in

ASP.NET Weblogs

Carl Franklin

.NET Wonk

Longhorn suggestion for security and usability

Before you allow any old program to just pop up and become the window with focus, check to make sure the user isn't typing something. Wait a few seconds before popping up. Not only is it frustrating, it could be a huge security problem. If I'm typing a document in word, and I need my credit card information or SSN, so I go to my secure app and copy it into the clipboard and go back to Word. Right before I paste and hit enter, some program that sends email to the world has figured out that it urgently needs to interrupt me for a comment, which it will immediately post to every blog on the planet, and my credit card goes out to the world.

It would be an easy thing to implement. The user could adjust the amount of time to wait before allowing a program to pop up, or you could also supply an option that would not allow other programs to pop up at all, but would instead keep them blinking in the task bar area until you click on them. Alternatively it could play a sound so you could stop typing, and the program would then pop up, now that the user is cognizant of it.

Published Feb 28 2004, 11:35 PM by Carl Franklin
Filed under:

Comments

 

Austin Wise said:

The Tweak UI tool lets you enable this and it seems to work pretty well after rebooting.
It is available at http://www.microsoft.com/windowsxp/pro/downloads/powertoys.asp.
February 29, 2004 1:40 AM
 

Carl Franklin said:

Awesome! Where have I been?

LOL
February 29, 2004 2:03 AM
 

Pavel Lebedinsky said:

I thought the default setting in XP was to flash the taskbar button when another app tries to steal focus.

The problem is that it doesn't prevent focus stealing from the same process. For example, when you press Win+R immediately after logging on and start typing in the Run... dialog, explorer can decide that it needs to show you the folders that you had open when you were last logged on, and steal the focus from the dialog.
February 29, 2004 4:47 AM
 

TrackBack said:

This post from Carl Franklin couldn't be more on the money in my opinion. I have found this to be a major annoyance in the past and present. While I haven't published my credit card number to the world yet, I have experienced a few "Phew! That was close" moments jumping between financial reports, proposals, IM conversations and secure forms at the same time. Yah I know the perfect user isn't supposed to do multiple tasks like that at once but reality often dictates otherwise....
February 29, 2004 12:22 PM
 

M Kenyon said:

Yes, I believe the in process thing applies, but I am going to test that against the tweak ui too. Thanks Austin. How anoying to be waithing for one website to load I try to enter data into another web form, only to have some of my test fail to get entered. I multitask immensly. I don't know where I would be without dual monitors, but the jumping around when I do not command it! Treason!
March 1, 2004 9:28 AM
 

Andrew said:

There aren't too many things I like about the X Windows system, but the ability to set the set the window focus to always follow the mouse pointer is excellent. This would, I think, mostly solve your problem. But the reason why I like it is that it reduces the time I have to spend on the mouse (by saving me a click). I find it so much more efficient to express something by entering text than by mouse movement and button clicks. But then I grew up with CPM, MSDOS and UNIX so maybe I'm just another luddite.
March 28, 2004 12:17 AM
 

Carl Franklin said:

That sounds like a great feature. Would it keep another program from popping up and hogging focus, though? Gee, I really hope Microsoft is listening. :-)
March 28, 2004 12:34 AM

Leave a Comment

(required)  
(optional)
(required)  
Add
Terms of Use