I love the Immutable Security Laws â€“ they strike a chord deep within me, and theyâ€™re a â€śgo toâ€ť resource every time I want to decide if Iâ€™m making a good security decision.
I also like my Windows Sidebar Gadgets. Not a whole lot of them, mind you, just one or two that Iâ€™ve written myself. And I canâ€™t say that Iâ€™ve gone very deep in developing them.
So Iâ€™m deeply conflicted when I see â€śMicrosoft Security Advisory (2719662) – Vulnerabilities in Gadgets Could Allow Remote Code Executionâ€ť â€“ this seems to be saying that because there are a number of vulnerabilities in common Sidebar Gadgets, you should disable Sidebar Gadgets completely.
But the descriptions I see of Sidebar Gadgets and their security suggest that these Gadgets are exactly like other executables, in terms of the protection you get when running them (essentially, none).
So, in essence, this boils down to â€śa class of executables that you can download and run are known to have vulnerabilities. So we are disabling that class of executables.â€ť And apparently, this isnâ€™t an architectural flaw in Sidebar Gadgets, because the wording indicates only that a lot of Gadgets have common vulnerabilities â€“ but not all of them.
Can you imagine if the same had been done for, say, Java? If all Java apps were disabled, not because of a flaw in Java, but because many Java developers had written poorly-secured code? What about other frameworks? C++? .NET? PHP?
Uh, yeah, OK, I can see it for PHP. Iâ€™m all for disabling PHP on the basis that [almost?] nobody seems able to reliably write secure code using it.
Obviously, Iâ€™m writing this from the perspective of someone who hasnâ€™t seen information on the sort of vulnerabilities being described, so itâ€™s entirely possible that thereâ€™s an actual architectural weakness that warrants disabling Gadgets completely. Iâ€™m just not reading that into whatâ€™s been said so far, and Iâ€™d like to think that weâ€™re capable of making security decisions on the basis of security truth, rather than some random measure of â€śdisable this framework, because itâ€™s not that important, and many of its developers are writing bad codeâ€ť.
Clearly I have to wait for the revelation at the BlackHat talk (Iâ€™m not going to BlackHat, but Iâ€™m on vacation right now â€“ in Vegas) to see what the threat actually is, but I will state up front that I am confused.