Mac OS X 10.4.7 Phones Home

The difference about software update and the auto-update features of almost every other app out there is they have a handy little check box that says something like "Automatically check for updates". The difference is, or appears to be, that apple hasn't given the user the ability (via a user-friendly front end) to say, "No thanks!". I am an apple fanboy through-and-through but you have to be realistic. Microsoft was just bashed for doing something very much like this and I don't think Apple should get of any easier.

Dashboardadvisoryd is located
/System/Library/CoreServices/Dock.app/Contents/Resources/dashboardadvisoryd
if you want to disable it in little snitch. And again, I don't care that it doesn't send personal data. I just hate the idea that my computer is doing something without me ever requesting... or even worse ever knowing about it doing. So screw apple and their stupid dashboardadvisory daemon.

I haven't encountered this yet, but it must be because of the fact that I don't use Dashboard. I doubt it's activated when the user doesn't use Dashboard.

And it's not like Dashboard is worth my time, anyway...

I have no objections to Apple making sure I don't have anything malicious on my Mac :)

However it may have been an idea to mention this in the update.

There is really nothing to get excited about here. I've looked at the traffic on the wire, and dashboardadvisoryd is just making a simple GET request in each case. It's not sending Apple any data whatsoever. This is no more inimical than your Mac periodically checking for software updates.

Here's the sum total content of the data sent to Apple:

GET /widgets/widgetadvisory HTTP/1.1
User-Agent: CFNetwork/4.0
Connection: close
Host: www.apple.com

(apple response)

GET /widgets/parser.info HTTP/1.1
User-Agent: CFNetwork/4.0
Connection: close
Host: www.apple.com

Not very exciting, is it?

Now the *response* from Apple is a little more interesting in that it appears to contain some SQL commands:

(this is in response to the widgets/widgetadvisory request)

HTTP/1.1 200 OK
Age: 1459
X-Cache-TTL: 84941
Accept-Ranges: bytes
Date: Wed, 05 Jul 2006 05:31:15 GMT
Content-Length: 2095
Content-Type: text/plain
Expires: Thu, 06 Jul 2006 05:31:15 GMT
Cache-Control: max-age=86400
Server: Apache/1.3.33 (Darwin) PHP/4.3.10
Last-Modified: Thu, 08 Jun 2006 22:08:55 GMT
ETag: "82f-44889ff7"
X-Cached-Time: Mon, 03 Jul 2006 22:08:14 GMT


