UAC, the "dark screen", and secure keyboard input

[VirtualLarry]

If UAC has a "secure desktop", then why doesn't MS add "secure desktop keyboard input" features to programs. That way, when you are entering a password, other apps on teh system (like keyloggers) won't be able to steal your keystrokes.

 

[daishi5]

If UAC has a "secure desktop", then why doesn't MS add "secure desktop keyboard input" features to programs. That way, when you are entering a password, other apps on teh system (like keyloggers) won't be able to steal your keystrokes.

Two reasons that I can think of legal, and security. If a program has A. access to secure input mode, and B. freedom to control how the boxes are displayed, they could make a program that looks exactly like another program to trick the user into giving up their credential information. Or, they could launch their "bad app" and user their bad app to launch your good app and, to my knowledge, that means they could then keylog the good app because they would be the parent of the app. The other problem is that is microsoft has this real problem of being a monopoly, and that restricts the control they have of this feature. If programs can use it, I think they have to document how to use it, which gives it to the malware writers. There may be other reasons as well, but I think it is appropriate to have somethings that are "core OS only" to help protect users from less honest programmers out there.

 

[Gamingphreek]

If UAC has a "secure desktop", then why doesn't MS add "secure desktop keyboard input" features to programs. That way, when you are entering a password, other apps on teh system (like keyloggers) won't be able to steal your keystrokes.

Well, technically they do this in one case. If you enable CTRL+ALT+DEL Login, then you are sending a HLT command to all running applications, thus, essentially, creating a secure desktop.

Why more apps don't have a feature similar to this? - I don't know.

-Kevin

 

[WelshBloke]

Does the on screen keyboard not do this?