Designed to block insecure gadgets

Jan 9, 2008 12:00 GMT  ·  By

Windows Vista, both the 32- and 64-bit editions, brought to the table an entirely new component compared to Windows XP: the Windows Sidebar. As any addition to the operating system, the Windows Sidebar also raised security concerns, by literally providing attackers with a fresh avenue for exploits. However, since the debut of Microsoft's latest Windows client, the Windows Vista Sidebar has failed to come under the focus of the threat environment. But, this does not mean that the possibility of future exploits is excluded.

"The Windows Sidebar is a lockable panel on the Windows Vista desktop, similar to the Microsoft Windows Taskbar, that is able to host and manage mini-applications known as 'gadgets'. A gadget is an HTML and script-based application designed to present the user with a limited set of information or functionality obtained from other applications, controls, or Web sites and services. Gadgets, although hosted by the Sidebar, are not confined to the Sidebar area; the user can undock and move them onto the desktop as desired", Microsoft informed.

The real security issue with the Windows Sidebar in Vista is not the actual component itself. The fact of the matter is that the Sidebar is designed to integrate third party applications. The Redmond company has virtually opened up the Sidebar to outside developers, instead of providing the content itself. The security issues raised here involve not Microsoft's own code, but that of the mini-programs built for the sidebar.

On January 8th, 2008, the Redmond company issued an update, set up to improve the protection level of the Sidebar. Following the implementation of the refresh, the Sidebar will be able to block insecure gadgets from running. "An update is available for currently supported editions of the Windows Vista operating system. The update to improve Windows Sidebar Protection enables Windows Sidebar to help block gadgets from running in Sidebar", reads a fragment of the overview of the update.