Submission + - Warning: Vista gadgets a potential malware vector
Torodung writes: This in, from the Microsoft Technet Flash newsletter:
A final security note: If you are running Windows Vista Sidebar Gadgets, they are subject to cross-site scripting style bugs. These bugs are extremely serious because script in the Sidebar is capable of running arbitrary code in the context of the locally logged-on user. This article outlines some of the secure programming best practices that should be considered when building Windows Vista Sidebar Gadgets. Check out Inspect Your Gadget for some of the secure programming best practices that should be considered when building Windows Vista Sidebar Gadgets.
In summary, badly coded Gadgets are a potential spyware/malware vector in the Windows operating system, as ActiveX and BHO's were previously, and Gadget input needs to be scrubbed for the same URI problems that Firefox recently fixed in v2.0.0.6, amongst other pitfalls. If you use Vista, you need to keep a careful eye on your Gadgets, and if you code a Gadget, the linked article gives some "best practices" to avoid becoming part of the problem.