| Date: | June 3, 2013 / year-entry #149 |
| Tags: | code |
| Orig Link: | https://blogs.msdn.microsoft.com/oldnewthing/20130603-00/?p=4193 |
| Comments: | 39 |
| Summary: | Ultimately, you can't stop somebody from ignoring the words Confidential at the top of a document and whipping out a digital camera and taking a picture of the screen. But at least starting in Windows 7 you can make it a little more difficult. Take our scratch program and add this one line: ... SetWindowDisplayAffinity(hwnd, WDA_MONITOR);... |
Ultimately, you can't stop somebody from ignoring the words Confidential at the top of a document and whipping out a digital camera and taking a picture of the screen. But at least starting in Windows 7 you can make it a little more difficult. Take our scratch program and add this one line:
...
SetWindowDisplayAffinity(hwnd, WDA_MONITOR);
ShowWindow(hwnd, nShowCmd);
...
Assuming you have the Desktop Window Manager enabled, you will find that attempting to capture our scratch program in a screenshot or via the Snipping Tool will result in black pixels. Remember, this is just an obstacle, not a security measure. If somebody is determined to get the pixels, this step is only going to slow them down a little. (For example, on Windows 7, they can simply disable the Desktop Window Manager.) But it's handy for reducing the likelihood of an accidental breach of confidential information. Pre-emptive hate: "DRM is evil!" My response to you: If you don't like DRM, then don't buy DRM-protected content. If you don't like IRM, then don't read IRM-protected documents. If you don't like Blu-Ray, then don't buy Blu-Ray DVDs. |
Comments (39)
Comments are closed. |
DRM is not evil, it is merely a silly waste of resources.
Run this code, get uninstalled for failing accessibility. ADA is not optional.
@Joshua: Does ADA demand the ability to take screen shots with DWM enabled?
And if you don't like drugs, don't buy drugs! If you don't like poverty, don't become poor!.. The whole point of disliking something is that you try to make this "something" disappear from reality.
Anyway, thanks for revealing the trick: now I will turn DWM off before trying to screenshot that one arrogant program.
@SimonRev: Advanced third-party magnifiers do. Starting in Windows 8, cannot just turn off DWM to break this code. Can't just use DWM magnify either. Might have to OCR and re-render text in a highly readable font.
[ DRM is not evil, it is merely a silly waste of resources. ]
Especially since it's optimizing for the wrong case. The "normal", non-tech-savvy user doesn't try to rip Blu-Rays on his/her machine, he just opens the favorite P2P application/Torrent search engine and finds the work already done by people who know how to work around the obstacles.
Many anti-piracy initiatives seem to have this same problem; my favorite is the hideous "Piracy is a crime" mandatory, non-skippable ad (http://www.youtube.com/watch), which annoys just the people who actually bought the official DVD (I've never seen a DVD rip that includes annoying ads). The point is similar to the one made by Jeff Atwood here (http://www.codinghorror.com/…/the-problem-with-software-registration.html) about software registration – you are doing a disservice only to people who are actually willing to pay you.
I feel like I have to bear the burden of pointing out there's no such thing as a "Blu-Ray DVD"… DVD and Blu-Ray Disc are two completely separate technologies, and that makes about as much sense as saying "DVD CD".
Great, now "accessibility" is another thing Raymond will have to point out his sample programs don't support, along with error handling.
[Try it. Accessibility still works. -Raymond]
I refer the honourable gentleman the answer I already gave to SimonRev. If my eyes decay any farther I'll be looking at taking such an option.
> Might have to OCR and re-render text in a highly readable font.
I thought programs were supposed to support system settings for large fonts (and high contrast) to be considered accessible.
MSDN doesn't document if the hWnd has to be owned by the current process/thread or not, though I'd imagine it to be so (I'm not in front of Windows 7 at the moment to test) otherwise someone could just enumerate over all top level windows and set their display affinity to WDA_NONE before taking a screenshot.
Arn't there discs that are Bluray on one side, DVD on the other?
@Random832: And one other thing. Respect all font rendering selections made by the ClearType tuner, including both grey-scale and off (bi-level rendering) (clear type + high mag = misaligned). Windows 8 doesn't.
So I tried it. As expected, when I take a screenshot my window's client area is now blacked out.
Then I ran Windows Magnifier. And my window's client area is blacked out in Magnifier.
Windows Magnifier is advertised as an accessibility tool even if it doesn't rely on technologies a developer would think of as "accessibility". And this feature stops it working.
Raymond, do you honestly think that childish reactions will do anything constructive? Furthermore, so far the comments don't contain a ‘hate flamefest’, just reasonable critique.
Maybe the reason that you the comments you get is that you read but don't adequately listen. If you internalise the comments and take them into proper account the next time you write an article, the reactions would be a lot more constructive and then the comments will move on also.
But your ‘pre-emptive hate’ only shows that you didn't listen and hence things have to be said again. And if you go on like this, and do senseless things like removing comments, you'll get the exact same thing any time you write a tangentially related article.
And rightly so, because the commenters aren't the problem. You are out of step with reality and that's the problem. Fix yourself and the problem will disappear.
Holy fatcats. I didn't make a comment about DRM, now did I? What I said was two things:
a) The argument from "Pre-emptive hate" is just a re-phrasing of "If you don't like something, turn away from it", which is quite a silly argument; and
b) I have one pesky program which refuses to export data from it, so now I have one more way to try and make it cooperate (though it didn't work, sadly).
@Anonymous Coward: He just wants to focus on his salad.
