Hi! This is a very interesting and *very important* issue that should definitely be solved.
The fact that a good / great commercial solution (called SpyShelter) exists to fix the *huge* holes in end user OS security, is *the* reason I stayed on Windows for a very long time. I know, of course, there are all sorts of ways to hack yourself *almost* there, with what ever MAC or similar system it is that you could use. However, I still didn't see anything out there, except maybe Qubes, that would provide a [reasonably] *easy and user-friendly* fix to prevent, for example, any running process taking a screen shot without the user having zero chance of knowing it's happening, only exists in the form of SpyShelter. And it's for Windows only. It would be *wonderful* if OpenBSD could do all this on OS level. It would be particularly wonderful if it would be possible to at least entirely disable screen shots. Even better if it would be possible to define detailed user and application based rules to grant exactly the permissions the user needs. For example: web browser could have read- only rights to the same clipboard where the secure password store software would write to. Taking a look at SpyShelter's feature descriptions and settings provides a bunch of useful ideas to begin with. I entirely understand the effort it would take, especially if we're talking about the possibility to apply refined permission rules that would cover things like which app has the permission to take screen shots of which other app(s) windows -- it's a slow and long process. However, even very rough, global on/off setting for, for example, disabling screen shots entirely, could perhaps be feasible in a decent amount of time. One very wonderful feature of SpyShelter is, by the way, the keyboard encryption feature. It encrypts the key clicks going to each application. Pretty amazing work, IMHO. The company who makes it was recently sold I believe, and the UI got entirely revamped at the same time. It does look a lot modern now, and it is [much] easier for an average user to get along with it. The old UI of the now extinct flagship version, SpyShelter Firewall, was *very* detailed and allowed many nice things such as limited, per application sandboxes. J-P
