Coffeehouse Thread

10 posts

Windows Cardspace Control Panel - WTF

Back to Forum: Coffeehouse
  • User profile image
    W3bbo

    So I was just wanting to take a look at my current power settings on my Tecra, and noticed a brand spankin' new Cardspace control panel listed (since I installed the NETFX3.0 RTM the other day)

    ....opening it made my screen go dark for a moment, then the main panel loaded, the dark screen background freaked me out so I pressed Ctrl+Alt+Del to go to the CSRSS-controlled secure desktop, pressing the Task Manager button to return to my normal desktop just returned a blank screen. Alt-Tab/Alt-F4/Esc, name any combination besides CAD and it had no effect.

    Fortunately I had just saved my work, because I had to go CAD > Logoff > Logon again to get back to work.

    Questions:

    • Why does the Cardspace control panel darken my screen?
    • Why does my desktop disappear....completely after returning from the secure desktop whilst the Cardspace CP is open?
    • When will both issues be fixed/explained?

  • User profile image
    Sven Groot

    I tried it in Vista, and it looks like CardSpace is openend on the secure desktop (same as the UAC prompts).

    Why this is needed I don't know.

  • User profile image
    AndyC

    Given that cards are intended as a security principal, I presume it appears on the secure desktop to prevent a malicious application from compromising the CardSpace control panel.

  • User profile image
    blowdart

    AndyC wrote:
    Given that cards are intended as a security principal, I presume it appears on the secure desktop to prevent a malicious application from compromising the CardSpace control panel.


    Indeed, and to present a consistant user experience that's not easily faked. I admit it did freak me out when it happened on XP for the first time, and it's a bit too easy to crash the CardSpace panel and leave yourself stuck on the secure deskop.

  • User profile image
    W3bbo

    blowdart wrote:
    Indeed, and to present a consistant user experience that's not easily faked. I admit it did freak me out when it happened on XP for the first time, and it's a bit too easy to crash the CardSpace panel and leave yourself stuck on the secure deskop.


    "the" secure desktop? I was under the assumption there can only be one, the one controlled by csrss.exe, which is why only the GINA shows up there and not other apps, hence why you can't get the Task Manager up on the secure desktop.

    Still I'm pretty sure this counts as a pretty major bug, it needs sorting.

  • User profile image
    blowdart

    W3bbo wrote:
    
    blowdart wrote:Indeed, and to present a consistant user experience that's not easily faked. I admit it did freak me out when it happened on XP for the first time, and it's a bit too easy to crash the CardSpace panel and leave yourself stuck on the secure deskop.


    "the" secure desktop? I was under the assumption there can only be one, the one controlled by csrss.exe, which is why only the GINA shows up there and not other apps, hence why you can't get the Task Manager up on the secure desktop.

    Still I'm pretty sure this counts as a pretty major bug, it needs sorting.


    Apparently not. Of course without the source who knows for sure but it's been documented as running in a secure desktop, just like GINA.

    If it does crash you can still shut down normally, if your machine supports the tap on power to shutdown.

  • User profile image
    W3bbo

    blowdart wrote:
    If it does crash you can still shut down normally, if your machine supports the tap on power to shutdown.


    I managed to get out by clicking Logoff on the GINA.

    ...I wonder how XP Home/Welcome Screen users would get out.

  • User profile image
    blowdart

    W3bbo wrote:
    
    blowdart wrote:If it does crash you can still shut down normally, if your machine supports the tap on power to shutdown.


    I managed to get out by clicking Logoff on the GINA.

    ...I wonder how XP Home/Welcome Screen users would get out.


    Naw, I meant when CardSpace dies, not GINA.

  • User profile image
    RichTurner

    W3bbo wrote:
    
    blowdart wrote: Indeed, and to present a consistant user experience that's not easily faked. I admit it did freak me out when it happened on XP for the first time, and it's a bit too easy to crash the CardSpace panel and leave yourself stuck on the secure deskop.


    "the" secure desktop? I was under the assumption there can only be one, the one controlled by csrss.exe, which is why only the GINA shows up there and not other apps, hence why you can't get the Task Manager up on the secure desktop.



    Note - CardSpace spins up in its own PRIVATE desktop, not *the* "Secure Desktop".

    The Secure Desktop is (as many of you have commented in this thread) a highly protected desktop in which the GINA runs.

    Private desktops can be created using the CreateDesktop Win32 API. If you want yours to be private, you can restrict the level of access and security attributes that your desktop (and therefore the apps running inside it) supports.

    CardSpace runs in its own highly restricted Private Desktop to help shield itself from malicious software that the user might have inadvertantly picked up on their travels around the web. When the desktop is created and CardSpace starts running, it takes a snapshot of the user's desktop, applies a grey mask and sets it's wallpaper to this grayed bitmap. This provides a strong visual cue to the user that "they're not in Kansas any more" and that something special has happened. The user is now within Windows CardSpace - a protected environment in which they can more safely manage and control their digital identities.

  • User profile image
    blowdart

    RichTurner wrote:
    Private desktops can be created using the CreateDesktop Win32 API. If you want yours to be private, you can restrict the level of access and security attributes that your desktop (and therefore the apps running inside it) supports.


    Well I never. I shall update my presentation Big Smile

    I did discover yesterday that you can even screenshot it using ALT-PrintScreen. Which you didn't use to be able to do in the betas.


Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.