#1070 Secure desktop and HitmanPro

KeePass_2.x
closed
nobody
None
5
2012-12-23
2012-12-18
Diapolo
No

I found out that when HitmanPro is running and you try to start KeePass and have the secure desktop enabled, HitmanPro seems to steal that focus (perhaps to prevent malware to trick you into something, which is not the case with KeePass). After the focus is lost you are only able to kill the KeePass process via Task Manager, as all other KeePass menus are greyed out / non working.

Discussion

  • Diapolo
    Diapolo
    2012-12-18

    This happens with current KeePass version 2.20.1 on Win7 x64 SP1!

     
  • Paul
    Paul
    2012-12-18

    I don't think you can call this a KeePass bug.
    There may be a way around it though - I'm sure Dominik will have a look.

    cheers, Paul

     
  • Diapolo
    Diapolo
    2012-12-18

    The observed situation is indeed no real KeePass bug, but at least the behaviour to not be able to exit, use any controls or re-issue the secure desktop could be considered as unwanted behaviour, as that case is currently not covered ;).

    Dia

     
  • Dominik Reichl
    Dominik Reichl
    2012-12-23

    • status: open --> closed
     
  • Dominik Reichl
    Dominik Reichl
    2012-12-23

    Thanks a lot for reporting this issue! It's definitely not a KeePass bug (when an application switches to a different desktop without the user's consent, it is responsible to provide a way to switch back to the previous desktop).

    Anyway, I've now enhanced the KeePass behavior in such a case. When an application switches from the secure desktop to a different desktop, KeePass now shows a warning message box; clicking [OK] switches back to the secure desktop.

    The latest development snapshot for testing can be found here:
    http://keepass.info/filepool/KeePass_121223.zip

    Best regards
    Dominik

     
  • Diapolo
    Diapolo
    2012-12-23

    I tried your latest development version, which now indeed displays a message box when this happens, but HitmanPro directly steals back the focus, which leads to a "fight" between KeePass and HitmanPro. I would suggest you offer a dialog box, which allows to "Abort" or "Retry".

    The current patch is at least a good step, as you have a small time Window, where you can click cancel in the "Enter Passphrase" dialog, which allows for a clean shutdown of KeePass.

     
  • Dominik Reichl
    Dominik Reichl
    2012-12-23

    I already thought about an abort command, but this cannot be implemented nicely.

    The current solution motivates users to find the stealing application. After finding it, they can decide whether they prefer to continue using the application or the secure desktop option.

     
  • Diapolo
    Diapolo
    2012-12-23

    By "Abort" I just mean "stop the secure desktop function", which also gives time to close the stealing application. But anyway your fix already helps :), thanks for your quick response.