What makes Secure Login (CTRL+ALT+DEL) Secure?

security windows-7

Solution 1:

what exactly is secure about it?

Exactly secure is the fact that Ctrl+Alt+Del is the only one key sequence that OS never allows to be redirected. No third party application can respond to this key combination to fake logon window and keylog your password for example.

Solution 2:

@duDE explains how Ctrl+Alt+Del guarantees the legitimate logon desktop will be displayed and how the guarantee benefits security. I'll try to answer the second part of your question by explaining that the true safety is provided by the concept of a secure desktop, for which the key sequence is just a guarantee of enjoying that security.

In Windows there are actually different types of desktops. The one work in is what we all call the desktop, but has been used by other names such as default, interactive, or application desktop. It's here where any given application can run.

The logon screen is actually an entirely different desktop, and one of these secure desktops where there are "only trusted processes running as SYSTEM". While the key-combo will guard against fake logon screens, it doesn't protect against a virus infection that is recording all of you keystrokes. The desktop concept adds further protection here by not allowing such a background program access to even know what's happening on the secure desktop.

You can picture this isolation by remembering what happens to the default desktop when a UAC prompt appears. You'll now notice that the UAC prompt is actually in one of these secure desktops, and that this comment shouldn't have so many upvotes.

You can also imagine what the isolation means in terms of security when considering a virus that spoofs your mouse pointer. The UAC team blogged about such a scenario:

Believe it or not, it’s not very difficult to manipulate the mouse cursor and that’s the way it was intended so that you can customize the pointer to whatever fits your style. You can hide the real one and show a fake one just about anywhere on the screen. The net result is that the “hot spot” (i.e. the pixel at which the mouse actions truly work on) may not be where you think the mouse is pointing.

So how does this spoofing attack work? You hide the real mouse cursor and show a fake one some number of pixels offset to the real one. So now when the user mouses over the elevation UI attempting to cancel it since the malicious software could brazenly announce itself as “I’m gonna own your PC.exe”, what’s really happening is that the hot spot of the mouse is invisibly over the “Allow” button. Click! Not what you thought would happen. This type of attack is also blocked on the Secure Desktop.

Related

Hotkey to Mute Mic on Mac OS X?
How many threads does ffmpeg use by default?
Installing dig on Debian
Selecting whole column except first X (header) cells in Excel
How to shrink the Remote Desktop Connection Bar in Windows?
How to remove the print preview lines in Excel 2010?
How do I clear out the ssh-agent entries (on Mac OS X )?
How to run a cron job as a specific user?
Back button of Adobe PDF Reader after clicking a hyperlink whose target is on the same document
Closing Notepad++ tabs on closing application
How do I get ls --color=auto to work on Mac OS X?
Using Cygwin in Windows 8, chmod 600 does not work as expected?