Quote:
Originally Posted by pip08456
Opening a gadget is as dangerous as it is to run an .exe file. But this is not a security hole. If an attacker wanted to access your computer, he'd need to convince you to open his prepared .gadget file. As long as you trust the source of the gadgets you install and you use anti-virus software you should be safe.
Quote from Microsofts official statement to this: "How could an attacker exploit the vulnerability? An attacker would have to convince a user to install and enable a vulnerable Gadget."
sourcehttps://technet.microsoft.com/librar...or=-2147217396
|
On a technical level, it may not be any more of a security hole than EXE files, but bear in mind a lot of gadgets are HTML and Javascript based, so are vulnerable to any security holes in the underlying browser. If they retrieve some of that HTML or Javascript from a remote website, that is also a security hole.
Finally, there is the problem of perception. People may perceive gadgets as safe, as they generally only display some information, and have limited functionality otherwise. The computer industry has also spent a lot of time educating people not to open Exe files from unknown sources, while largely ignoring other forms of executables (such as gadgets).
Not that the education, even for Exe files, has been entirely successful. I've still seen many computers where someone has tried to watch a dodgy streaming movie, been told they need to download a plug in to view it, then stupidly downloaded and run the plug in from the link the message gives them.