Microsoft urges Windows Vista, 7 users to disable desktop gadgets

Matthew DeCarlo

Posts: 5,271   +104
Staff

In a security advisory Tuesday, Microsoft urged Windows Vista and 7 users to download a tool that disables the operating system's sidebar and gadgets. The company warned that insecure gadgets could be used to run arbitrary code on a computer, access its files or display objectionable content. In the event of arbitrary code execution, an attacker could take control of the affected system with the ability to install programs, view, change or delete data, or create new accounts with full user rights.

Unfortunately, Microsoft hasn't detailed the vulnerabilities, when (if?) they'll be addressed or whether systems are actively being exploited in the wild. Some have suggested the advisory is merely an attempt to prepare users for the rumored removal of gadgets in Windows 8. Computerworld offers a more plausible explanation, noting that researchers at the Black Hat security conference in Las Vegas on July 26 plan to outline "interesting attack vectors" for creating malicious Windows gadgets.

As mentioned, Microsoft offers a utility to disable gadgets, but you can also do this manually via Group Policy, which is available on Windows Vista Business, Enterprise and Ultimate as well as Windows 7 Professional, Enterprise and Ultimate. It seems Windows Starter, Home Basic or Home Premium users will simply have to use Microsoft's tool. To disable the sidebar/gadgets manually, open the Group Policy Editor by searching for gpedit.msc via the Start menu or Run, then:

  • Go to Computer Configuration > Administrative Templates > Windows Components > Windows Sidebar (Vista) or Desktop Gadgets (Windows 7)
  • Double click Turn off Windows Sidebar on Vista or Turn off desktop gadgets on Windows 7, select Enabled in the properties and click OK

Permalink to story.

 
Hm. That's kinda not cool. I like my gadgets.

Thanks for giving instructions how to do it in the article!
 
Umm, no. The few gadgets I do use are helpful to me. I'd sooner take the ones I have and lock them down so they can't do what I don't expect. Oh wait, I do that already.
 
I'd have to agree, most of the time they're in the back ground anyway, so there's not much use for them. Although on a 2nd monitor they are slightly more useful.
 
"Unfortunately, Microsoft hasn't detailed the vulnerabilities..."
Only unfortunate if you wanted to use them against someone. All the rest of care about is how to plug the hole.
 
Well Mike, I don't plan to hack anyone and I'd like to know where the hole is. The company wouldn't have to write a how-to on exploiting the flaw to tell you whereabouts it is in the software.

Basic information about vulnerabilities is commonly released by large companies -- Microsoft included. This time around, they merely said "omg, we have bugs... delete your gadgets!"

Judging by that presentation scheduled later this month, hackers already know about it anyway.
 
I would have preferred that they fix whatever needs fixing rather than getting rid of them. Besides, half of the ones are using come from MS themselves. Can't those be secure?
 
Dont know what I would do without my gpu observer and cpu monitor.

Im guessing that since these are the only gadgets I use and they are quite old they should be safe?
 
^Same with me, I use gadgets to monitor gpu, cpu, network, and disk usage, and I'd rather not get rid of them. They are quite old, so hopefully they're okay.
 
I would have preferred that they fix whatever needs fixing rather than getting rid of them. Besides, half of the ones are using come from MS themselves. Can't those be secure?

They're probably just playing it safe. I'd prefer the reaction to be 'There's a problem with your gadgets, here install this patch.'

Well Mike, I don't plan to hack anyone and I'd like to know where the hole is. The company wouldn't have to write a how-to on exploiting the flaw to tell you whereabouts it is in the software.
Yes, but often these hacks are the result of very creative tricks that aren't terribly difficult to pull off (for an experienced hacker), they're just very unique and haven't been thought of before. While it is interesting to know how they work, I understand why they don't give out the details until they have a fix.
 
I'm not saying they don't have valid reasons for withholding the information. Obviously I'm not privy to such knowledge. I'm just defending my stance that it's unfortunate. Many people -- myself included -- would like to know more about the hole, even if it's vague. And to be clear, they haven't released a patch. It's just a tool that disables the gadgets. Perhaps it'll be fixed in next month's Patch Tuesday, but again, no details there either.
 
Yes, the "there's a problem, let's disable it for now" solution is a non-solution. It's merely a work around that doesn't actually address the problem itself.

A more surgical approach should be taken.

Microsoft has already shown their disinterest in desktop gadgets anyway, so it wouldn't surprise me if they are satisfied with simply leaving the feature disabled and unsupported entirely, forever.
 
The only thing I run is a system monitoring gadget, I might simply download something to check from the tray but... I'm way too lazy
 
Or you could use your already trusted gadgets from a trusted source.

I'm also think it's a strategy to start stripping windows 7 from features.
 
@Ma_ga: Like they stripped out the picture resizer that was in xp or the red eye remover from vista in 7. Why is defrag so inferior now? Microsoft, why do you reinvent the wheel each release of windows, and especially of items we had 30 years ago in mainframes? All of that is public domain code.
 
No matter what, turn them off, there really useless and slow down your computer big time, especially during boot up

Press start / Type in "Windows Features" / Click on "Turn windows features on or off" / Uncheck "Windows gadget platform"/ Click Ok
 
So MS is crippling Win7 to get people to move to Win8 it would appear. I smell a class action coming. I paid for the features of Win7, do I get a rebate for having features removed? MS is heading in the wrong direction. BTW, I use dual monitors both at work and home, and I like my gadgets.
 
No matter what, turn them off, there really useless and slow down your computer big time, especially during boot up

Press start / Type in "Windows Features" / Click on "Turn windows features on or off" / Uncheck "Windows gadget platform"/ Click Ok

Buy and SSD :p
 
For those who really need any type of monitoring tool or tools on your desktop, hard drive stats, CPU usage, RAM usage, Network speeds, both up and down and a wide range of other various monitoring tools. I would strongly recommend switching from Windows Gadgets and Sidebar, to a program called Rainmeter. I've been using it for about 7-8 years now and is one of the corner stones to my custom desktops.

Rainmeter
http://rainmeter.net/cms/

For what ever reason your a little leery about using something that you do not know, the web site I'm guiding you to have excellent information about the product, and included a wonderful "how to" guide.
 
That's kind of ridiculous, I think they meant downloaded gadgets, because I mostly use the one of the cost of the US dollar and the one of memory-CPU usage (generally to see quickly the memory usage without opening Resource Monitor or Task Manager).
 
Back