Death To System Initiated Pop-Up Windows

Pop-up windows that manifest without a user-initiating action and grab user-input focus do not merely present a severe nuisance that can manifest in unintended system actions but also by consequence increase the attack surface by providing an avenue to subvert sandboxing and configuration management faculties.  Modern operating systems should phase out this faculty and replace it with a more friendly and secure one.

In lieu of unpredictable pop-ups, operating systems should gather user input requests from system processes and applications into a shared queue of action requests, require a GUI context-switch for users to operate on them, and provide an inobtrusive alert faculty that announces the presence of input requests without hijacking input focus.

I have been thinking of this for years but only just now found myself angry (and perhaps time-rich) enough to write something when I was typing something into Safari on my Mac Air when Flux contrived to pop an update request dialog box that my in-flight fingers accepted without my having any opportunity to know what was happening until it was too late.  Decidedly not cool…

Microsoft Windows has made some useful inroads into security by requiring more explicit user decisions when applications attempt to gain execution, but even that falls somewhat short by manifesting as a focus-grabbing pop-up that could fall prey to the above-described problems.

We can do better.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s