Electronic mail is a method of exchanging messages between people using electronic devices. Invented by Ray Tomlinson, email first entered limited use in the 1960s and by the mid-1970s had taken the form now recognized as email. Email operates across computer networks, which today is the Internet; some early email systems required the author and the recipient to both be online at the same time, in common with instant messaging. Today's email systems are based on a store-and-forward model. Email servers accept, forward and store messages. Neither the users nor their computers are required to be online simultaneously. An ASCII text-only communications medium, Internet email was extended by Multipurpose Internet Mail Extensions to carry text in other character sets and multimedia content attachments. International email, with internationalized email addresses using UTF-8, has been standardized, but as of 2017 it has not been adopted; the history of modern Internet email services reaches back to the early ARPANET, with standards for encoding email messages published as early as 1973.
An email message sent in the early 1970s looks similar to a basic email sent today. Email had an important role in creating the Internet, the conversion from ARPANET to the Internet in the early 1980s produced the core of the current services; the term electronic mail was used generically for any electronic document transmission. For example, several writers in the early 1970s used the term to describe fax document transmission; as a result, it is difficult to find the first citation for the use of the term with the more specific meaning it has today. Electronic mail has been most called email or e-mail since around 1993, but variations of the spelling have been used: email is the most common form used online, is required by IETF Requests for Comments and working groups and by style guides; this spelling appears in most dictionaries. E-mail is the format that sometimes appears in edited, published American English and British English writing as reflected in the Corpus of Contemporary American English data, but is falling out of favor in some style guides.
Mail was the form used in the original protocol standard, RFC 524. The service is referred to as mail, a single piece of electronic mail is called a message. EMail is a traditional form, used in RFCs for the "Author's Address" and is expressly required "for historical reasons". E-mail is sometimes used, capitalizing the initial E as in similar abbreviations like E-piano, E-guitar, A-bomb, H-bomb. An Internet e-mail consists of an content. Computer-based mail and messaging became possible with the advent of time-sharing computers in the early 1960s, informal methods of using shared files to pass messages were soon expanded into the first mail systems. Most developers of early mainframes and minicomputers developed similar, but incompatible, mail applications. Over time, a complex web of gateways and routing systems linked many of them. Many US universities were part of the ARPANET, which aimed at software portability between its systems; that portability helped make the Simple Mail Transfer Protocol influential.
For a time in the late 1980s and early 1990s, it seemed that either a proprietary commercial system or the X.400 email system, part of the Government Open Systems Interconnection Profile, would predominate. However, once the final restrictions on carrying commercial traffic over the Internet ended in 1995, a combination of factors made the current Internet suite of SMTP, POP3 and IMAP email protocols the standard; the diagram to the right shows a typical sequence of events that takes place when sender Alice transmits a message using a mail user agent addressed to the email address of the recipient. The MUA formats the message in email format and uses the submission protocol, a profile of the Simple Mail Transfer Protocol, to send the message content to the local mail submission agent, in this case smtp.a.org. The MSA determines the destination address provided in the SMTP protocol, in this case firstname.lastname@example.org, a qualified domain address. The part before the @ sign is the local part of the address the username of the recipient, the part after the @ sign is a domain name.
The MSA resolves a domain name to determine the qualified domain name of the mail server in the Domain Name System. The DNS server for the domain b.org responds with any MX records listing the mail exchange servers for that domain, in this case mx.b.org, a message transfer agent server run by the recipient's ISP. smtp.a.org sends the message to mx.b.org using SMTP. This server may need to forward the message to other MTAs before the message reaches the final message delivery agent; the MDA delivers it to the mailbox of user bob. Bob's MUA picks up the message using either the Post Office Protocol or the Internet Message Access Protocol. In addition to this example and complications exist in the email system: Alice or Bob may use a client connected to a corporate email system, such as IBM Lotus Notes or Microsoft Exchange; these systems have their own internal email format and their clients communicate with the email server using a vendor-specific, proprietary protocol. The server sends or receives email via the Internet through the product's Internet mail gateway which does any necessary reformatt
Phishing is the fraudulent attempt to obtain sensitive information such as usernames and credit card details by disguising as a trustworthy entity in an electronic communication. Carried out by email spoofing or instant messaging, it directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site. Phishing is an example of social engineering techniques being used to deceive users. Users are lured by communications purporting to be from trusted parties such as social web sites, auction sites, online payment processors or IT administrators. Attempts to deal with phishing incidents include legislation, user training, public awareness, technical security measures — because phishing attacks often exploit weaknesses in current web security; the word itself is a neologism created as a homophone of fishing, due to the similarity of using a bait in an attempt to catch a victim. Phishing attempts directed at specific individuals or companies have been termed spear phishing.
