←back to thread

How Dropbox Hacks Your Mac

(applehelpwriter.com)
1037 points 8bitben | 2 comments | 09 Sep 16 15:52 UTC | HN request time: 0s | source
Show context
gruez ◴[09 Sep 16 16:41 UTC] No.12463849[source]
The fact that any application can spoof the os password prompt makes me wonder why they don't have a prominent feature to show the prompt is from the OS. On windows there is the secure desktop with the dimming effect.
replies(6): >>12463913 #>>12463935 #>>12463946 #>>12464205 #>>12464261 #>>12465995 #
Vendan ◴[09 Sep 16 17:17 UTC] No.12464205[source]
Note that that is not what that "effect" is for. It's not, strictly speaking, even an actual "effect". Windows is creating and attaching another "desktop" to your screen, and putting the dialog there. The alternate "desktop", the "Secure Desktop", is inaccessible from any other software on the computer, so a piece of malware can't say "Ask for permission to do blah, then find the 'Allow' button and click it" The "dimming" is to make it clear that this dialog is completely modal, and you can't get to anything else while it's around. It's in no way meant as a "Look, this is an OS prompt", and it's quite easy to match the effect from another program, just grab a screenshot, dim it, throw it up full screen, then throw your dialog in front of it.
replies(1): >>12464405 #
1. ThatGeoGuy ◴[09 Sep 16 17:40 UTC] No.12464405[source]
This is true, but in terms of how the user interacts with the dialog, they can more or less associate the dimmed background and Secure Desktop dialog box with a "from the OS" behaviour. This happens because as you said, the secure desktop is "inaccessible from any other software on [your] computer."

I don't actually know if I fully believe that. I haven't seen the internals of how it's implemented, but at the very least most users can assume that only the OS can bring up the prompt, and only the user can make it go away.

replies(1): >>12464488 #
2. Vendan ◴[09 Sep 16 17:48 UTC] No.12464488[source]
The very specific UAC one is secure, at least from anything that doesn't already have basically full control over your system, as it runs in the context of the SYSTEM account. The effect, and even much of the "alternate desktop", is trivial to reproduce, and is not as secure. One notable example is KeePass, which has an option to use a "Secure Desktop" for master password entry, but as it's done from the current user, is not secure against an attacker that understands what it's doing, though it will "bypass" a keylogger that's not designed to log "alternate desktop" interactions.