zlacker

[return to "Everyone knows all the apps on your phone"]
1. chesch+Ce[view] [source] 2025-03-29 23:43:33
>>gnitin+(OP)
Can windows apps (not installed from the MS store) enumerate through the window titles of all open windows? How hard would it be for an app to monitor all of your web traffic based on the title alone?

Legit question. ChatGPT isn't super helpful here since it agrees with everything when I'm really looking for someone to say why this isn't really feasible in the real world.

◧◩
2. bcoate+Xp[view] [source] 2025-03-30 01:42:59
>>chesch+Ce
Windows has a whole different (looser, older) security model. There are no security barriers between windows running on the same desktop. (In particular, "UAC is [still] not a security barrier"--when you hit ok/type in a password to elevate a process, you’re effectively elevating the whole desktop and everything you're running.)
◧◩◪
3. jorvi+Ps[view] [source] 2025-03-30 02:18:30
>>bcoate+Xp
No, that is completely wrong and would be nuts. The only way the whole session gets elevated is if you'd launch explorer.exe with an admin token.

The way privilege escalation works on Windows is that pretty much everything gets launched with a standard user access token by default, and processes can request an admin access token in a few ways, UAC being the main one. When a process is supplied that token, that process is elevated.

It is more akin to 'sudo' rather than 'su', which makes sense because its progenitor is 'runas' from Windows 2000.

[go to top]