In contrast to bulk phishing, spear phishing attackers gather and use personal information about their target to increase their probability of success. Threat Group-4127 used spear phishing tactics to target email accounts linked to Hillary Clinton's 2016 presidential campaign, they attacked more than 1,800 Google accounts and implemented the accounts-google.com domain to threaten targeted users. Clone phishing is a type of phishing attack whereby a legitimate, delivered, email containing an attachment or link has had its content and recipient address taken and used to create an identical or cloned email; the attachment or link within the email is replaced with a malicious version and sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of an updated version to the original; this technique could be used to pivot from a infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.
The term whaling has been coined for spear phishing attacks directed at senior executives and other high-profile targets. In these cases, the content will be crafted to target an upper manager and the person's role in the company; the content of a whaling attack email may be an executive issue such as a subpoena or customer complaint. Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website. Another common trick is to make the displayed text for a link suggest a reliable destination, when the link goes to the phishers' site. Many desktop email clients and web browsers will show a link's target URL in the status bar while hovering the mouse over it; this behavior, may in some circumstances be overridden by the phisher.
An attacker can potentially use flaws in a trusted website's own scripts against the victim. These types of attacks are problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it difficult to spot without specialist knowledge; such a flaw was used in 2006 against PayPal. To avoid anti-phishing techniques that scan websites for phishing-related text, phishers sometimes use Flash-based websites; these hide the text in a multimedia object. Covert redirect is a subtle method to perform phishing attacks that makes links appear legitimate, but redirect a victim to an attacker's website; the flaw is masqueraded under a log-in popup based on an affected site's domain. It can affect OAuth OpenID based on well-known exploit parameters as well; this makes use of open redirect and XSS vulnerabilities in the third-party application websites.
Users may be redirected to phishing websites covertly through malicious browser extensions. Norma
Hewlett-Packard spying scandal
On September 5, 2006, Newsweek revealed that Hewlett-Packard's general counsel, at the behest of HP chairwoman Patricia Dunn, had contracted a team of independent security experts to investigate board members and several journalists in order to identify the source of an information leak. In turn, those security experts recruited private investigators who used a spying technique known as pretexting; the pretexting involved investigators impersonating HP board members and nine journalists in order to obtain their phone records. The information leaked related to HP's long-term strategy and was published as part of a CNET article in January 2006. HP hired public relations firm Sitrick and Company to manage their media relations during the crisis. Patricia Dunn claimed she did not know beforehand the methods the investigators used to try to determine the source of the leak. Board member George Keyworth was accused of being the source and on September 12, 2006, he resigned, although he continued to deny making unauthorized disclosures of confidential information to journalists and was thanked by Mark Hurd for his board service.
It was announced at that time that Dunn would continue as chairwoman until January 18, 2007, at which point HP CEO Mark Hurd would succeed her. On September 22, 2006 HP announced that Dunn had resigned as chairwoman because of the "distraction her presence on our board" created. On September 28, 2006, Ann Baskins, HP's general counsel, resigned hours before she was to appear as a witness before the House Committee on Energy and Commerce, where she would invoke the Fifth Amendment to refuse to answer questions. On September 11, 2006, CNET News.com publicly released a five-page letter written by the United States House Committee on Energy and Commerce to Patricia Dunn stating that it had, for the past seven months, been conducting an investigation on Internet-based data brokers who use "lies and deception" to acquire personal information, allow anyone who pay a "modest fee" to acquire "itemized incoming and outgoing call logs", not only for cell phone numbers but for VoIP numbers, landline numbers, unpublished phone numbers.
