If the OS is compromised, then you can't work around that to secure a program inside the OS. You can run the program somewhere else, like on the keyboard itself. Some secure crypto devices have displays, so you can see what you're signing.
The only similar thing I've heard of is the "Secure Attention Sequence" in Windows. That is, pressing CtrlAltDel before entering credentials lets you be sure an application is not mimicking the logon prompt. But of course if the OS is compromised (like by loading a driver that intercepts such keystrokes, like VMware Enhanced Keyboard) all bets are off.
Think about it, the OS is executing all the code for the app, and storing all the memory.
This is also why there is a push for trusted computing. Being able to have your processor, OS, etc be able to verify they are running a trusted configuration is a powerful thing. It makes the owner of the computer in control. (The downside is when the user is not the owner, but would like to be, then they get upset at restrictions.)
"Trusted computing" puts the controller of the trusted infrastructure in control - the owner of the computer should expect that any NSA-approved malware will be considered properly trusted, and being in control of a secure OS doesn't help against attacks coming from the hardware (malware or backdoors on firmware) with direct memory access.
The only similar thing I've heard of is the "Secure Attention Sequence" in Windows. That is, pressing CtrlAltDel before entering credentials lets you be sure an application is not mimicking the logon prompt. But of course if the OS is compromised (like by loading a driver that intercepts such keystrokes, like VMware Enhanced Keyboard) all bets are off.
Think about it, the OS is executing all the code for the app, and storing all the memory.
This is also why there is a push for trusted computing. Being able to have your processor, OS, etc be able to verify they are running a trusted configuration is a powerful thing. It makes the owner of the computer in control. (The downside is when the user is not the owner, but would like to be, then they get upset at restrictions.)