The scary business of skins

Welcome to the chromed world. Have you ever noticed how much of our software can be dressed up in its party clothes for no reason other than we want it to look some way other than the way it was shipped? Does all of this chrome add to the usability of our PCs? Does it make our work better? The answer is usually “no.”

It all started with software that had a customizable user interface. In the beginning, you could select what entries you wanted on menus. Later you were given the power to choose what those menu entries could do using macros, and then you were handed the overwhelming vastness of Microsoft Corp. Visual Basic for Applications.

But over the past couple of years there has been an explosion of skinning-the ability to change the presentation of an application’s user interface. I have no idea what the first application was that allowed you to do this, but today there are hundreds.

That incredible triumph of freeware, Winamp, can be skinned. Then there’s the software version of Rocket eBook reader, NetZip, ICQ and scores of other programs-check out

, which offers almost 11,000 skins for a huge number of skinnable applications.

On top of skins are all the gadgets we add to our systems: things such as stock tickers that live in the system tray, clocks that float in menu bars and minibrowsers that display the latest news.

One of my favourite skinning tools and one of the most useless (in that you absolutely don’t need it) is Hotbar (

, which dresses up the menu and toolbar of Internet Explorer with a background graphic. offers more than 25,000 skins.

I must digress here to note that much of the on-line advertising that I have seen for Hotbar has focused on skins that feature scantily clad young ladies. As always, sex sells or, as in this case, perhaps skin sells skins.

On a side note to my side note: Apparently in Japan, using the latest Wireless Application Protocol-enabled telephones, you can view extremely tiny, grainy pictures of naked Japanese ladies pulled from WAP-enabled porno sites. Some pundits conclude that when a medium is used for pornography, it is bound to take off . . . for example, think of videotape and the Internet. Go figure.

In short, we’re adding chrome and gadgets to our PCs at an incredible rate, and our appetites are nowhere near satiated. Indeed, if the skinning and gadgeting bug has bitten you, I’ll bet you’d jump at any neat-looking software gewgaw that came your way.

But what interests me is how unsafe these toys could be. Do you think any chrome toy dealers have exhaustively tested their products for buffer overrun conditions and other back doors? Imagine a skin that is just a little bigger than standard, and so overruns a buffer, and where the excess is code that overwrites the skinning system’s code with something such as the dreaded Back Orifice . . . it hardly bears thinking of.

Yet I would bet that in your organization your users have skins and gadgets in use that you have probably never seen. The implications are overwhelming-you can’t stop the practice of users putting chrome on their PCs, but the risks are potentially disastrous!

All you can do is have good defences to spot odd network and PC behaviour, a work force that knows enough about their PCs to spot odd activities, and hope that any problems with skins or gewgaws stay theoretical.

Gibbs is a contributing editor at Network World (US). He is at