Additional data that could be obtained included addresses and other personal data, obtained without the consent or prior notice to the owner of the number. The committee had learned about HP's use of pretexting through its September 6 SEC filing and through their own inquiry of HP's Nominating and Governance Committee, stating they are "troubled" by the information, "particularly that it involves HP—one of America's corporate icons." The committee requested, under Rules X and XI of the United States House of Representatives, the following information from HP by September 18, 2006: 1. The name and identity of the outside consulting firm cited in HP's September 6, 2006, filing with the SEC, of any other outside consultants who were hired by HP to assist in conducting the Leak Investigation. 2. Copies of any contracts, letters of engagement and investigative plans related to the Leak Investigation, conducted by the outside consulting firm or by any other party. 3. The names and identities of all third parties, whether hired directly by HP or by HP's outside consulting firm, who were used during the leak investigation to procure, or to attempt to procure telephone records and other personal consumer information of any targets or subjects of the Leak Investigation.
4. A list of all individuals or entities that were targets or subjects, or designated as targets or subjects, of the Leak Investigation. 5. A list of all individuals, including HP employees, who were involved with conducting the Leak Investigation or who had contemporaneous knowledge of the Leak Investigation. 6. A list of all individuals or entities whose telephone records or other personal consumer information were procured or attempted to be procured by the outside consulting firm or by any party during the period January 1, 2005, to the present. 7. A list of all individuals whose telephone records or other personal consumer information were procured by the outside consulting firm or by any party during the period January 1, 2005, to the present. For each individual, describe the types of records that were procured. 8. Copies of all reports prepared for the Leak Investigation by the outside consulting firm or by any other party, including any and all analysis or opinions regarding the appropriateness or legality of pretexting.
9. A copy of the letter of engagement with the law firm Wilson Sonsini Goodrich & Rosati regarding the Committee Inquiry. 10. Copies of all reports prepared for the Committee Inquiry, including any report prepared by the firm Wilson Sonsini Goodrich & Rosati. 11. Copies of all draft and final Board minutes that either relate to either the Leak Investigation or the Committee Inquiry. In addition to the above-mentioned information, the Committee on Energy and Commerce requested the following information from HP by September 25, 2006: 12. All records relating either the Leak Investigation or Committee Inquiry, including but not limited to communications to or from the outside consulting firm, communications by or between HP employees or Board Members, communications to or from the outside counsel. Please do not provide any copies of the actual telephone records or any other records procured. At the September 28, 2006 hearing and Hurd both testified extensively about the investigation. Dunn testified that until June or July 2006, she did not realize that "pretexting" could involve identity misrepresentation.
Dunn insisted that she had believed that personal phone records could be obtained through legal methods. Other witnesses, including Ann Baskins, HP's former Ge
A bounce message or just "bounce" is an automated message from a mail system, informing the sender of a previous message that that message had not been delivered. The original message is said to have "bounced". More formal terms for bounce message include "Non-Delivery Report" or "Non-Delivery Receipt", "Delivery Status Notification" message, or a "Non-Delivery Notification". Errors may occur at multiple places in mail delivery. A sender may sometimes receive a bounce message from their own mail server, reporting that it has been unable to send a message, or alternatively from a recipient's mail server reporting that although it had accepted the message, it is unable to deliver it to the specified user; when a server accepts a message for delivery, it is accepting the responsibility to deliver a bounce message in the event that delivery fails. When an e-mail arrives at the destination server for an address, it may be that the mail daemon is unable to deposit the message in the specified user's mailbox if the underlying hard drive of the server has insufficient space.
When sending an e-mail, the service from which the e-mail is sent may be unable to reach the destination address. In such case, the sender would receive a bounce message from their own mail server. Common causes for mail servers being unable to reach a destination: Unable to resolve the destination address. For example, if the domain name does not exist. Unable to establish a connection with the destination address. For example, if the IP address is not assigned to a server, or if the server is offline. Users may receive erroneous bounce messages about messages they never sent; this can happen in particular in the context of email spam or email viruses, where a spammer may forge a message to another user, forges the message to appear from yet another user. If the message cannot be delivered to the intended recipient the bounce message would be "returned" to the third party instead of the spammer; this is called backscatter. Had the library.example mail server known that the message would be undeliverable it would not have accepted the message in the first place, therefore would not have sent the bounce.
