297

Why is Ctrl+Alt+Del required at login on certain Windows systems (I have not seen it elsewhere, but contradict me if I'm wrong) before the password can be typed in? From a usability point of view, it's a bad idea as it's adding an extra step in getting access.

Does it improve security in any way, and if so, how?

Cole Tobin
  • 109
  • 2
  • 10
Count Zero
  • 2,899
  • 3
  • 17
  • 14
  • 10
    Related from serverfault: [How does CTRL-ALT-DEL to log in make Windows more secure?](http://serverfault.com/questions/2912/how-does-ctrl-alt-del-to-log-in-make-windows-more-secure) – apsillers Apr 29 '13 at 14:23
  • 4
    FYI Only In Windows 8 you dont have to type Ctrl + Alt + Del. the login form is there when you start typing. – Luis Valencia Apr 29 '13 at 11:44
  • 5
    IIRC back in the DOS days a program could register a keystroke combination on an interrupt. So TSR applications like Sidekick or other tools could magically pop up when you pressed the right combination. When NT 3.5 arrived it used Ctrl-Alt-Del to get to the logon page. The explanation at the time (no, this was years ago and before the WWW was invencted, I can't provide a link) was that Ctrl-Alt-Del was the only key combination an application could not intercept, it was reserved by DOS. So a malicious application could not intercept it and popup a fake login page. – jqa May 05 '13 at 00:44
  • 2
    Here's what [Bill Gates himself had to say about it](http://www.youtube.com/watch?v=Ftv2XM_3iyE), which sounds like he's trying to describe what @Adnan has answered, to what is perhaps a non-technical audience, before giving up :) – Bruce Nov 25 '13 at 23:50
  • actually on windows 8 you have to click and drag to hide the shade and reveal the login box (which is terrible, my desktop is not a tablet), but that still requires user input on the same physical device. – edthethird Aug 22 '14 at 17:58
  • @james: DOS applications could intercept control-alt-del just as effectively as any other. Indeed, I remember playing the game FlightMare, trying to figure out how to exit back to DOS, and after finally giving up, hitting control-alt-del and *instantly* receiving a DOS prompt. No reboot--just a simple application exit. – supercat Aug 22 '14 at 21:46
  • 2
    @edthethird Try pressing the any key on your keyboard next time you're on the login screen? – Lexi Sep 06 '14 at 13:33
  • Related: [Why does Windows 10 not have the secure attention key as default?](https://security.stackexchange.com/questions/152556/why-does-windows-10-not-have-the-secure-attention-key-as-default) – sleske Oct 10 '19 at 07:34

7 Answers7

335

This combination is called a Secure attention key. The Windows kernel is "wired" to notify Winlogon and nobody else about this combination. In this way, when you press Ctrl+Alt+Del, you can be sure that you're typing your password in the real login form and not some other fake process trying to steal your password. For example, an application which looks exactly like the windows login.

In Linux, there's a loosely-defined equivalent which is Ctrl+Alt+Pause. However, it doesn't exactly do the same thing. It kills everything except where you're trying to input your password. So far, there's no actual equivalent that would work when running X.

This implies a trust in the integrity of the system itself, it's still possible to patch the kernel and override this behaviour for other purposes (malicious or completely legitimate)

