> What should be the real continuing inexcusable outrage is that Windows, even today, grants all applications full access to read the titles of all windows with no way to disable it.
That's there because it's been in there forever in the win32 API, and changing that would break applications.
For example, a long time ago, I wrote a small application that would iterate through a list of executables, launch each one sequentially, and for as long as that executable ran, it would look at the window that had the current focus, enumerate every control, and then send a click message to any control that would contain the words yes, agree, continue, accept, install, ok. Made my life easier to automatically install software on computers unattended.
There are plenty of other applications that require looking up other windows and sending them messages for all kinds of user workflows, things like autohotkey and so on. Changing that behavior would break all of them.
It's okay as long as there is a way to opt out. Windows has a "compatibility mode" which users can enable for any executable. That could restore the old API behavior.
The single biggest strength of Windows is its ability to run most applications from 30 years ago, and practically all applications from 20 years ago, without a hitch.
I agree with an opt out but it should be difficult. Like entering recovery mode and enabling a legacy mode from the terminal. That way if you’ve got some industrial application you’ve got a way. But malicious software has a hard time getting users to enable it.
Remember, we're talking about a hardware driver here! It has access to the kernel, so it can ultimately do whatever it wants, the API just makes it easier.
If the user is prompted to give permission for the application to have access to this information then at least you know which ones are doing it and can avoid using them if you are worried about it.
In the case that was mentioned above, hardware frequently has drivers which can run as part of the kernel and can read the memory of other processes, among other things. A user of some hardware would be very likely to install a driver for it, without realizing that a malicious driver can basically do whatever it wants on their system.
In practice, if the software one wants to use is not trustable, then it shouldn't be run, at least on current mainstream desktop operating systems.
That's there because it's been in there forever in the win32 API, and changing that would break applications.
For example, a long time ago, I wrote a small application that would iterate through a list of executables, launch each one sequentially, and for as long as that executable ran, it would look at the window that had the current focus, enumerate every control, and then send a click message to any control that would contain the words yes, agree, continue, accept, install, ok. Made my life easier to automatically install software on computers unattended.
There are plenty of other applications that require looking up other windows and sending them messages for all kinds of user workflows, things like autohotkey and so on. Changing that behavior would break all of them.