Instead, it would have rejected the message with an SMTP error code. This would leave Jack's mail server the obligation to deliver a bounce. Bounces are a special form of autoresponder. Autoresponses are mails sent by a program—as opposed to a human user—in reply to a received mail and sent to the bounce address. Examples of other auto replies are vacation mails, challenges from challenge-response spam filtering, replies from list servers, feedback reports; these other auto replies are discussed in RFC 3834: auto replies should be sent to the Return-Path stated in the received mail which has triggered the auto reply, this response is sent with an empty Return-Path. The Return-Path is visible in delivered mail as header field Return-Path inserted by the SMTP mail delivery agent; the MDA copies the reverse path in the SMTP MAIL FROM command into the Return-Path. The MDA removes bogus Return-Path header fields inserted by other MTAs. Today these paths are reduced to ordinary email addresses, as the old SMTP'source routing' was deprecated in 1989.
One special form of a path still exists: the empty path MAIL FROM:<>, used for many auto replies and all bounces. In a strict sense, bounces sent with a non-empty Return-Path are incorrect. RFC 3834 offers some heuristics to identify incorrect bounces based on the local part of the address in a non-empty Return-Path, it defines a mail header field, Auto-Submitted, to identify auto replies, but the mail header is a part of the mail data, MTAs don't look into the mail. They deal with the envelope, that includes the MAIL FROM address but not, e.g. the RFC 2822-From in the mail header field From. These details are important for schemes like BATV; the remaining bounces with an empty Return-Path are non-delivery reports or delivery status notifications. DSNs can be explicitly solicited with an SMTP Service Extension, however it is not used. Explicit requests for delivery failure details is much more implemented with variable envelope return path, while explicit requests for them are implemented. NDRs are a basic SMTP function.
As soon as an MTA has accepted a mail for forwarding or delivery it cannot silently delete it. Excluding MDAs, all MTAs forward mails to another MTA; this next MTA is free to reject the mail with an SMTP error message like "user unknown", "over quota", etc. At this point the sending MTA has to bounce the message, i.e. inform its originator. A bounce may arise without a rejecting MTA, or as RFC 5321 puts it: "If an SMTP server has accepted the task of relaying the mail and finds that the destination is incorrect or that the mail cannot be delivered for some other reason it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as in
Social engineering (security)
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not contain the divulging of confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is one of many steps in a more complex fraud scheme, it has been defined as "any act that influences a person to take an action that may or may not be in their best interests." Employee behavior can have a big impact on information security in organizations. Cultural concepts can help different segments of the organization work or work against effectiveness towards information security within an organization. "Exploring the Relationship between Organizational Culture and Information Security Culture" provides the following definition of information security culture: "ISC is the totality of patterns of behavior in an organization that contribute to the protection of information of all kinds."Social engineering has been used extensively by Islamic State and other terrorist groups for recruiting and radicalising younger people into joining their cause.
Andersson and Reimers found that employees do not see themselves as part of the organization Information Security "effort" and take actions that ignore organizational information security best interests. Research shows. In "Information Security Culture from Analysis to Change", authors commented, "It's a never ending process, a cycle of evaluation and change or maintenance." To manage the information security culture, five steps should be taken: Pre-evaluation, strategic planning, operative planning and post-evaluation. Pre-Evaluation: to identify the awareness of information security within employees and to analysis current security policy. Strategic Planning: to come up a better awareness-program, we need to set clear targets. Clustering people is helpful to achieve it. Operative Planning: we can set a good security culture based on internal communication, management-buy-in, security awareness and training program. Implementation: four stages should be used to implement the information security culture.
They are commitment of the management, communication with organizational members, courses for all organizational members, commitment of the employees. All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases; these biases, sometimes called "bugs in the human hardware", are exploited in various combinations to create attack techniques, some of which are listed below. The attacks used in social engineering can be used to steal employees' confidential information; the most common type of social engineering happens over the phone. Other examples of social engineering attacks are criminals posing as exterminators, fire marshals and technicians to go unnoticed as they steal company secrets. One example of social engineering is an individual who walks into a building and posts an official-looking announcement to the company bulletin that says the number for the help desk has changed. So, when employees call for help the individual asks them for their passwords and IDs thereby gaining the ability to access the company's private information.
