Why does Windows XP think that nobody else has ever heard of Ctrl-Alt-Del?
-
It means only windows, rather than a driver or program.
That's not true. If a programmer know what he's doing he can easily write a program to load a custom GINA driver that can trap the Ctrl+Alt+Del sequence instead of it beeing trapped by the winlogon process. It's not that difficult to bypass this security mechanism.
"To alcohol! The cause of, and solution to, all of life's problems" - Homer Simpson
-
I've always wondered this about Windows XP - before you log in, you have to press Ctrl-Alt-Del to "unlock the computer", and if you go to the help screen on the unlock dialog, it will tell you that it's for "security" because "only Windows recognizes Ctrl-Alt-Del". Now, what in the hell was Microsoft smoking? Windows is not the only program that can recognize Ctrl-Alt-Del! Anyone have any idea what is going on here?
I agree with you. But very few programmers know that is possible and even fewer no how to load a custom GINA driver that can trap the Ctrl+Alt+Del sequence instead of it being trapped by winlogon. It's not very common to see it, but then The statement provided by the help screen is not true.
"To alcohol! The cause of, and solution to, all of life's problems" - Homer Simpson
-
I've always wondered this about Windows XP - before you log in, you have to press Ctrl-Alt-Del to "unlock the computer", and if you go to the help screen on the unlock dialog, it will tell you that it's for "security" because "only Windows recognizes Ctrl-Alt-Del". Now, what in the hell was Microsoft smoking? Windows is not the only program that can recognize Ctrl-Alt-Del! Anyone have any idea what is going on here?
-
No, you will still be able to log in with Remote Desktop, but a hacker trying to take control of your machine through any open ports won't be able to simulate the Ctrl-Alt-Del to gain access. Any keystrokes he sends won't be put into the login screen, since it's not active.
Karl - WK5M PP-ASEL-IA (N43CS) PGP Key: 0xDB02E193 PGP Key Fingerprint: 8F06 5A2E 2735 892B 821C 871A 0411 94EA DB02 E193
Sure he (the hacker) can :D depends on the kind of access he gains. You can intercept and replicate remotely any key sequence you want (not to mention that all remote control software can do that, but if you ever played with trojans you would know :P). So no - that's not the reason.
-
I've always wondered this about Windows XP - before you log in, you have to press Ctrl-Alt-Del to "unlock the computer", and if you go to the help screen on the unlock dialog, it will tell you that it's for "security" because "only Windows recognizes Ctrl-Alt-Del". Now, what in the hell was Microsoft smoking? Windows is not the only program that can recognize Ctrl-Alt-Del! Anyone have any idea what is going on here?
As I recall from a NT Workstation class in 1998 or '99, this was a requirement from the government that a human had to initiate the login process. C-A-D would not be accepted by the login process from within Windows, it had to come from the keyboard. Sort of an early two-factor login process. Maybe not the best explanation, but that's the best I can do after 13 years.
-
That's not true. If a programmer know what he's doing he can easily write a program to load a custom GINA driver that can trap the Ctrl+Alt+Del sequence instead of it beeing trapped by the winlogon process. It's not that difficult to bypass this security mechanism.
"To alcohol! The cause of, and solution to, all of life's problems" - Homer Simpson
What's a GINA driver?
-
What's a GINA driver?
-
Thanks! I googled "GINA driver" and got nothing. So this is pre-Vista only. Somehow I think Microsoft would be aware that this is a security threat. I hadn't heard of this being used in a virus. But you probably have some experience with it.
-
Thanks! I googled "GINA driver" and got nothing. So this is pre-Vista only. Somehow I think Microsoft would be aware that this is a security threat. I hadn't heard of this being used in a virus. But you probably have some experience with it.
Yes, it is pre-Vista. Although the model changed for Vista, it's still possible to accomplish the same. It's a very obscure topic with scarce documentation and that very few people know about. There's definitely virus or other malicious malwares around that exploit this. But since this requires elevated privileges, the user would need to explicit allow a program to make modifications on the logon service. The most common examples for changing the default behavior for the windows logon are the personalized logons created by laptop manufacturers. The same way they personalize the way the login is performed (some with face recognition, etc), they can also intercept the Ctrl+Alt+Del and even forward the keystrokes if they desire, so other applications can also catch the Ctrl+Alt+Del.
"To alcohol! The cause of, and solution to, all of life's problems" - Homer Simpson
-
I've always wondered this about Windows XP - before you log in, you have to press Ctrl-Alt-Del to "unlock the computer", and if you go to the help screen on the unlock dialog, it will tell you that it's for "security" because "only Windows recognizes Ctrl-Alt-Del". Now, what in the hell was Microsoft smoking? Windows is not the only program that can recognize Ctrl-Alt-Del! Anyone have any idea what is going on here?
The CTRL-ALT-DEL requirement is only present in the "Professional" version of XP as well as every Microsoft server since Windows NT. The Home version shows user names on the initial page. It can be turned off using Administrative Tools - Local Security Policy. Follow the path: Security Settings, Local Policies, Security Options and look for an entry called "Interactive logon: Do not require CTRL+ALT+DEL". As far as "not the only program", what do you mean? One can execute a CTRL-ALT-DEL sequence while Windows is running to display the Security dialog or Task Manager, depending on which version of Windows you're using. As a result, no other "program" can use that sequence after Windows is running. The only other CTRL-ALT-DEL sequence is during boot, after BIOS is loaded but before Windows starts loading. It's sole purpose is to reboot the computer if it gets hung. I don't recall any other instances for that particular sequence. There is a video on YouTube of IBM's Dave Bradley explaining why and how he invented the sequence and should prove hilarious to the older among us that get the joke. Link: http://www.youtube.com/watch?v=1zADyh0JQh8