So this API can ensure that a window is only displayed on a monitor. That makes me wonder, what are the alternatives? Is an RDP session considered a monitor?
I could see this being super useful when doing a screencast.
But if this is intended as a DRM thing I doubt a process can toggle this setting on arbitrary windows.
The only example of a limitation I read on MSDN though is that it has to be called on a top level window.. The Get version says it works with windows of any process.. Does that mean the Set version doesn't?
I would try it but I don't have a copy of Windows atm..
@Gabe: Really good question. Read the docs. Oh wait, the MSDN docs don't say.
Suppose it only works from within the same process. That just means an attacker would have to inject a thread into that process. Since the attacker is probably an administrator of that machine, that's hard to prevent.
We shouldn't have to wait until the end of the day and another embargo list before sanity. Maybe Raymond should delete most comments matching DRM from this article.
[The primary audience here is probably not DRM but rather IRM. There is no torrent for "The confidential email sent from the CEO." -Raymond]
Of course, sorry, I was digressing.
Actually, this function could have a widespread usage for the p̶o̶r̶n̶ privacy mode of the browsers, especially if it was applicable to their taskbar button – for one thing, it would avoid problems like this thedailywtf.com/…/Whoops!.aspx :)
Raymond, if you actually read Joker's comment, you'll note it's in response to your ‘pre-emptive hate’. So your comment is like complaining that nuking Moscow to prevent Russia from nuking us didn't have the intended effect.
Anyway, I'm more aligned with Raphael's view, but supposing for a moment that DRM could actually work, the companies that want DRM pretty much have a monopoly so your ‘then don't buy DRM'ed goods’ quip doesn't make any sense.
As it stands however, DRM doesn't work and that's the only reason that there are good alternatives do DRM'ed content. But that does mean that saying ‘If you don't like DRM, then don't buy DRM-protected content.’ is essentially the same as saying ‘If you don't like DRM, then go to the Pirate Bay.’ and I doubt that was your intention.
In any case, given the subject of your article, DRM related comments are entire on-topic and censoring them would be *extremely* childish. If someone tells you something you don't want to know, but that is true, do you plug your ears and sing ‘La la I can't hear you’ on the top of your voice? I posit no sensible adult would act in such a manner.
Interesting article, Raymond. I'll have to keep this in mind if we even make a non-browser based interface for the system I work on.
To everybody that says DRM doesn't work – that's wrong. DRM works just fine, it just doesn't do what most people think it does (prevent unauthorized copying). It's purpose is to prevent manufacturers from adding unapproved functionality to their devices and programs (anything that isn't explicitly allowed is forbidden, since you can't get the keys without signing a contract that tells you exactly what you can do).
From the SetWindowDisplayAffinity MSDN page:
"It is important to note that unlike a security feature or an implementation of Digital Rights Management (DRM), there is no guarantee that using SetWindowDisplayAffinity and GetWindowDisplayAffinity, and other necessary functions such as DwmIsCompositionEnabled, will strictly protect windowed content, for example where someone takes a photograph of the screen."
I'd be impressed to see any "security feature or an implementation of Digital Rights Management (DRM)" that can leap out of the screen and disable my camera. Think they need a better example.
(NB. I didn't see the DRM conversation before drafting this. Hey-ho. Blame MSDN!)
There are a lot of workplaces where phones/cameras are banned. So you're premise is not unreasonable.
people do stupid things and they dont think about or care about data security. imagine that sales guy who decides to send an email to his personal account with that not yet published internal quartaly report so that he doesn't need to take the extra 2 seconds to log into the VPN. You all know that guy i'm talking about. with IRM he'll get an error message and probably proceed to not read it and ask the helpdesk what the heck is wrong with there computers? The helpdesk can then respond that he shouldn't be emailing the report. mabye his manager gets involved and hopefully tells him the same thing. crisis adverted. thats the use case from IRM not protected it from someone who really wants to get at it. although people especially management will often think its to proect against "hackers".
@Raymond: "It's to defend against users who take a screen shot without realizing that the confidential budget data is visible in the background. See the linked article."
No, that's not true. This is only the first step of many DRM features which will be harder and harder to circumvent for each Windows version.
@Miff: "there's no such thing as a Blu-Ray DVD"…
He probably meant HD DVD, xbox2's epic fail no one remembers.
What about in a VM? If I run the app in a VM and then switch back to the host, can I screenshot that?
@Ray: Missing the point bro. The feature is designed to stop unwanted information being leaked by users taking screenshots of programs but not realizing a confidential program is lingering in the background.
This function would be useful (as part of required defense in depth) for an application like SnapChat (along with functions like SecureZeroMemory).
Would this also apply to Onenote's ability to take a screenshot? It seems to work a little differently then the normal 'Print Screen'.
Running this app on Windows 7, and attempting to call SetWindowDisplayAffinity on a top-level hwnd of another process results in error code 5. Even if run from a requireadministrator application belonging to the same user running the other app.
"He probably meant HD DVD, xbox2's epic fail no one remembers."
What are you talking about? HD-DVD was <i>winning<i/> the format war until Sony spent about $3B bribing the major studios to switch to Blu-Ray.
>It's to defend against users who take a screen shot without realizing that the
>confidential budget data is visible in the background. See the linked article.
What would be more useful in this case is a SelectiveSetWindowDisplayAffinity() that allowed you to, for example, take a snapshot of your browser screen without also capturing all your *** sites open in the tab bar at the top.
> There are a lot of workplaces where phones/cameras are banned. So you're premise is not unreasonable.
If you completely ignore the idea of context, that's fair comment. Can we not do that?