In some examples, a window system may support full window transparency. For example, a first window from an instance of an application may be displayed on the desktop environment, and a second window from an instance of the same or different application may be displayed on the desktop environment in a manner that the second window overlaps with the first window where the first window is in the foreground (“in focus”) and the second window in the background. In some instances, the first window may be completely transparent, thereby visibly showing only the second window.
However, the window systems that support window transparency may be susceptible to attacks such as click-jacking attacks or click-through attacks. For example, an attacker may place a completely transparent window on top of an existing window (e.g., the completely transparent window is in the foreground). Because the user will believe he/she is interacting with the existing (underlying) window (due to the transparency of the attacker's window), input provided by the user which is meant for the underlying window can be captured by the attacker's window. Alternatively, an attacker may place an opaque pass-through region of a window over a hit-region of an underlying window (thereby hiding the underlying hit-region), where the opaque pass-through region is meant to deceive the user into an input event on the hidden hit-region. Because the opaque region of the attacker's window is a pass-through area, any user input on this region will pass-through resulting in an unintended computer action.