randers
  • 111
  • 4
Adi
  • 43,953
  • 16
  • 137
  • 168
  • 5
    good explanation – emtunc Apr 28 '13 at 14:11
  • So if Linux has a Secure Attention Key too, why doesn't XNU? – Michael Dorst Apr 29 '13 at 01:44
  • 90
    As a side note: when you say it's "wired", what that actually means is that Ctrl+Alt+Del is a mapped to a hardware defined interrupt (set in the APIC, a physical chip on your motherboard). The interrupt was, historically, triggered by the BIOS' keyboard handler routine, but these days it's less clear cut. The interrupt is mapped to an [ISR](http://en.wikipedia.org/wiki/Interrupt_handler) which is executed at ring0, which triggers the OS's internal handler for the event. When no ISR for the interrupt is set, it *(usually)* causes an ACPI power-cycle event, also known as a hard reboot. – Polynomial Apr 29 '13 at 09:25
  • 1
    This is a common, but I think it is wrong. The last 10 years I worked with WIndows devices in medical business. Nearly all showed a differnt behaviour with CTRL+ALT+DEL. The Siemens Healthmen ignored it. Syngo brought an own user login dialog. And so on. (the funny thing with syngo: moste devices have the same administrator password. a user meduser or administrator has an autologin, and afterwards the user can login with ctrl+alt+del...) – Offler Apr 29 '13 at 10:43
  • 3
    @Offler Those customisations were installed as administrator. An application running as an ordinary user still can't intercept the Ctrl+Alt+Del signal. – r3m0t Apr 29 '13 at 13:37
  • 4
    @r3m0t If you can put something together as addministrator, how secure is it? ;-) Many people are still using XP as admin. The UAC warning seems also to be only something to click away. ATM have just a dialog that looks like the annoying java thing and most people will blindly click update... – Offler Apr 29 '13 at 13:54
  • 3
    While Winlogon itself has customization hooks that can be used to present a different ui, read a smartcard, support a 2-factor keyfob, and so forth, the point remains that those hooks can only be installed by a suitably privileged user. The things @Offler described are all easily done with those hooks, and were certainly installed by an administrator, possibly through a customized system installation kit. – RBerteig Apr 29 '13 at 23:01
  • That's what I figured it was for, but I feel like it wouldn't actually work. Just have the fake process wait until a little after ctrl and alt are pressed; what are the odds the user /isn't/ going to also have pressed del, when they're looking at a login screen? – Erhannis Jan 04 '17 at 17:59
  • 1
    @Erhannis what does the user do when pressing ctrl-alt-delete brings up the task manager? – user253751 Dec 12 '18 at 04:20
  • @immibis Yeah, I suppose that's a fair point. I'm not completely convinced that it's foolproof, but I don't have any further objections atm. – Erhannis Dec 12 '18 at 15:29
  • @Polynomial do you have any evidence to support what you're saying? As far as I know, Ctrl+Alt+Delete is a Windows shortcut that gets registered by the logon UI (used to be winlogin I think). As far as interrupts are concerned, we're talking massively about USB-HID, and I doubt any controller has a special interrupt for Alt+Ctrl+Delete, especially they wouldn't process keys but just transfer them to the OS. I'm not aware of it being any different if you'd use PS2. – user1532080 Oct 06 '20 at 12:41
  • @user1532080 Easiest thing to do is search for "ctrl+alt+del interrupt bios" for reference. I think the APIC part might be different on different systems, but USB-HID is irrelevant here. The BIOS has a keyboard handler (which can manage USB-HID these days) that has the ability to catch keys before the OS gets them. That's why CTRL+ALT+DEL reboots your machine if you press it during POST. – Polynomial Oct 07 '20 at 17:01
  • @Polynomial That search does not give any proper result for me. Yes, BIOS has a keyboard interrupt handler (handling int9). To the best of my knowledge, there's no specific interrupt for that key sequence. Yes, Ctrl+Alt+Del reboots during POST because BIOS keyboard handler does look for it specifically. Keyboard sends "make" and "break" messages when keys are pressed . BIOS keeps track of key currently pressed and identify the sequence. If there was a specific (hardware) INT for that key combination, then it should always have worked, unless a tool specifically decided to hook it. – user1532080 Oct 09 '20 at 03:41
  • @Polynomial If there was such an "Ctrl+Alt+Del" interrupt, what device would trigger it? Would it be the keyboard tracking its own state and triggering it? The PS/2 keyboard controller? Do the USB controllers still integrate it? Because I can tell you it's not the keyboard, I write keyboard firmwares. – user1532080 Oct 09 '20 at 03:49
  • @Polynomial Oh and by the way, historically, what BIOS handler would do is "JMP FFFF:0" (which is a soft reboot) when Alt+Ctrl+Del was identified. Again, to the best of my knowledge, absolutely no interrupt involved beyond the regular keyboard one. Also I would have to disagree with some things you said about the BIOS catching keys before the OS, any proper 32 bits OS does not run any BIOS code (BIOS is 16 bits, I won't enter into details)... That's pretty much any linux, any Windows from the NT branch. – user1532080 Oct 09 '20 at 10:53
