Microsoft Kills Windows Gadgets Via Security Update

benfrog writes "Microsoft has taken the unusual step of killing the Windows Gadgets feature completely via a security update. According to an advisory issued Tuesday, an attacker could take over a user's system if they are logged in as admin and they install a vulnerable gadget. Microsoft has pulled the plug on its official Gadgets Gallery and is offering a Fix-it that completely disables the Windows Sidebar and Gadgets. Researchers Mickey Shkatov and Toby Kohlenberg are scheduled to give a presentation on the vulnerability at the upcoming Black Hat conference called We Have You By the Gadgets."

Sigh

[AdmV0rl0n]

Seriously has Sinofsky's mits written all over this.
They killed this in 8, and it just means they have bullshit justification by saying 'it was insecure'.

Yes, run as admin and download/run executable can own your machine. (For the past 30 years. Its not new. )
Nobody should be running as Admin. And partially even when you do the OS impedes this to some degree.

I suspect what is likely is that Gadgets may be flawed to a level where UAC and OS protection can't cover off enough, and its unhinged. But they should be promoting not running as Admin and not promoting running like XP and throwing sticky plasters at bad practice.

I don't really use gadgets often, and its always seemed fairly limited to the odd decent one. But I have to say its a very bullshit and garbage reason to kill a feature/API.

But then thats MS in 2012. Remove and restrict features, charge you for what was free before, and generally be a fucking bunch of dicks.

And Sinofsky, give me back my start button and menu, you c***.

Re:Misinformed Title

[hairyfeet]

Not only is it bullshit I'd say its just one more move to try to get people to move over to Win 8. I mean who DIDN'T KNOW that running an executable as admin is a BAD THING, hmm? Are MSFT honestly trying to get us to believe that they don't even have enough common sense to keep malware off their own damned site? if so their security team should be fucking ashamed of themselves!

Most of my users use gadgets and I will be telling them to simply ignore this, because they already have the gadgets they want. But I'm sure MSFT figured out that if you wanted your OS to be a tweeting twitting FB shitting social OS like Win 8 you could just use the gadgets in Win 7 so what do they do? Why lets get rid of the gadgets! Are you HONESTLY telling me you just NOW figured out gadgets run as admin from untrusted sites could be bad MSFT, really? because I find that frankly unbelievable.I know I won't be giving up MY gadgets and I seriously doubt any of my customers will either.

Just one more dick move by MSFT to get functionality that could compete with Win 8 out of Win 7. I have a feeling as the run up to Win 8 gathers steam we'll all have to watch like hawks for more "security updates" that tie a fucking boat anchor to Win 7 to try to make win 8 look better. If you are gonna spout horseshit MSFT, at least TRY to make it believable horseshit,mmmkay?

Re:Misinformed Title

[Trogre]

Especially when Microsoft keep having these frequent "accidents", such as pushing Skype and Silverlight (twice) as security updates over WSUS.