How to know the windows security dialog asking for username password is genuine?

Question

I recently faced one issue. It appeared my outlook launched a dialog saying it needed password. It looked like this

I noticed the "->" character in the domain name which usually it auto fills. Also the image it is showing is the default windows 7 user image. I have changed it and it doesn't reflect that. e.g. if I launch remote desktop, here is the windows security dialog which comes up.

What's going on? Is Outlook launching some custom dialog for password? How can user trust such dialog? Is any app free to launch such dialog?

Answer 1

What's going on?

Deviant software behavior. It may be a simple bug, or it could be the side effect of a malicious program. it's hard to tell without more information.

Is Outlook launching some custom dialog for password?

It looks like Outlook ow whatever programs you are using are sending data to a standard authentication mechanism. My guess is that there may be some language translation occuring: i.e. from some language to English.

How can user trust such dialog?

You would need some assurance mechanisms in place. An integrity checking mechanism is a good place to start. You will need a know good integrity value and a system capable of periodically checking your current software against the known good values.

Is any app free to launch such dialog?

More or less yes. Windows provides a framework to programmers for presenting GUI components to users. Even if the authentication mechanism is protected the dialogue GUI can be faked and has been on many versions of Windows in the past.