"Full" UAC, also known as actual UAC, moves you to a secure desktop without any other windows (which also prevents a few forms of keylogging). You can't alt-tab into any of your previous applications, either, until the prompt has been dealt with. Faking this requires kernel-mode permissions.
But then again, users will STILL enter the password, giving the app root permission anyway. The warning here would be that the "fake" Handbrake would not have been signed, and blocked by SmartScreen. (They could get a signing cert, and use that, and aware users would have to know it differs...)
I still think the safest way is Windows XP style. Applications do not get root. You cannot give them root. Things that require an administrative password have to be done under the administrative account.
That's what I always wondered — why it's hard to fake UAC? Surely I can create a full-screen application which won't give away focus with alt-tab (that's very frequent behaviour with bad games).
One software I was/am still working on has an onscreen display(clear always top window ) so I can draw icons and text over a game, it's a pain to alt-tab out of(due to me setting it to constantly check to see if it's ontop, and if not, to set it).
So I would say that it's certainly possible, although I haven't tried specifically to do that to emulate UAC.
Edit:
Infact I had a bug at one stage where if I closed the main window, the invisible window would remain running, with no entry in the start bar.
Now I'm becoming a little more concerned, as I could also listen for hotkeys, (such as Ctrl alt delete) and display my own 'secure login' page. Shit
Listening for these hotkeys is kind of pointless. The whole idea of pressing Ctrl + Alt + Del is that, while you can detect the keys being pressed, you cannot prevent Windows to display its interface on top of yours. See https://en.wikipedia.org/wiki/Secure_attention_key
That's actually a good mechanism that should be brought back to all modern OS. I wish Android had something similar (well, available physical input keys are limited, but you get the idea)
I would like to hope so, I haven't tried intercepting something like that(I just listen for certain keys), I do wonder if someone more experienced than me could listen for Ctrl and alt, then intercept the delivery, and display their own. (I would 'assume' the system gets first dibs on any keypress, but what if you listened for Ctrl and alt then used a sendkey to upkey the Ctrl and alt, and detect a del key press and then display a fake).
(Sorry, can't test, as I don't have a Windows machine ready)
AFAIK, whenever you get a dialog that asks for your admin password, hit Control-Alt-Delete. If the dialog is a real one, focus stays with that window. If it is fake, a real one pops up on top of the fake one.
But then again, users will STILL enter the password, giving the app root permission anyway. The warning here would be that the "fake" Handbrake would not have been signed, and blocked by SmartScreen. (They could get a signing cert, and use that, and aware users would have to know it differs...)
I still think the safest way is Windows XP style. Applications do not get root. You cannot give them root. Things that require an administrative password have to be done under the administrative account.