I just had to add:

protected media or non-file storage of some kind, prompt the user via low-Tempest GUI with integrated keyboard-logging spoofing

If you need this level of security or have assests worthy of this type of costly attack, you should be investing in anti-surveilence equipment. Fit the security to the risk.

ibanix

$ echo '$0 & $0 &' > foo; chmod a+x foo; foo;