From 4d939d07758a00611d4be96d336fdbf6f1901492 Mon Sep 17 00:00:00 2001 From: ChocolateCravings Date: Tue, 19 Apr 2016 10:22:34 +0200 Subject: [PATCH 1/2] Update full-screen-mode.md explicitly mention that alt+tab protects against fake window attacks --- common-tasks/full-screen-mode.md | 1 + 1 file changed, 1 insertion(+) diff --git a/common-tasks/full-screen-mode.md b/common-tasks/full-screen-mode.md index dec41cbc..6a2b11fb 100644 --- a/common-tasks/full-screen-mode.md +++ b/common-tasks/full-screen-mode.md @@ -25,6 +25,7 @@ Secure use of full screen mode ------------------------------ However, it is possible to deal with full screen mode in a secure way assuming there are mechanisms that can be used at any time to show the full desktop, and which cannot be intercepted by the VM. An example of such q mechanism is the KDE's "Present Windows" and "Desktop Grid" effects, which are similar to Mac's "Expose" effect, and which can be used to immediately detect potential "GUI forgery", as they cannot be intercepted by any of the VM (as the GUID never passes down the key combinations that got consumed by KDE Window Manager), and so the VM cannot emulate those. Those effects are enabled by default in KDE once Compositing gets enabled in KDE (System Settings -\> Desktop -\> Enable Desktop Effects), which is recommended anyway. By default they are triggered by Ctrl-F8 and Ctrl-F9 key combinations, but can also be reassigned to other shortcuts. +Another option is to use Alt+Tab for switching windows. This shortcut is also handled by dom0 and protects from fake windows. However one needs to pay careful attention, two windows switching when pressing Alt+Tab once means one of the windows is fake. Enabling full screen mode for select VMs ---------------------------------------- From 00095d27efa6934f7c20caed8f3691ca6659b257 Mon Sep 17 00:00:00 2001 From: ChocolateCravings Date: Tue, 19 Apr 2016 15:31:30 +0200 Subject: [PATCH 2/2] Update full-screen-mode.md simplified --- common-tasks/full-screen-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-tasks/full-screen-mode.md b/common-tasks/full-screen-mode.md index 6a2b11fb..924d0715 100644 --- a/common-tasks/full-screen-mode.md +++ b/common-tasks/full-screen-mode.md @@ -25,7 +25,7 @@ Secure use of full screen mode ------------------------------ However, it is possible to deal with full screen mode in a secure way assuming there are mechanisms that can be used at any time to show the full desktop, and which cannot be intercepted by the VM. An example of such q mechanism is the KDE's "Present Windows" and "Desktop Grid" effects, which are similar to Mac's "Expose" effect, and which can be used to immediately detect potential "GUI forgery", as they cannot be intercepted by any of the VM (as the GUID never passes down the key combinations that got consumed by KDE Window Manager), and so the VM cannot emulate those. Those effects are enabled by default in KDE once Compositing gets enabled in KDE (System Settings -\> Desktop -\> Enable Desktop Effects), which is recommended anyway. By default they are triggered by Ctrl-F8 and Ctrl-F9 key combinations, but can also be reassigned to other shortcuts. -Another option is to use Alt+Tab for switching windows. This shortcut is also handled by dom0 and protects from fake windows. However one needs to pay careful attention, two windows switching when pressing Alt+Tab once means one of the windows is fake. +Another option is to use Alt+Tab for switching windows. This shortcut is also handled by dom0. Enabling full screen mode for select VMs ----------------------------------------