Another example of social engineering would be that the hacker contacts the target on a social networking site and starts a conversation with the target. The hacker gains the trust of the target and uses that trust to get access to sensitive information like password or bank account details. Social engineering relies on the 6 principles of influence established by Robert Cialdini. Cialdini's theory of influence is based on six key principles: reciprocity and consistency, social proof, liking, scarcity. Reciprocity – People tend to return a favor, thus the pervasiveness of free samples in marketing. In his conferences, he uses the example of Ethiopia providing thousands of dollars in humanitarian aid to Mexico just after the 1985 earthquake, despite Ethiopia suffering from a crippling famine and civil war at the time. Ethiopia had been reciprocating the diplomatic support Mexico provided when Italy invaded Ethiopia in 1935; the good cop/bad cop strategy is based on this principle. Commitment and consistency – If people commit, orally or in writing, to an idea or goal, they are more to honor that commitment because they have stated that that idea or goal fits their self-image.
If the original incentive or motivation is removed after they have agreed, they will continue to honor the agreement. Cialdini notes Chinese brainwashing of American prisoners of war to rewrite their self-image and gain automatic unenforced compliance. Another example is marketers who make the user close popups by saying “I’ll sign up later” or "No thanks, I prefer not making money”. Social proof – People will do things that they see other people are doing. For example, in one experiment, one or more confederates would look up into the sky. At one point this experiment was aborted, as so many people were looking up that they stopped traffic. See conformity, the Asch conformity experiments. Authority – People will tend to obey authority figures if they are asked to perform objectionable acts. Cialdini cites incidents such as the Milgram experiments in the My Lai massacre. Liking – People are persuaded by other people whom they like. Cialdini cites the marketing of Tupperware in. People were mo
Spamming is the use of messaging systems to send an unsolicited message advertising, as well as sending messages on the same site. While the most recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam, it is named after Spam, a luncheon meat, by way of a Monty Python sketch about a restaurant that has Spam in every dish and where patrons annoyingly chant "Spam!" over and over again. Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, infrastructures, IP ranges, domain names, it is difficult to hold senders accountable for their mass mailings; the costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the volume.
Spamming has been the subject of legislation in many jurisdictions. A person who creates spam is called a spammer; the term spam is derived from the 1970 Spam sketch of the BBC television comedy series Monty Python's Flying Circus. The sketch, set in a cafe, has a waitress reading out a menu where every item includes Spam canned luncheon meat; as the waitress recites the Spam-filled menu, a chorus of Viking patrons drowns out all conversations with a song, repeating "Spam, Spam, Spam… Spammity Spam! Wonderful Spam!". The excessive amount of Spam mentioned, references the preponderance of it and other imported canned meat products in the United Kingdom after World War II, as the country struggled to rebuild its agricultural base. In the 1980s the term was adopted to describe certain abusive users who frequented BBSs and MUDs, who would repeat "Spam" a huge number of times to scroll other users' text off the screen. In early chat rooms services like PeopleLink and the early days of Online America, they flooded the screen with quotes from the Monty Python Spam sketch.
This was used as a tactic by insiders of a group that wanted to drive newcomers out of the room so the usual conversation could continue. It was used to prevent members of rival groups from chatting—for instance, Star Wars fans invaded Star Trek chat rooms, filling the space with blocks of text until the Star Trek fans left, it came to be used on Usenet to mean excessive multiple posting—the repeated posting of the same message. The unwanted message would appear in many, if not all newsgroups, just as Spam appeared in all the menu items in the Monty Python sketch; the first usage of this sense was by Joel Furr This use had become established—to spam Usenet was flooding newsgroups with junk messages. The word was attributed to the flood of "Make Money Fast" messages that clogged many newsgroups during the 1990s. In 1998, the New Oxford Dictionary of English, which had only defined "spam" in relation to the trademarked food product, added a second definition to its entry for "spam": "Irrelevant or inappropriate messages sent on the Internet to a large number of newsgroups or users."
There was an effort to differentiate between types of newsgroup spam. Messages that were crossposted to too many newsgroups at once – as opposed to those that were posted too – were called velveeta, but this term didn't persist. In the late 19th Century Western Union allowed telegraphic messages on its network to be sent to multiple destinations; the first recorded instance of a mass unsolicited commercial telegram is from May 1864, when some British politicians received an unsolicited telegram advertising a dentist. The earliest documented spam was a message advertising the availability of a new model of Digital Equipment Corporation computers sent by Gary Thuerk to 393 recipients on ARPANET in 1978. Rather than send a separate message to each person, the standard practice at the time, he had an assistant, Carl Gartley, write a single mass email. Reaction from the net community was fiercely negative. Spamming had been practiced as a prank by participants in multi-user dungeon games, to fill their rivals' accounts with unwanted electronic junk.
