Pop-up windows that manifest without a user-initiating action and grab user-input focus do not merely present a severe nuisance that can manifest in unintended system actions but also by consequence increase the attack surface by providing an avenue to subvert sandboxing and configuration management faculties.  Modern operating systems should phase out this faculty and replace it with a more friendly and secure one.

In lieu of unpredictable pop-ups, operating systems should gather user input requests from system processes and applications into a shared queue of action requests, require a GUI context-switch for users to operate on them, and provide an inobtrusive alert faculty that announces the presence of input requests without hijacking input focus.

I have been thinking of this for years but only just now found myself angry (and perhaps time-rich) enough to write something when I was typing something into Safari on my Mac Air when Flux contrived to pop an update request dialog box that my in-flight fingers accepted without my having any opportunity to know what was happening until it was too late.  Decidedly not cool…

Microsoft Windows has made some useful inroads into security by requiring more explicit user decisions when applications attempt to gain execution, but even that falls somewhat short by manifesting as a focus-grabbing pop-up that could fall prey to the above-described problems.

We can do better.