Safe 'DrawText' function

by Michael S. Kaplan, published on 2005/09/09 08:59 -04:00, original URI: http://blogs.msdn.com/b/michkap/archive/2005/09/09/462880.aspx


A recent thought from a reader, sent via the Contact link:

Hi. I actualy tried finding the correct blog post to submit this response too - but I couldn't

Anyways - A while ago you had a couple of posts on internationalized text esspecially in the browser however you also mentioned how it can be used to cloak a bad file in explorer etc...

Would this make any sense at all?

In vista- Create a "Secure Unicode" Rendering function - Sort of a "overriden" implemetation of drawText that will draw a little squiglly under any unicode charecter that is deemed suspious (You linked to a RFC that had some good ideas there) - this suiglly would be draw in the sane pen as the font and it would look similiar to the squiggly that word draws under misspelled words.

In any situtation where a unicode char might be used to fool the user into doing something he probablyu does not want to do Windows ,(and third party apps0 can use this version to ensure that the user is notified when a charecter might not be exactly what it looks like.

I can see this being used in windows explorer for file listings - or perhpas in login text boxes etc, email address boxes (I can send yo a link asking you to send sensitive info to a email address that looks similiar to an address you trust) etc....

Just a thought (obvioussly..)

This is an interesting suggestion, and it would be a fascinating use of the mitigation tools for IDN security problems that I posted about last month in any application, whether it was from Microsoft or not, even if a specific Win32 or managed API function were not added to the platform or the .NET Framework.

But with that said, it would be fascinating to see such a function!

I would love to see such an idea with even more functionality, like an underlying "confidence level" that would score the confidence that a string was in fact valid and a way to pass to the function the score required to show the visual difference between the two forms of text. And maybe even two HDC values, one for the safe text and the other for the potentially suspect text. I think it would be a fascinating extension to the tools that were originally posted for dealing with IDN security problems but which obviously could play a much wider role in software.

So it is just a thought but one that is good enough that I would even give it attribution had the person left a full name. :-)

Now the original functionality was added in these the final days of the 'Whidbey' product cycle so it was really too late to add any more functionality there, and it is unclear what more could be added to Vista in the way of new features, but the idea (as evidenced by the ideas I spitballed in just a few moments two paragraphs ago!) has a lot of potential in my mind as a functionality.

I do not know if such a function is planned, but it may already be in the works. If I hear anything I'll let you know, I think it is a truly intruiging thought, the potential design of which would make for a fascinating interview question, I think.... :-)

 

This post brought to you by "а" (U+0430, a.k.a. CYRILLIC SMALL LETTER A)
(the original sponsor of the mitigation post, and a letter that truly resents those who would USE it to try to fool users of computers in any kind of phishing expedition!)


# Gabe on 9 Sep 2005 12:13 PM:

I don't understand how you know something is suspicious. Latin, Greek, and Cyrillic (which was based on Latin and Greek) all have similar letters. I suppose any word containing code points from multiple languages might be suspicious, but the word "Spy" looks the same whether written in Latin (ess, pee, wye) or Cyrillic (dze, er, u). As an English speaker, though, I wouldn't be expecting the Cyrillic characters. Would something only be suspicious if it was written in a non-native charset?

# Stephane Rodriguez on 9 Sep 2005 12:30 PM:


Michael,

Ever considered writing a book (à la JoS?). So much good valuable reliable content.

# Michael S. Kaplan on 9 Sep 2005 12:48 PM:

Hi Gabe -- mixed script strings in situations where they would not be expected, especially involding suspicious lookalike characters, would be the best ones to consider suspicious. How suspicious to be would drive a "score" that could be used to explain how serious the suspicion is....

There are certainly other unsafe things, but the phishing problem with IDN is centered right here....

# Michael S. Kaplan on 9 Sep 2005 12:48 PM:

Hi Stephane -- see http://blogs.msdn.com/michkap/archive/2005/08/28/457383.aspx for more on me [not] writing books any time soon. :-)

Please consider a donation to keep this archive running, maintained and free of advertising.
Donate €20 or more to receive an offline copy of the whole archive including all images.

go to newer or older post, or back to index or month or day