Promise me you are not going to try the following command: rm -R ~/
What will it do? Well, normally, it will dutifully and silently wipe out your entire home directory. That is bad, very bad. All your files will be lost, gone poof in a UNIX massacre that no self respecting cable channel would show before all kids are safely put to bed. However, would you expect Mac OS X to refuse to execute that command? No, certainly not: after all, you issued it and it is your responsibility to know what you do. Start, for a second, imagining that your computer asks you every minute or two for confirmation on your every gesture and you will see why one of the fundamental assumptions in computing is that you know what you do.
Let’s get this one step further. Let’s say I am doing my best to tempt you and entice you to download a new, super sleek application that will keep you updated on the status of your laundry and your baked potatoes — while my competitors still cannot check both the oven and the washing machine simultaneously. You obviously don’t know me and cannot be sure of my intentions. After all, maybe all my application does is wipe your home directory and play a little gloomy music… But let’s say you go ahead, download it and run it anyway… What would you expect to happen? Should Mac OS X display a very long alert dialog telling you that, yes, maybe there is no way for an application to talk with your non-bluetooth enabled washing machine and that this might just be an elaborate hoax or would you just expect it to run it?
The same thing happens with Dashboard widgets. Widgets, although they are web based and “are as easy to develop as web pages”, can do some pretty serious things, as shown by the Apple-provided ones but, more importantly, by the documentation published on the ADC website. A widget is an application and, therefore, running a widget from a non-trusted source means taking a risk — a real risk.
Of course, just like there are safeguards in Mac OS X (an application cannot gain root privileges without your expressly granting them, for example), there are safeguards in Dashboard but, ultimately, Mac OS X (like all operating systems) has no way to know what is good and what isn’t, as long as an application that you run affects only your files. So far, there isn’t anything new.
What is new in Dashboard, however is the heavy marketing that has been launched around it, potentially misleading users and creating a favorable ground for Dashboard-based social engineering. While I do admire some of the ideas that pop up at Apple’s marketing department, I have to deplore the lack of communication that seems to sometimes happen between engineers and marketers. If both teams could interact just a bit more, I dare not imagine how successful Apple would be!
Certainly, in a quest to make things easy for the user, Apple did implement some auto-install features for widgets and forgot to provide an obvious way to un-install them. However, in no circumstance (that I am aware of, at least), does Apple auto-launch a widget, meaning that a user still needs to click on it to open it.
In a nutshell, there is no need to lose sleep over Dashboard. It is a powerful feature and, like most powerful features, it comes with a responsibility for the user — remember what Terminal now tells you when you sudo for the first time! While I agree that Apple could further improve the warnings that are already in place, saying there is a “security hole” in Mac OS X today is a bit of an exaggeration.