----- BEGIN SIGNATURE -----
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEOi+qBbNkDp0nAQAAAAAAAAAAAAAuAAAAAAAAACYAAAAAAAAAAABIOEHzTnY9yhcFfWh/8KSqN7WlRXUAAAAAAACgggO2MIIDsjCCApqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUQXBwbGUgQ29tcHV0ZXIsIEluYy4xEjAQBgNVBAsTCURhc2hib2FyZDEeMBwGA1UEAxMVRGFzaGJvYXJkIEFkdmlzb3J5IENBMB4XDTA2MDUxNzE4MDkxN1oXDTM2MDQyOTE4MDkxN1owXTELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMRIwEAYDVQQLEwlEYXNoYm9hcmQxGzAZBgNVBAMTEkRhc2hib2FyZCBBZHZpc29yeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJkOc7PdgTrpeDvBwZ59e7CDdWiTauUxSDwm8SA4JgrQ+Gwj7c/T1KgJI57F8Eq8fju+Ckq0/p+uVLUQJ2beCYPydyKJpH5Je5g9iB9iUUoO8uamSloFOJMFOYOPn8kPKjtKvYEs2NSf8+LK+S8tOTO0ng8jfPmcTDpiTVFh3rmukoypZJ722iBXJS5MOjXwGeMd8eib3mbPrHi4kFhQzuG48d7f7LrPdQ+mIfMk69yAymGtyQf7Uubi8wXGgKxUBXkS3EE8l8Pd6mybz5Yz/42RPfEG2FrinaggJE/TaW4Kb9Di5S4jt/j8csA+6YYMR7GxGuC/hoo+gHimG+kD1UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgeAMA8GA1UdEwEB/wQFMAMCAQAwFQYDVR0lBA4wDAYKKoZIhvd
ZAQBBDAdBgNVHQ4EFgQUlxwKOog1HQ1DbOELsmm3KEMOVuYwHwYDVR0jBBgwFoAUSr8UjJUmkWRrNzi
PFKtr9B5FN4wDQYJKoZIhvcNAQEFBQADggEBAHOofvRSyOEIXgYsaWZDIBFdV61hZ3CTkdTD9rq6DnECW/gwhTcLZHuAG/MfWJeake+jKUGPTNnVIcRczCqOXoqlLgoKwAzzg+DOqsa5UpEqvL3lrhELbBcj+c0cg1Pbng4w+VIpQgE0t29umqV4TXH/jkBygQrl0IsQoDKsW1HxAAMjrm1xF7Z6RYXpIi5QNw26768puZu+BUWj12vE89Z5GqXigvnet+M83jgiRvBYMQrlDnuITZ3ZPtlKowIqGvqYMJ4gUXJR//1Pd/oMKJv0GHQZtm6E4KXxpbpqZytNV2S1xxYvzjvsd+Txe04GzSZPMDvZ8JtcZPuG6pmyaLYxggGMMIIBiAIBATBlMGAxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBcHBsZSBDb21wdXRlciwgSW5jLjESMBAGA1UECxMJRGFzaGJvYXJkMR4wHAYDVQQDExVEYXNoYm9hcmQgQWR2aXNvcnkgQ0ECAQIwCQYFKw4DAhoFADANBgkqhkiG9w0BAQEFAASCAQCwtBTzu2nqG44g13ihSNGgyYVhDdIknwGCkJeGR1brO8X/TQskasXeqLsUFjtMtZyDKcFiMPq7BCfaM/SkwCi8lCmCrYxQVccBIQt19sHpQFj/+u2C0KI7603jgbOCN8rgvojmvCPVYkc13/bM5vwl7Oxtu5fgnmCqwSk5lkZJl4AJT0Ju9kBXY7dnRGgb5mCkCJCdU5CW5FQ4wlguARLmir6wR3f8n6xRTyYru2OlJJZwEr0ayqrEKBHgXY3+BYcpN+P3MPmpCoS83vNcYzItHbNmh9v6Ln7uUR3H2l5lFshqK2p3pgqXBYBTmv03uAp2L2pF0J6MdBirohWiqq31AAAAAAAA
----- END SIGNATURE -----
BEGIN;
INSERT OR REPLACE INTO meta VALUES ('serial-number', 1);
COMMIT;

So that makes me kind of wonder if someone spoofing apple.com couldn't do some SQL injection here, but since Apple is signing the file it should be easy to detect and there is probably a mechanism in place to prevent this.

All in all, nothing to get your knickers in a twist over.

I actually saw that one pop up today. I thought it was part of some widget checking for an update ... not Dashboard / Apple phoning home.

I believe my work just has the dashboard totally disabled. Though, it could just be obscured, as they've done (poorly) with the iTunes store.

Damien,

It downloads a list-of-known-nasty-widgets. No information about your system is transmitted (other than your IP address, obviously).

> I have no choice now but to disable Dashboard on our lab and classroom
> computers until there's an easier way (other than using Little Snitch) to turn
> off this phoning home feature.

Hm... if your stated policy is to uninstall and turn off anything that might cause network traffic, you better turn off everything that uses X509 certificate logic, including all SSL in Safari and Mail (and iChat and... well, most places). Any of these can reach out and download CRLs and/or OCSP responses while evaluating certificate validity. Which is, in the big picture, pretty much what the widget "advisory" list is - a revocation list for widgets.

And yes, I know of what I speak. Email if you want to discuss.

Cheers
-- perry

I think that all people are asking for is a simple preference to turn it off or on. It's no different than auto update or network time. I'm sure Apple will improve this feature in a future update.

dashboardadvisoryd periodically downloads this file:
http://www.apple.com/widgets/widgetadvisory

This file contains signatures of known malicious dashboard widgets. dashboardadvisoryd checks if you have any of these malicious widgets, and if so runs widgetadvisory.app (in /System/Library/CoreServices/Dock.app/Contents/Resources) which prompts you to remove the malicious widget from your system.

dashboardadvisoryd uses a simple HTTP GET to download the widget signatures and does not contain any identifiable information about you or your computer, other than your IP address. Besides, Apple already knows everything about you and your system through Software Update; it doesn't need to use dashboardadvisoryd for that purpose.

If you don't want Dashboard to periodically check for malicious widgets then you should disable dashboardadvisoryd.