofsky, give me back my start button and menu, you c***.

Re:Sigh (5, Funny)

the eric conspiracy (20178) | more than 2 years ago | (#40629967)

> But then thats MS in 2012. Remove and restrict features, charge you for what was free before, and generally be a fucking bunch of dicks.

As Steve Ballmer said, we are not going to let Apple have any market unchallenged.

Re:Sigh (1)

datavirtue (1104259) | more than 2 years ago | (#40630845)

You don't need it. I've been using Windows 8 for less than a day and I do not miss the cluttered start menu--I've been using windows for 20 years. I use the Toolbar Address option to quick search on the desktop and it launches everything I need instantly. The new tiles interface is just a cleaner copy of the best android interfaces and it is welcome. Regular users are going to eat this up. I supplied my social network and Exchange accounts and it integrated all of them cleanly into the interface. It took me less time to learn the Windows 8 interface than it did to get comfortable with Windows7! From all of the /. comment as of late I thought for sure I was going to hate windows8, but there is nothing to hate. A cleaner, well designed interface for windows. I bought a Xoom with Android 3 some time ago and fell in love with the easy to use, clean interface and multitasking, Microsoft just took the best from that. After using the Xoom I knew I wanted the same interface on a desktop and it materialized. Best interface available, good stuff.

ironic (0)

spongman (182339) | more than 2 years ago | (#40630025)

Does anyone else find it ironic that Metro is little more than Gadgets running in a full-screen Start Menu.

Re:ironic (0)

Anonymous Coward | more than 2 years ago | (#40630593)

Does anyone else find it moronic that you apparently don't know the functional difference between a JavaScript app (Gadget) and a Metro app (Real executable.)

I want my money back (-1, Troll)

spongman (182339) | more than 2 years ago | (#40630079)

seriously. anyone up for a class-action suit?

Re:I want my money back (1)

Jeng (926980) | more than 2 years ago | (#40630833)

I'm sure you'll find lots of lawyers willing to help you, but to have a class-action lawsuit over this is beyond silly.

They couldn't have killed them YESTERDAY?? (2)

daboochmeister (914039) | more than 2 years ago | (#40630103)

I just spent an all-nighter figuring out why certain VMs wouldn't clone cleanly -- and it ended up being SideShow that was the root problem, preventing sysprep under the covers.

If only I'd known, "just be patient" would have been the best advice.

MS Windows is insecure? (-1, Troll)

YankDownUnder (872956) | more than 2 years ago | (#40630125)

OMG! How CAN this be !!??!!

For security reasons only? (2)

Black LED (1957016) | more than 2 years ago | (#40630163)

I use desktop gadgets in Windows 7 for system monitoring, application launcher, weather report and volume control and have come to rely upon them heavily. I won't be applying this patch, however I can't help but wonder if MS is sneakily trying to kill off gadgets partly to promote the Windows 8 tiles and start screen.

Re:For security reasons only? (1)

idontgno (624372) | more than 2 years ago | (#40630339)

That occurred to me too.

The threat statement comes down to "A program you download, install, and execute may secretly do bad things to your computer with the privileges and permissions of the user who is executing the program."

In the words of the Prophet, "Well, DUH!"

There is nothing distinctive to desktop gadgets in this. So the stated rationale has the whiff of bullshit that usually emanates from acts of Security Theatre.

And that always make me wonder about ulterior motives and what kind of bad faith that powerful aroma is intended to cover up. Your theory, as sketchy as it seems to be (to me), may be plausible (at least in the Byzantine thought processes of Microsoft Marketing... they're so used to FUD-kneecapping their market competitors that even when the competition is themselves, they can't help it.)

Re:For security reasons only? (0)

Anonymous Coward | more than 2 years ago | (#40630401)

Right... otherwise by their logic, if I am running as an admin and install a bad program... it will take over my system. This is not new. Poorly hidden marketing ploy.

Re:For security reasons only? (2)

JDG1980 (2438906) | more than 2 years ago | (#40630599)

I won't be applying this patch, however I can't help but wonder if MS is sneakily trying to kill off gadgets partly to promote the Windows 8 tiles and start screen.

Judging from the message they've posted on the closed Gadgets Gallery page [microsoft.com] , it certainly looks that way"

"Because we want to focus on the exciting possibilities of the newest version of Windows, the Windows website no longer hosts the gadget gallery."

Translation: nothing to see here, Windows 7 is yesterday's news, throw away your real PCs and embrace the tabletness of Windows 8!

Well, as always... (0)

Anonymous Coward | more than 2 years ago | (#40630199)

clear as MUD whenever M$ gets around to doing things.

They have an ENABLE and a DISABLE option in the FIX IT section but no explanation as to whether the ENABLE is a reference to the FIX or the GADGET! Does clicking on the enable button actually enable the fix [thus, disabling the gadget functionality] or does it enable the gadget functionality [thus, disabling the fix] again? Is it really that difficult to actually explain the whole of something anymore?

I use gadgets (0)

Anonymous Coward | more than 2 years ago | (#40630291)

I have 3 analog clocks set to different time zones, plus the weather and calander. I also use Microsoft's end of XP support countdown. Also Android still uses gadget like apps on the home screen and Macs have dashboard. I will probably have to go third party in the future but Microsoft has supported gadget like software since Windows 98's active desktop.

Fit-it (1)

ISoldat53 (977164) | more than 2 years ago | (#40630385)

So do I enable the Fix-it solution to disable the gadgets? Or do I disable the Fix-it solution to disable gadgets? Or do I disable the fix-it solution to enable the gadgets after I enable the Fix-it solution to disable gadgets?

why? (1)

Simulant (528590) | more than 2 years ago | (#40630481)

Can anyone explain how a Gadget is more dangerous than any other piece of software you might download and execute? Microsoft didn't.
I think they just want to get rid of Gadgets. They closed the shop months ago.

Windows 8 Metro has gadgets (0)

Anonymous Coward | more than 2 years ago | (#40630547)

Isn't Windows 8 Metro has those tile gadgets? Same threat?

tag: timothysucks (3)

Nimey (114278) | more than 2 years ago | (#40630595)

Looks like we're going to have to treat timothy like we treated kdawson until he shapes up.

News flash: Running malicious programs is bad! (1)

JDG1980 (2438906) | more than 2 years ago | (#40630675)

"An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user," company officials said in an advisory issued Tuesday. "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system." To be successful, they added, "An attacker would have to convince a user to install and enable a vulnerable Gadget."

In other words: Gadgets are just like any other kind of executable code – they run under the user's credentials and can do things the user doesn't necessarily expect.

Part of me (the paranoid part) thinks that this is a prelude to Windows eventually trying to close off all "untrusted" third-party code in newer versions of Windows, and eventually require everything to either go through the App Store or some sort of corporate app repository. They want to get rid of the desktop and general-purpose computing, they just don't think they can get away with it yet. This is a trial balloon and there has to be strong pushback against it.

You too can disable the gadget platform! (0)

Anonymous Coward | more than 2 years ago | (#40630807)

Assuming Win7, open an admin command prompt.

C:\> dism /online /disable-feature /featurename=WindowsGadgetPlatform

Also removable in the UI through "Programs and Features", "Turn Windows features on or off".

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>