Why does windows let you draw on the whole screen?

Question

I've been playing a big with the DC obtained with CreateDC(L"DISPLAY",NULL,NULL,NULL) and I've been wondering why does windows let you draw on the whole screen that easily, cause I think you could do some pretty evil stuff with that like putting a TIMER at 1ms and drawing a black rectangle on the whole screen every time the timer ticks.

Answer 1

why does windows let you write to the hard drive so easily?

you could do some pretty evil stuff like overwrite every file on the hard drive.

Answer 2

The fact that you could do some pretty evil stuff doesn't mean windows shouldn't let you do it. Just think of all the other evil things you could do:

• Run in an infinite loop and eat up all the cpu time.
• Write random bits to a file until you fill up the whole hard disk.
• Delete random files all over the place.
• Allocate memory like crazy until the computer slows to a crawl.

Just because you CAN do those things doesn't mean windows should prevent you from writing to the hard drive or allocating memory or deleting files.

The purpose of Windows is to provide an environment in which programs can run. The more flexible they make that environment, the more interesting (and, unfortunately, devious) programs it makes possible for developers to create.

If they started putting in arbitrary restrictions on what you can do because you might abuse it... well, then it wouldn't be windows, it would be an iPhone :)

Answer 3

Because it should be that easy.

It is that easy because to put rules and controls in place would mean that you would be cutting down the things you can do with the language and the windows framework. If this happened then there would be screams from the other side of the fence shouting at how you can't do this and that.

It is these abilities which make the language powerful, but with that power comes the danger. Just because you can do something, doesn't mean that you should. You can format you hard drive... doesn't mean that you should do this when you launch the clock application.

If you are not happy with this level of 'responsibility' then pick a different language or framework to write in.

Answer 4

Everything is a Window and Every Window has a HANDLE. So, if you have got DesktopHandle, then you can draw anything on it. What is the problem with it.

Offcourse, the application that is doing evil stuff(like you said) has been allowed to run on the machine by yourself, therefore, it can do more eviler stuff than this such as formatting your hard-drive etc.

Answer 5

The security of the desktop is given to the user running the desktop, you can't draw on it if you are not a privileged user.

Note that one doesn't usually CreateDC() on the desktop, but usually GetDC() for a particular window during the WM_PAINT message handler.

A program can also delete the file system, or destroy the registry (if suitably permissioned), the desktop is a user-permissioned resource like any other. If they run an application with their security credentials, they can do what they wish.

However in practice, one would create a window and paint within it.

Answer 6

If the method you're using (getting the screen DC) was disabled, it wouldn't stop people from doing the following.

You can create a window, you can paint in the window, you can set the size of the window to cover the whole screen, therefore you can paint on the whole screen.

And you can grab a bitmap of the whole screen, so you can paint the underlying screen content in the window and then make adjustments to it.

So it would be very easy to simulate the same effect using a combination of things that, on their own, are perfectly valid and extremely useful.

Answer 7

Because there may be a time when you need to do these things. I am sure at the moment you can't think of any but writing on the screen may be useful.

On OS X there are many applications who write directly on the screen. Useful information like CPU time or even a calender. That's cool!

But not everything that can be done must be done.

Answer 8

One of the primary reasons Windows is so afflicted with malware is the lack of security around such things as you describe. Others have cited examples such as filling the hard drive, erasing random files, or eating CPU time... all of these things are security concerns, and all of them are prevented by the other two major operating systems (Linux and OSX). This doesn't mean that you can't do similar things on those operating systems, but it means that a normal user can't do it. They'd have to be granted the right permissions, and usually also forced to use a very restrictive API to limit what they can do. So the answer to your question is "because it wasn't designed with security in mind". This allows programmers significantly more flexibility, and these powers can be used for good, but IMHO it more often breeds laziness (people use the brute force way instead of spending the time figuring out the "right" way to do something) and opens the door for security problems (malware).