Stroller, wasn't it remiss of you not to warn us in your original email that viewing this web page will install software without your concent??? I gotta ask! Coj Stroller <MacMonster at myrealbox.com> On May 9, 2005, at 8:55 pm, Matt Gregory wrote: > For newbies, like me, what kind of possible malware widgets could be > downloaded in 10.3.9? I thought what was being pointed out was a risk > in using dashboard, which is a 10.4 thing. I understand the "Open > safe files" vulnerability now and will turn it off as soon as I get > home, but I didn't think much of it because none of the "safe" file > types seemed like possible vulnerabilities... Try the link: <http://stephan.com/widgets/zaptastic/> The author describes & provides more than one sample widget which exploits this behaviour. They're all fairly benign & he describes how to remove them. "Ho, ho!" chortled the Macintosh users, "we'd never have to delve into a folder like ~/Library/Widgets/ or reboot our computers to disable a program." I'm pretty confident that Apple will fix this in 10.4.1 - these widgets show the sort of classic behaviour that malware has done on the PC for several years now: persistent referrals to a marketing webpage & pornographic images that are difficult (impossible for the uninitiated user) to get rid of. You probably *don't* want to run the Goatse.cx widget - it's not very pleasant. Human curiosity being what it is - I told you so. In some ways this isn't a Big Deal - it's easy to disable, Apple'll fix it soon, and there are unlikely to be many serious 'sploits taking advantage of it - but it's a great demonstration to those who say Macs are inherently more secure than PCs. Stroller.