This article documents the Windows Sidebar Protection update that was made to the Windows Sidebar for Windows Vista. The update was made to allow for the Windows Sidebar to perform the following actions:
Generate unique identifiers for all gadgets that run in the Windows Sidebar
Receive a list of known vulnerable gadgets from Microsoft by using Windows Update
Stop a gadget from running in the Windows Sidebar if the gadget has been determined to be vulnerable
Stop a gadget from being installed if the gadget has been determined to be vulnerable
The list of known vulnerable gadgets is released by Microsoft on the Windows Update Web page in the Windows Sidebar Protection update. The update prevents vulnerable gadgets from being installed or from running if the gadget is already installed.
For more information about the latest service pack for Windows Vista, click the following article number to view the article in the Microsoft Knowledge Base:
935791 How to obtain the latest Windows Vista service pack
User experience when a gadget is installed that has the Windows Sidebar Protection update applied
Previously, when a user tried to install a gadget from the Web, the user would see one of the following dialog boxes, depending on whether the gadget's publisher was identifiable:
Figure 1 Sidebar installation dialog box for gadgets that have unknown publishers
Figure 2 Sidebar installation dialog box for gadgets that have known publishers
After the update is installed, when a user tries to install a vulnerable gadget from the Web, and the gadget is blocked by Windows Sidebar Protection, the user will also see the following dialog box:
Figure 3 A gadget that has been blocked
This dialog box informs the user that the gadget has been blocked because it is a security risk to the computer.
The "More information" section of the Windows Sidebar Security dialog box
The More information section of the Windows Sidebar Security dialog box contains the following fields:
More information Provides a link to this Microsoft Knowledge Base (KB) article
Support Provides a link to a KB article that identifies where to obtain the updated (secure) gadget
User experience when a running gadget has the Windows Sidebar Protection update applied
If the gadget is running, Windows Sidebar Protection stops the gadget. Additionally, Windows Sidebar Protection prevents the gadget from running again. When the gadget is blocked, a dialog box appears to inform the user. If the gadget is not running when the Windows Sidebar Protection update is installed, the gadget is prevented from running again.
Figure 4 Dialog box that appears when a running gadget is blocked
When a gadget is blocked during installation or blocked from running, the user is notified that the gadget can no longer be run in the following Gadget Gallery dialog box:
Figure 5 Gadget Gallery that displays the blocked gadget
The gadget icon in the Gadget Gallery is unavailable. This unavailable (dimmed) icon is located in the place where the gadget's icon previously existed.
If the user hovers the mouse pointer over the gadget icon, a tooltip is displayed that describes that the gadget is a security risk.
The dimmed icons cannot be dragged.
If the user clicks the gadget icon one or more times, the following events occur:
The details section of the Gadget Gallery is expanded if it is currently collapsed.
The same tooltip is displayed prominently in the Gadget Gallery's details area. The tooltip describes that the gadget is a security risk.
The gadget's name and the Windows Vista security risk icon appear in the Gadget Gallery, as shown in Figure 5.
For more information about the Windows Sidebar Protection update, click the following article number to view the article in the Microsoft Knowledge Base:
943411 Microsoft Security Advisory: Update to improve Windows Sidebar Protection