123

When logging into Windows, it says on that page that CTRL-ALT-DEL somehow makes Windows more secure. I have never been able to figure a mechanism where having to press some specific key combination before logging in makes the system more secure. I have never encountered a VMS, UNIX or related system that makes you press any key to log in -- except older terminal-based UNIXes where you press ENTER to get a login prompt.

How does having to press CTRL-ALT-DEL before logging in make Windows more secure?

chicks
  • 3,639
  • 10
  • 26
  • 36
Eddie
  • 11,332
  • 8
  • 36
  • 48
  • It would be interesting to contrast with Unix/Linux login methods, which do not require C-M-Del. Is this because Windows provides more login hooks than Unix systems? – spoulson May 02 '09 at 01:25
  • 3
    It's also interesting that some (many, most?) Linux distributions are set up to perform an immediate reboot if you manage to get to the keyboard and hit ctrl+alt+del - with no user authentication required ^^ (configurable of course) – Oskar Duveborn May 02 '09 at 01:50
  • 6
    to be pedantic, to initiate an immediate reboot. It's not a forced reboot; all processes get time to shut down, etc – Mikeage May 07 '09 at 04:02
  • 2
    Yeah true - *requests comment editing* - not that the end-result difference really matters, but yes - it's a "nice" reboot - but a service denial nevertheless. On the other hand, physical access = anything goes – Oskar Duveborn May 07 '09 at 13:36
  • @Oskar, I think it's a use/culture thing. Most of those "enabled by default" distributions are for servers, and the mindset is that there is a closed (locked) door somewhere in front of the machine. Having the machine reboot in response to a crisis of some kind - OOM-Killer has kicked in and you just want the pain to stop - makes Ctl-Alt-Del a nicety. Otherwise, yeah, you can turn it off and leave it off. – Avery Payne Oct 07 '09 at 04:57
  • 3
    @spoulson, I believe it's the other way around. There are several different gettys that you can run - some handle voice and fax - and that implies a modular way of handling logins. Then you also factor in the dusty-old concept of serial cable attached terminals, and pretty soon you realize that you can't just send Ctl-Alt-Del down a serial line that easily - what is the correct ANSI/ASCII sequence and do all terminals support it? So you're left with handling things as they are - which means, for better or worse, either the system is secure, or it isn't and it's keylogging your passwords. – Avery Payne Oct 07 '09 at 05:01
  • Of course, the "modern" version of that is SSH, which does away with that premise, makes the transition from serial to IP-based network as a connection/transport, and now includes trust factors for both server and client. – Avery Payne Oct 07 '09 at 05:04

7 Answers7

138

The Windows (NT) kernel is designed to reserve the notification of this key combination to a single process: Winlogon. So, as long as the Windows installation itself is working as it should - no third party application can respond to this key combination (if it could, it could present a fake logon window and keylog your password ;)

Oskar Duveborn
  • 10,740
  • 3
  • 32
  • 48
  • So faking the keyboard interrupt is okay for an app (to make remote desktop applications work), but faking the response is impossible? – Tomalak May 02 '09 at 07:35
  • 6
    Right. The secure part is that once you press ctrl-alt-delete, you know that you're typing your password into the real Winlogon and not another program meant to look like it. – Stephen Jennings May 02 '09 at 08:02
  • 39
    You still have to trust the base system being unmodified no matter how you look at it - it's only to prevent user applications faking the logon screen on a local session. It helps, it does not completely prevent. Nothing is secure. – Oskar Duveborn May 02 '09 at 12:44
  • On my dell laptop I have been trying out the fingerprint stuff, that replaces the default windows login prompt. But this is an approved OS change. Only downside is that the auto login of logmein dosent know how to handle it. – optician May 08 '09 at 11:05
  • 11
    @optician: The winlogon is replaceable through GINA - anyone can do it really, but you need admin privileges to do it. http://en.wikipedia.org/wiki/Graphical_Identification_and_Authentication – Commander Keen May 19 '09 at 07:36
  • 4
    I have VMWare installed on my laptop, and when the virtual server has control, it can sense that I've pressed ctrl-alt-del. But when I do so, the OS gets the prompt first and does what it usually does. Only when I hit Cancel, do I get a message box stating what to do when I want to send ctrl-alt-del to the virtual machine. – Kevin M Jul 05 '09 at 07:12
  • 3
    It is not actually a hardware interrupt. Yes, the keyboard device generates interrupts, but C-A-D does not have special meaning to the hardware. It is coded into the software driver that handles keypresses. – Kevin Panko Dec 17 '09 at 00:31
  • Obviously as it's different in different OSes, fixed - thanks! – Oskar Duveborn Dec 17 '09 at 00:54
  • i love that they named the dll MSGINA. – Robert S Ciaccio Dec 18 '10 at 08:19
53

