What Makes Secure Login (Ctrl+Alt+Del) Secure?

Adding an extra layer of security is never a bad thing, but you may find yourself wondering about the benefits you actually gain from said layer. Today’s SuperUser Q&A post explains what makes “Secure Login” secure for a curious reader.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

Photo courtesy of Matt Biddulph (Flickr).

The Question

SuperUser reader Nexusfactor wants to know what makes Secure Login (Ctrl+Alt+Del) secure:

I was reading about enabling Ctrl+Alt+Del (link) as a security measure when logging in. My question is, what exactly is secure about it? What goes on “behind the scenes” that makes it safe from viruses and spyware?

What makes Secure Login (Ctrl+Alt+Del) secure?

The Answer

SuperUser contributors duDE and Louis have the answer for us. First up, duDE:

• “What exactly is secure about it?”

Secure is the fact that Ctrl+Alt+Del is the only key sequence that an operating system will never allow to be redirected. No third party application can respond to this key combination to fake a login window and/or keylog your password for example.

Followed by the answer from Louis:

duDE explains how Ctrl+Alt+Del guarantees that a legitimate login desktop will be displayed and how the guarantee benefits security. I will try to answer the second part of your question by explaining that the true safety is provided by the concept of a secure desktop, for which the key combination is just a guarantee of enjoying that security.

In Windows, there are actually different types of desktops. The one that we work in is what we all call the desktop, but has been known by other names such as default, interactive, or application desktop. It is here that any given application can run.

The login screen is actually an entirely different kind of desktop, a secure desktop where only trusted processes are running as SYSTEM. While the key combination will guard against fake login screens, it does not protect against a virus infection that is keylogging all of your keystrokes. The desktop concept adds further protection here by not allowing such a background program access to what is happening on the secure desktop.

You can picture this isolation by remembering what happens to the default desktop when UAC prompts appear. You will notice that UAC prompts are actually in one of these secure desktops.

You can also imagine what the isolation means in terms of security when considering a virus that spoofs your mouse pointer. The UAC team blogged about such a scenario:

---

Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.