5

My understanding of the CTRL + ALT + DEL keyboard combination is that it is "hard wired" into the bios and triggers an interrupt which historically caused the PC to reboot but in Windows was used to trigger the Secure Attention Sequence (SAS).

This seems like a pretty good idea as I can be certain that I am only entering my password into Windows and not into a malicious application that only looks like a Windows login.

I notice since I upgraded from Windows 7 to Windows 10 that I no longer have to press CTRL + ALT + DEL to log in.

I guess this is something to do with Windows 10 having to work on a range of devices which may not display a full keyboard at the point of login, or not have a keyboard combination that triggers an interrupt.

However, why did Microsoft make this choice (turning off SAS by default) for desktop type machines which have a physical keyboard?

I'm aware I can turn it back on in the bios but don't understand why its not the default on my desktop.

Remotec
  • 171
  • 1
  • 3
  • 1
    You can enable it again by opening Run (Win+R) and typing "control userpasswords". However according to these [answers](https://security.stackexchange.com/questions/83645/does-the-secure-attention-key-really-increase-security) the SAK is pretty much a relic of the past. – André Borie Feb 28 '17 at 09:57
  • 1
    I don't think turning on Ctrl-Alt-Del in the BIOS would have the desired effect. Ctrl-Alt-Del *used* to be a way to tell the BIOS to reboot the machine, but that was before Windows came along. You can easily preempt that BIOS behaviour, and that's excactly what Windows did - it caught the key combination before it reached the BIOS and instead made the key combination uncatchable by *windows programs*, so that pressing that key combination would always get Windows' attention. So unless you're working on an OLD OS, I don't think the BIOS plays any role any more. – Out of Band Feb 28 '17 at 14:45

1 Answers1

3

The SAS is typically disabled by default on client editions of windows, it is assumed it is too much effort for the normal user. Almost every enterprise enables it via group policy.

The SAS is designed to guard against applications that look like the standard windows login screen, since the signal cannot be intercepted by any normal application, pressing it would cause the secure desktop to appear, revealing the ruse.

Laikulo
  • 234
  • 1
  • 5