site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Organization: Qrrbrbirlbel User-agent: Opera M2(BETA1)/8.0 (MacPPC, build 1945) - Brian My $0.02. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... As I understand it, the only thing that comes close in userland (meaning you wouldn't need to be root or admin to do it) is you can install an event handler on the event monitor target, which was new to Panther. However, it only lets you receive and monitor events (and not intercept events), and in the case of privacy concerns, any key event typed in a password text field is not sent to the event monitor, so it's more or less useless for spyware stuff. (Although, now that I think about it, being able to intercept mouse events wouldn't that useful for spyware either. If the idea is to take control of the mouse, there's ways to do that already incidentally. Fortunately no one has written anything malicious using it that I know of.) I don't have a solution or even any real data for TOP, but I would like to inject a comment into the discussion. I certainly hope that if there is a way to do this _without_ installing a kernel extension that it operates in a secure manner. I should have to authenticate as an admin on the system to get such a thing installed even when running under and admin account. Otherwise this would be an obvious path to bring all manner of spyware to the platform. -Mike This email sent to site_archiver@lists.apple.com