Windows is regarded as an insecure system, but the biggest problem Windows has is that users are routinely tricked into running malicious code.<p> When I was implementing my SNL Widget, I ran across something disturbing in the JavaScript samples I was looking at: <p> <code> outString = widget.system("/usr/bin/uptime", null).outputString; </code> <p> When you see a shiny new widget on a website and you're thinking about downloading it, keep in mind that widget can execute any command on your system. Mac OS doesn't warn you that the widget has this power; it simply asks if you're sure you want to run it. <p> This seems incredibly ripe for abuse to me. I'm surprised that Apple didn't insist on requiring that widgets be signed, or run in a sandbox, or, well, something.. but instead, they've given every widget the ability to run shell commands.<p> Be careful out there.Thu, 01 Sep 2005 19:17:09 GMT