The fact that any application can spoof the os password prompt makes me wonder why they don't have a prominent feature to show the prompt is from the OS. On windows there is the secure desktop with the dimming effect.
Note that that is not what that "effect" is for. It's not, strictly speaking, even an actual "effect". Windows is creating and attaching another "desktop" to your screen, and putting the dialog there. The alternate "desktop", the "Secure Desktop", is inaccessible from any other software on the computer, so a piece of malware can't say "Ask for permission to do blah, then find the 'Allow' button and click it" The "dimming" is to make it clear that this dialog is completely modal, and you can't get to anything else while it's around. It's in no way meant as a "Look, this is an OS prompt", and it's quite easy to match the effect from another program, just grab a screenshot, dim it, throw it up full screen, then throw your dialog in front of it.
This is true, but in terms of how the user interacts with the dialog, they can more or less associate the dimmed background and Secure Desktop dialog box with a "from the OS" behaviour. This happens because as you said, the secure desktop is "inaccessible from any other software on [your] computer."
I don't actually know if I fully believe that. I haven't seen the internals of how it's implemented, but at the very least most users can assume that only the OS can bring up the prompt, and only the user can make it go away.
The very specific UAC one is secure, at least from anything that doesn't already have basically full control over your system, as it runs in the context of the SYSTEM account. The effect, and even much of the "alternate desktop", is trivial to reproduce, and is not as secure. One notable example is KeePass, which has an option to use a "Secure Desktop" for master password entry, but as it's done from the current user, is not secure against an attacker that understands what it's doing, though it will "bypass" a keylogger that's not designed to log "alternate desktop" interactions.
That reminds of how Windows asks you to press "ctrl+alt+del" before typing your account password in some situations, because other software cannot intercept ctrl+ald+del so you know the login prompt is legit.
That was actually designed to avoid typing credentials into "faked" password dialogs. The above mentioned "Secure Desktop" with dimming is not designed for that, but for the, rather hilarious, fact that it is trivial for a Windows program to hit any button on the screen it wants to. Having the permission requests pop up on a "Secure Desktop" prevents a malicious program from hitting the "Allow" button for it's own permission request. The funny part is that this is the exact kind of functionality dropbox is "hacking" itself access to.
Hence why I put hacking in quotes...? I'm just pointing out that Dropbox is arguably jumping through hoops to get access to functionality that Windows gives to basically anything that gets a toehold on your system.
It's a basic fact of the way Windows is designed. If you can get code to run on a Windows computer, you get a lot of power over that computer. Even more if the user is a local administrator. As someone that tests Windows computer network security on a regular basis, it is rather disturbing how much work you have to put into making a Windows network actually secure.
It probably is, but it would be near-impossible for a respectable company to claim that they weren't specifically trying to spoof it.
With the current OS X password prompt being a benign looking window, Dropbox (or others) can easily say they're just "following standard UI patterns" or something like that.
Trivially, in fact, KeePass does a fairly good job of it, mimicing everything down to the actual creation of a second, "secure" desktop. It's arguably more secure, though it's a little bit of a "false security", as KeePass's "Secure Desktop" is not as "secure" as the UAC and similar one, as the UAC one runs as SYSTEM, where as KeePass's runs as the current user.
Not really. Sure you can make a replica of it but it won't behave the same because you'll be able to minimize or close it but the secure desktop you can't do jack to until you either accept to decline whatever it's asking.
I mean sure and that may confuse the normal users. But if I remember correctly you can't override / replicate everything without administrative access. If I remember correctly ctrl + alt + del can't be overridden on the security screen. I thought there were other things as well.
It's not spoofing the prompt. The prompt is OS X native, DB is basically telling the OS "Hey I need root", the OS displays the prompt, and grants root access to DB. So it is a system prompt
Well, in theory they might, in practice they don't.
Almost all of the viruses reported for Macs were in fact Trojans.
And even if there were a few legitimate viruses over the years, none went very far as to cause much trouble to any sizeable number of people. Contrast with the barrage of Windows viruses and widespread mayhem they cause, on a platform were almost everybody uses an antivirus too.
It's not "just" due to the Mac being less popular either. Mac OS up to 9 got lots of viruses back in the day, and Macs had just 1 to 2% market share in the US. Nowadays they have several times that.
So yeah, on my Mac and Linux boxes, I'll care about viruses to the point of running an antivirus or such when people actually start getting some...
