Thread: SCR attack
View Single Post
  #7  
Old December 3rd 19, 01:34 AM posted to alt.comp.os.windows-10,alt.windows7.general
VanguardLH[_2_]
external usenet poster
  
Posts: 10,881
Default SCR attack
Mayayana wrote:

Just a note about a current attack. I just got an email
with an attached .SCR. No message. Screensaver!
I'd forgotten those existed.

I changed HKCR\.scr default value to "txtfile" and deleted
HKCR\scrfile\

I don't know of any reason for screensavers to still exist.
I certainly don't use them.

How many users lock their computer before leaving it powered? A
screensaver can be configured to lock the workstation after an idle
timeout. A password is required to exit the screensaver. No need to go
through a power cycle. Protects against forgetful users that walk away
from their active sessions. Yes, users could hit Win+L to lock their
session before they walk away, but few do. Think of it as a delayed
automatic lock on your house or car door. Still affords some
protection, and is better than no protection.

If you are far from the monitor but can still see the monitor, it is
unlikely that anything displayed on it has any value. You'll be too far
away to see your Calendar, Word, Outlook, web browser, or other program
and its content. But a large clock display that can be seen across the
room still has the computer afford something of value to you when you're
not at the computer.

Just because you have done so, the screensaver generates an event on
which scheduled events can trigger. That is, when the screensaver
fires, and event gets recorded. You can define an event in Task
Scheduler to fire on that event. For example, I don't like being
awakened during the night by sounds made by my computer, like for new
e-mails. When the screen lock occurs, my Task Scheduler event will mute
the speakers. That way, I'm not interrupted while sleeping. Yes, I
could schedule when the speakers get muted, but that assumes I'm an
automotron that keeps fixed hours of waking and sleeping. No, my hours
vary all over the place. The only way to know that I haven't been using
the computer for awhile is by the screensaver's idle timeout whereupon
the speakers get muted. I have another Task Scheduler event that
watches for the unlock event to unmute the speakers. I don't have to
remember to mute the speakers before walking away, nor have to remember
to unmute them upon my return.

Oh, by the way, burn in was a problem with CRTs, but it did not
completely disappear with LCDs. It just became longer before burn-in
got effected on an LCD monitor.

https://en.wikipedia.org/wiki/Screen..._OLED_displays
https://www.techhive.com/article/314...d-display.html
https://lifehacker.com/is-burn-in-st...nitors-5982108
https://lifehacker.com/remove-lcd-image-burn-in-146469

I've seen temporary burn-in with LCD monitors. You see the ghost for
awhile, but it fades over time, like hours or days. Remember that the
twisting of the lens (polarizer) for a pixel is a mechanical stress.
There's memory to that mechanical stress. This is why I may use a clock
for the screensaver, but the clock moves around. Perhaps most users
like to have light shining in their eyes. I can't see how it is
comfortable to have a flashlight in your eyes all the time. I prefer
dark themes. The light theme is traditional based on paper books that
had black ink on white paper (cheaper cost for ink, and white paper is
cheaper to produce than black). So monitors emulated the contrast used
by books, yet most documents or window are whitespace which means light
shone into your eyes. I find dark themes more relaxing on my eyes, and
I will more likely see ghosting than someone using a light theme. I use
a dark theme on my desktops, laptops, and smartphones. Not all apps
obey the OS configured theme, so you have to check if they have their
own dark theme, or if you can configure their colors.

CRTs had a burn-in problem because they used a chemical (phosphor) to
produce light. LCDs don't have burn-in, but they can be afflicted with
image persistence.
Ads