CTRL+ALT+DEL the history

Actually, I was just trying to solve a development problem that we had: brand new hardware, brand new software, you're testing this stuff out, it would hang up all the time. So the only solution you had was to turn the power off, wait a few seconds, turn the power back on, wait for it to go through the power on self test. I said, I'm writing all this code for the keyboard, I can .. let's just shortcut it. I originally intended for it to be what we would now call an easter egg, just something we were using in development, it wouldn't be available elsewhere. But then the pubs people found out about it. They're trying to figure out how to tell somebody to start up one of their programs, and they had the answer: just put the diskette in, hit CTRL+ALT+DEL, and by magic your program starts. So, it was like a five minute job in doing it. I didn't realize that I was going to create a cultural icon when I did it. But I have to share the credit; I may have invented it, but I think Bill [Gates] made it famous.

http://www.youtube.com/watch?v=1zADyh0JQh8

Quite a funny and informative clip, actually!

chicks
  • 3,639
  • 10
  • 26
  • 36
Jeff Atwood
  • 12,994
  • 20
  • 74
  • 92
27

Ctrl-Alt-Del is a Secure Attention Key that helps to prevent login spoofing.

chicks
  • 3,639
  • 10
  • 26
  • 36
  • 1
    Also known as a [secure attention sequence (SAS)](https://msdn.microsoft.com/en-us/library/windows/desktop/ms721625.aspx#_security_secure_attention_sequence_gly) – JonathanDavidArndt Aug 30 '17 at 12:43
18

Only programs with the highest operating privileges can hook that interrupt. Since the operating system reserves that privilege level for itself and won't let user programs run at that level, user level programs can't respond to that keystroke.

Paul Tomblin
  • 5,217
  • 1
  • 27
  • 39
8

It's explained in the 'Help' link on the window that tells you to type Ctrl-Alt-Del.

chicks
  • 3,639
  • 10
  • 26
  • 36
womble
  • 95,029
  • 29
  • 173
  • 228
5

How does having to press CTRL-ALT-DEL before logging in make Windows more secure?

No program running under Windows can hook Ctrl-Alt-Del,

so iff the box is running Windows you can be assured there's no login spoofing. Of course, it's trivial (FSVO "trivial") to spoof a Windows login screen complete with Ooh-Magic-Keys handling, and thus capture username/password pairs, by running Not-Windows.

Thus the answer to the OP's question is, fundamentally, In No Way.

mlp
  • 338
  • 1
  • 7
2

Just something that kinda relates to this:

You can copy the command prompt into the login screen using a LiveCD and start it using the enable sticky keys shortcut (e.g. Shift+Shift+Shift+Shift+Shift). Which is really bad/good depending on how you use it (e.g. You can reset passwords using net user command).

Read more here: http://www.hackforums.net/printthread.php?tid=73864

Kredns
  • 496
  • 1
  • 8
  • 15
  • 3
    Since you're using a livecd anyway, why not go for pnordahl's bootdisk http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html and save yourself the trouble? – Piskvor left the building May 11 '09 at 18:54
  • 4
    +1 Piskvor. If you have physical access to the box, you own it anyway. –  Oct 08 '09 at 13:46
  • Nice to see what people come up with, but *Prerequisites: Guest account with write access to system 32* makes it a bit useless indeed? Still, +1 for linking to the print-layout of that forum, and not it's original. :-) – Arjan Oct 28 '09 at 07:44
  • @Piskvor: I really didn't like using those bootdisk to reset passwords, it seemed much easier for me to use the `net user` command. – Kredns Oct 31 '09 at 20:28
  • @Arjan My school system's XP boxes had that setup - all users, even the normally supposed-to-be-very locked-down students, had System32 write access. ...yeah. There were several students every year with the local administrator password for all the computers at the school. And with PsTools. – cpast May 15 '14 at 07:33
  • This is one of many reasons you always, always use full disk encryption... – Oskar Duveborn May 04 '16 at 14:48
  • I was in a school where they used some imaging solution, but that solution did only support FAT32, not NTFS with it's permission system. And then they wondered why pupils had admin rights on the local machine. – Johannes Kuhn Aug 14 '17 at 00:37