#1070 Secure desktop and HitmanPro

KeePass_2.x
closed
nobody
None
5
2012-12-23
2012-12-18
Diapolo
No

I found out that when HitmanPro is running and you try to start KeePass and have the secure desktop enabled, HitmanPro seems to steal that focus (perhaps to prevent malware to trick you into something, which is not the case with KeePass). After the focus is lost you are only able to kill the KeePass process via Task Manager, as all other KeePass menus are greyed out / non working.

Discussion

  • Diapolo

    Diapolo - 2012-12-18

    This happens with current KeePass version 2.20.1 on Win7 x64 SP1!

     
  • Paul

    Paul - 2012-12-18

    I don't think you can call this a KeePass bug.
    There may be a way around it though - I'm sure Dominik will have a look.

    cheers, Paul

     
  • Diapolo

    Diapolo - 2012-12-18

    The observed situation is indeed no real KeePass bug, but at least the behaviour to not be able to exit, use any controls or re-issue the secure desktop could be considered as unwanted behaviour, as that case is currently not covered ;).

    Dia

     
  • Dominik Reichl

    Dominik Reichl - 2012-12-23
    • status: open --> closed
     
  • Dominik Reichl

    Dominik Reichl - 2012-12-23

    Thanks a lot for reporting this issue! It's definitely not a KeePass bug (when an application switches to a different desktop without the user's consent, it is responsible to provide a way to switch back to the previous desktop).

    Anyway, I've now enhanced the KeePass behavior in such a case. When an application switches from the secure desktop to a different desktop, KeePass now shows a warning message box; clicking [OK] switches back to the secure desktop.

    The latest development snapshot for testing can be found here:
    http://keepass.info/filepool/KeePass_121223.zip

    Best regards
    Dominik

     
  • Diapolo

    Diapolo - 2012-12-23

    I tried your latest development version, which now indeed displays a message box when this happens, but HitmanPro directly steals back the focus, which leads to a "fight" between KeePass and HitmanPro. I would suggest you offer a dialog box, which allows to "Abort" or "Retry".

    The current patch is at least a good step, as you have a small time Window, where you can click cancel in the "Enter Passphrase" dialog, which allows for a clean shutdown of KeePass.

     
  • Dominik Reichl

    Dominik Reichl - 2012-12-23

    I already thought about an abort command, but this cannot be implemented nicely.

    The current solution motivates users to find the stealing application. After finding it, they can decide whether they prefer to continue using the application or the secure desktop option.

     
  • Diapolo

    Diapolo - 2012-12-23

    By "Abort" I just mean "stop the secure desktop function", which also gives time to close the stealing application. But anyway your fix already helps :), thanks for your quick response.

     

Log in to post a comment.