> Having the display server setting the tittlebar instead of the application is a start with server side decoration. Provided there is a 'secure' way for the display server to have such information of course..
You'd have to prohibit undecorated windows, transparent windows and full screen windows. All three can be used to create an illusion of a secure input prompt. And even then a basic attack with a maximized window that has in it's content pane something that looks like a secure input window would be enough to fool 80% of the users.
> > That's why security-conscious people invented the ctrl-alt-del keystroke combo that can't be caught by applications and which will always present the system log-on prompt.
> A *very incomplete* solution, a trojan game could spawn a window looking like a webpage..
The trick is that the special combo can't be grabbed by any normal program *and* that immediately all further input is only tied to a sort of secure input window that is always on top.
If no software can control the mouse or generate fake input for that dialog than it's a pretty sure way of making sure only the person controlling the real input devices is making the input and that that input is only received by the secure input window. And "training" people to enter some magic uncatchable key sequence before entering system credentials helps reduce the risk that they might type it into some malicious window.
This is one of the few things Microsoft did right with UAC. Before granting administrative privileges to a program a use has to press a button in a special popup that isn't visible by other windows programs and which can only be controlled using a few designated input devices (so a malicious program can't click the button itself).
They explicitly don't ask for credentials (so a program faking a security dialog would get no information). And credentials are only required for login and unlock (the "screwup" in this scheme is that a malicious program can pretend to be the login or lock screen and since they no longer train people to always press 'ctrl-alt-del' before login/unlock, there is no way of knowing whether you are typing in the real or a faked variant).