By Dori Smith
A new Web page documents an issue with Mac OS X v10.4 Tiger’s new Dashboard feature that, left unchecked, could potentially be exploited by malware developers, according to the page’s author. The exploit is described and demonstrated on a page called Zaptastic: Blueprint for a widget of mass destruction. Going by the nom de plume of Stephan.com, the author has described how Safari 2.0’s default preference settings could lead users to unwittingly download and install a Dashboard widget.
There’s a common misconception that auto-install of widgets means that they’re automatically running, and that’s not the case. Just because a widget has downloaded and installed itself into your Widget Bar (aka Dashboard Bar) doesn’t mean that the widget is running. A widget that isn’t launched can’t do anything.
If you don’t want widgets to even auto-install into the Widget Bar, simply uncheck the open safe files after downloading preference in Safari. After that, downloads will stay in whatever downloads folder you’ve set in that same preference.
http://www.macworld.com/news/2005/05/09 ... /index.php
