Wednesday, August 28, 2024

Re: Solution to keystroke injection

Hi!

This is a very interesting and *very important* issue that should
definitely be solved.

The fact that a good / great commercial solution (called SpyShelter)
exists to fix the *huge* holes in end user OS security, is *the* reason
I stayed on Windows for a very long time.

I know, of course, there are all sorts of ways to hack yourself
*almost* there, with what ever MAC or similar system it is that you
could use. However, I still didn't see anything out there, except maybe
Qubes, that would provide a [reasonably] *easy and user-friendly* fix
to prevent, for example, any running process taking a screen shot
without the user having zero chance of knowing it's happening, only
exists in the form of SpyShelter. And it's for Windows only.

It would be *wonderful* if OpenBSD could do all this on OS level. It
would be particularly wonderful if it would be possible to at least
entirely disable screen shots. Even better if it would be possible to
define detailed user and application based rules to grant exactly the
permissions the user needs. For example: web browser could have read-
only rights to the same clipboard where the secure password store
software would write to.

Taking a look at SpyShelter's feature descriptions and settings
provides a bunch of useful ideas to begin with.

I entirely understand the effort it would take, especially if we're
talking about the possibility to apply refined permission rules that
would cover things like which app has the permission to take screen
shots of which other app(s) windows -- it's a slow and long process.

However, even very rough, global on/off setting for, for example,
disabling screen shots entirely, could perhaps be feasible in a decent
amount of time.

One very wonderful feature of SpyShelter is, by the way, the keyboard
encryption feature. It encrypts the key clicks going to each
application. Pretty amazing work, IMHO. The company who makes it was
recently sold I believe, and the UI got entirely revamped at the same
time. It does look a lot modern now, and it is [much] easier for an
average user to get along with it. The old UI of the now extinct
flagship version, SpyShelter Firewall, was *very* detailed and allowed
many nice things such as limited, per application sandboxes.

J-P

No comments:

Post a Comment