It's been a very busy week. We experienced a server disk crash in a customer's system so the system had to be completely rebuilt from scratch, and that's a very time consuming process due to the highly sensitive nature of that particular system.
In between various steps in rebuilding the system I've been poking around to see what's new in the security world. Aside from the Perspectives plugin that I mentioned in a previous blog article, I also recently came across another new tool - a dialog window that is supposedly entirely secure.
PMC Ciphers claims that their new dialog window is immune to attacks from screenshot grabbing Trojans.
The concept is based on the dialog's use of a high percentage of CPU time, which the company says will outperform a Trojan.
The dialog uses a virtual on-screen keyboard to accept data entry. The dialog runs at a high priority and consumes approximately 30% of the system's CPU time. That time is used to constantly redraw PIN code characters on the screen at a high rate of speed and in somewhat random positions. The user then clicks on PIN code characters to authenticate for whatever purpose, such as accessing a bank Web site or mounting and encrypted disk volume.
The company says that because of this approach, a Trojan running at normal priority wouldn't be able to grab an accurate screenshot to gain access to the PIN codes. They also say that if a Trojan tried to run at high priority - similar to the dialog window - that a user would notice the condition due to a slow down in overall system performance.
It's a decent idea, but I'm not so sure that it's "completely safe" as the company claims.
You can see a video demonstration of the "Trojan-Horse-proof Virtual Keyboard" in action at the company Web site.