Tiger security exploit?

Much ado about nothing. Hey, that would make a good title!

Breathless Windoze apologists will be touting this one all over the shop this week, so you should have the facts now. The hot news is that the "autoinstall" feature of the OSX Tiger Dashboard, combined with Safari 2.0, will allow web sites to remotely install widgets on your shiny new Tiger desktop. By Monday morning there will be gleeful cries of "the first OSX virus!" but this is pretty much a tempest in a smaller than average teapot.

First: You need to turn the autoinstall switch on in both the Dashboard preferences and the Safari preferences. Out of the box, both are set to OFF.

Second: You can remove a widget from the Dashboard, however, you must use a mysterious and arcane technique called "deleting a file". Sarcasm intended in full.

Third: The Cupertino gang is already on the job, and Tuesday's Software Update will patch your system to require your administrator authentication to be entered whenever any widget is installed either manually or with autoinstall.

Fourth: The mainstream media will probably pick up this story around Thursday. Four days late is about average. And the Globe and Mail should break the news sometime next week.

Posted: Sun - May 8, 2005 at 11:12 PM