The first major commercial spam incident started on March 5, 1994, when a husband and wife team of lawyers, Laurence Canter and Martha Siegel, began using bulk Usenet posting to advertise immigration law services. The incident was termed the "Green Card spam", after the subject line of the postings. Defiant in the face of widespread condemnation, the attorneys claimed their detractors were hypocrites or "zealouts", claimed they had a free speech right to send unwanted commercial messages, labeled their opponents "anti-commerce radicals"; the couple wrote a controversial book entitled How to Make a Fortune on the Information Superhighway. An early example of nonprofit fundraising bulk posting via Usenet occurred in 1994 on behalf of CitiHope, an NGO attempting to raise funds to rescue children at risk during the Bosnian War. However, as it was a violation of their terms of service, the ISP Panix deleted all of the bulk posts from Usenet, only missing three copies. Within a few years, the focus of spamming moved chiefly to email.
By 1999, Khan C. Smith, a well known hacker at the time, had begun to commercialize the bulk email industry and rallied thousands into the business by building more friendly bulk email software and providing internet access illegally hacked from major ISPs suc
A context menu is a menu in a graphical user interface that appears upon user interaction, such as a right-click mouse operation. A context menu offers a limited set of choices that are available in the current state, or context, of the operating system or application to which the menu belongs; the available choices are actions related to the selected object. From a technical point of view, such a context menu is a graphical control element. Context menus first appeared in the Smalltalk environment on the Xerox Alto computer, where they were called pop-up menus. Microsoft Office v3.0 introduced the context menu for copy and paste functionality in 1990. Borland demonstrated extensive use of the context menu in 1991 at the Second Paradox Conference in Phoenix Arizona. Lotus 1-2-3/G for OS/2 v1.0 added additional formatting options in 1991. Borland Quattro Pro for Windows v1.0 introduced the Properties context menu option in 1992. Context menus are opened via various forms of user interaction that target a region of the GUI that supports context menus.
The specific form of user interaction and the means by which a region is targeted vary: On a computer running Microsoft Windows, macOS, or Unix running the X Window System, clicking the secondary mouse button opens a context menu for the region, under the mouse pointer. On systems that support one-button mice, context menus are opened by pressing and holding the primary mouse button or by pressing a keyboard/mouse button combination. A keyboard alternative for macOS is to enable Mouse keys in Universal Access. Depending on whether a laptop or compact or extended keyboard type is used, the shortcut is Function+Ctrl+5 or Ctrl+5 or Function+Ctrl+i. On systems with a multi-touch interface such as MacBook or Surface, the context menu can be opened by pressing or tapping with two fingers instead of just one. Windows mouse click behavior is such that the context menu doesn't open while the mouse button is pressed, but only opens the menu when the button is released, so the user has to click again to select a context menu item.
This behavior differs from that of macOS and most free software GUIs. In Microsoft Windows, pressing the Application key or Shift+F10 opens a context menu for the region that has focus. Context menus are sometimes hierarchically organized, allowing navigation through different levels of the menu structure; the implementations differ: Microsoft Word was one of the first applications to only show sub-entries of some menu entries after clicking an arrow icon on the context menu, otherwise executing an action associated with the parent entry. This makes it possible to repeat an action with the parameters of the previous execution, to better separate options from actions; the following window managers provide context menu functionality: 9wm IceWM—middleclick and rightclick context menus on desktop, menubar. Titlebars, titleicon olwm openbox sawfish Context menus have received some criticism from usability analysts when improperly used, as some applications make certain features only available in context menus, which may confuse experienced users.
Context menus open in a fixed position under the pointer, but when the pointer is near a screen edge the menu will be displaced - thus reducing consistency and impeding use of muscle memory. If the context menu is being triggered by keyboard, such as by using Shift + F10, the context menu appears near the focused widget instead of the position of the pointer, to save recognition efforts. Microsoft's guidelines call for always using the term context menu, explicitly deprecate shortcut menu. Pie menu Screen hotspot Menu key