79
9
I was reading about enabling CTRL+ALT+DEL as a security measure when logging in. My question is, what exactly is secure about it? What goes on "behind the scenes" that makes it safe from viruses and spyware?
What makes Secure Login (CTRL+ALT+DEL) Secure?
Answers
87
what exactly is secure about it?
Exactly secure is the fact that Ctrl+Alt+Del is the only one key sequence that OS never allows to be redirected. No third party application can respond to this key combination to fake logon window and keylog your password for example.
duDE
Posted 2015-04-15T13:32:25.443
Reputation: 14 097
3Is it possible that a virus or spyware be so deep in the OS that it could force a redirect? Effectively, allowing the virus or spyware itself to emulate the logon screen? – None – 2015-04-15T13:42:06.683
13
Short answer: no, a long answer: http://security.stackexchange.com/questions/34972/whats-the-rationale-behind-ctrl-alt-del-for-login
– duDE – 2015-04-15T13:47:05.9971But you can send a Ctrl+Alt+Del to a remote computer over a VPN connection and log in that way. – Mr Lister – 2015-04-15T18:15:27.227
14If someone has physical access to the computer, anything is possible. – Joe – 2015-04-15T20:22:50.917
Please don't use comments for discussion; hop onto [chat]. Thanks. – slhck – 2015-04-16T20:30:49.693
1
@duDE: If it's a hypervisor-level rootkit, the answer is yes, as the OS is running as a VM that the virus can control.
– Cornstalks – 2015-04-17T01:41:13.2977@MrLister Yes, you can inject C+A+D, but you can't capture it. – Nicholas Wilson – 2015-04-17T12:14:01.673
@MrLister You can fake a Ctrl+Alt+Del but you can't intercept a real one. – Loren Pechtel – 2015-04-18T21:31:48.940
28
@duDE explains how Ctrl+Alt+Del guarantees the legitimate logon desktop will be displayed and how the guarantee benefits security. I'll try to answer the second part of your question by explaining that the true safety is provided by the concept of a secure desktop, for which the key sequence is just a guarantee of enjoying that security.
In Windows there are actually different types of desktops. The one work in is what we all call the desktop, but has been used by other names such as default, interactive, or application desktop. It's here where any given application can run.
The logon screen is actually an entirely different desktop, and one of these secure desktops where there are "only trusted processes running as SYSTEM". While the key-combo will guard against fake logon screens, it doesn't protect against a virus infection that is recording all of you keystrokes. The desktop concept adds further protection here by not allowing such a background program access to even know what's happening on the secure desktop.
You can picture this isolation by remembering what happens to the default desktop when a UAC prompt appears. You'll now notice that the UAC prompt is actually in one of these secure desktops, and that this comment shouldn't have so many upvotes.
You can also imagine what the isolation means in terms of security when considering a virus that spoofs your mouse pointer. The UAC team blogged about such a scenario:
Believe it or not, it’s not very difficult to manipulate the mouse cursor and that’s the way it was intended so that you can customize the pointer to whatever fits your style. You can hide the real one and show a fake one just about anywhere on the screen. The net result is that the “hot spot” (i.e. the pixel at which the mouse actions truly work on) may not be where you think the mouse is pointing.
So how does this spoofing attack work? You hide the real mouse cursor and show a fake one some number of pixels offset to the real one. So now when the user mouses over the elevation UI attempting to cancel it since the malicious software could brazenly announce itself as “I’m gonna own your PC.exe”, what’s really happening is that the hot spot of the mouse is invisibly over the “Allow” button. Click! Not what you thought would happen. This type of attack is also blocked on the Secure Desktop.
Louis
Posted 2015-04-15T13:32:25.443
Reputation: 18 859
10My related question on Security.SE. – None – 2015-04-15T15:16:17.277
1I remember Novell using a special login form before the Windows one, requiring Ctrl Alt Delete to continue logging in... – Canadian Luke – 2015-04-15T18:28:25.913
7
See also "What's the rationale behind Ctrl-Alt-Del for login?"
– WBT – 2015-04-15T19:15:44.5075
..and of course, "How does CTRL-ALT-DEL to log in make Windows more secure?"
– WBT – 2015-04-15T19:25:35.2331Ctrl-alt-del is not used in Win8. Why then? – LosManos – 2015-04-18T20:26:04.460
Possible duplicate of Why does Windows require CTRL+ALT+DEL to Logon? (from 5½ years ago)
– G-Man Says 'Reinstate Monica' – 2015-04-30T21:26:56.173