摘要 |
Techniques are described herein for securely prompting a user to confirm sensitive operations, input sensitive information or the like. The techniques include receiving or intercepting calls from applications to prompting routines. When a call to a prompting routine is received or intercepted a hint may be provided to the user to switch to a secure desktop. When the user switches from the user desktop to the secure desktop the particular prompt is displayed. The input to the prompt is received on the secure desktop and verified to have been provided by the user. The user input or a representation of the input is then returned to the application running on the user desktop. Using these techniques, interception of prompting messages by malware does not result in sensitive information being revealed. Furthermore, spoofing of new messages by malware does not lead to the dismissal of critical prompting.
|