RE: [Full-disclosure] Next generation malware: Windows Vista's gadget API
>
> Firstly, "the sky isn't falling, the risks posed by the gadget API
> already
> existed elsewhere in Windows generally, but this is another new attack
> surface without any legacy dependencies". This is my general view on
> the
> gadget API.
>
Yahoo widgets.
> Finally, why on earth does the trust model for gadgets consist of full
> trust
> and nothing more. Why not allow gadgets to state in their manifest
> that for
> example they don't need to execute things, won't make use of ActiveX
> controls
> and will only connect to a specific host?
>
Or have the OS force a restrained environment for them to run within.
The usability and convenience offered by them isn't worth the opportunities
they proffer.