  • @user1532080 This is kinda hard to convey properly over comments, due to size limits, but I'll give it a go. To start with, for simplicity, I'm just going to say "BIOS". I know there's a difference between BIOS and EFI, but I'm going with brevity over specificity. In the BIOS, USB keyboards are accessed in legacy USB mode via an emulation layer. This works by providing a translation layer that exposes a USB keyboard as an 8042-compatible interface via IO ports 60h and 64h. Code running on the CPU can then use IN/OUT to talk to this interface and issue 8042 commands. – Polynomial Oct 09 '20 at 18:30
  • @user1532080 When a key is pressed the BIOS raises INT 9, which is mapped to IRQ 1. Originally this was done by physically asserting the IR1 line on an Intel 8259 PIC, which asserted the INT line on the CPU. The ISR for IRQ 1 then interrogates the 8259 to find out which interrupt was raised. In more modern systems there are internal APICs and external I/O APICs, which are connected via the system bus or LPC (using SERIRQ). The keyboard is connected via the PCH (also sometimes SuperIO). The PCH then interfaces with the CPU via a proprietary method (e.g. DMI3) to provide access to the devices. – Polynomial Oct 09 '20 at 18:34
  • @user1532080 The jump to `FFFF:0000` does NOT cause a soft reboot. This is a misconception, probably derived from [this poorly worded document](https://stanislavs.org/helppc/int_9.html). The reset vector is executed by when the CPU comes out of a reset state, not the other way around. The address `FFFF:0000` is derived from the segment register and IP register values at reboot: on an 8086, `CS` is set to `FFFF` and `IP` is set to `0000`, which is written as `FFFF:0000`. This translates to a physical address of `FFFF0`. This is different on later CPUs. – Polynomial Oct 09 '20 at 18:35
  • @user1532080 The modern side of this gets very complicated. Modern keyboard controllers include a legacy KBC interface (accessible over 60h/64h IO ports, or via alternative means such as MMIO or LPC) which can trigger a CPU reset via command FEh (I have validated that WinXP uses this method to reboot). This asserts a reset line (e.g. `KBRST#` on the [ENE KB3700](http://wiki.laptop.org/images/a/ab/KB3700-ds-01.pdf)) which is usually tied to the `RCIN#` line on the PCH. This then forwards an `INIT#` signal to the CPU via some mechanism (e.g. VLW). – Polynomial Oct 09 '20 at 19:36
  • @Polynomial Thank you for these details and the links! Yes, let's not talk about UEFI... I'm still missing one bit of "proof": the dedicated interrupt for Ctrl+Alt+Del? There's also one thing I don't get... if KBRST was tied to RCIN, AND KBRST is pulled up when the keyboard controller gets Ctrl+Alt+Del, that raises 2 questions: How comes OS can override it? How comes in MS-DOS era you could disable Ctrl+Alt+Del (Which from the top of my head was done by hooking int 9)? – user1532080 Oct 11 '20 at 12:53
  • @Polynomial Also the JMP FFFF:0 in my case does not come from any website. It comes from about 30 years ago, the code I'd write to cause a then called "cold-reboot" (by opposition then to warm reboot, int 19... at the time on my 286 I found warm-reboot to be faster but unreliable... https://en.wikipedia.org/wiki/Reboot#Warm ). As to where I found that at that time, probably in "PC Intern" by Michael Tischer, or some other system programing book. More modern reference: https://en.wikipedia.org/wiki/Reset_vector – user1532080 Oct 11 '20 at 13:00
  • @Polynomial I think I see what you mean... JMP FFFF:0 would certainly reboot my 286, hence "soft reboot"... Blank screen, then POST and boot... (unlike int 19 that would skip POST). From the top of my head, JMP FFFF:0 was also found when dis-assembling the default int 9 handler. I might be wrong, again, that's nearly 30 years ago. I'd love to if you'd have some link describing that interrupt that would have been triggered by Ctrl+Alt+Del :) – user1532080 Oct 11 '20 at 13:07
  • @user1532080 Yes, if you jump to `FFFF:0` by yourself on a system from that era, it'll load the first block of data from the boot sector and execute it, which in those days was a (not recommended) way for an application to restart the system, back in the days when the OS only ran one program at a time. – Polynomial Oct 11 '20 at 15:21
  • @user1532080 Now that I've done more digging, you're correct that I explained it poorly in my original comment. You can refer to the [IBM PC ATv2 keyboard code](https://github.com/kaneton/appendix-bios/blob/master/src/keybd.asm#L572) for reference regarding the BIOS having its own handler for rebooting. You can see that the IRQ 9 handler tracks Ctrl+Alt+Del and jumps to a start label (soft reboot) when that occurs. What the OS would do is modify the IVT to point elsewhere, in order to override that behaviour. – Polynomial Oct 11 '20 at 15:45
  • @user1532080 The critical part is that on the 386 and later you get protected mode, and in that mode you couldn't write to IVRs. This meant that the OS could install an INT 9 or IRQ 1 handler, but protected mode code couldn't overwrite that handler, so if you pressed Ctrl+Alt+Del there was no way for you to hook that as an application and get the OS to handle it, unless you got code running in real mode. The 8042 in the original IBM PC AT had the facility to do the hard reboot, but this appears to be a separate mechanism that was not specific to Ctrl+Alt+Del. – Polynomial Oct 11 '20 at 15:53
  • @user1532080 FWIW, I confirmed that the KBC hardware reset mechanism is present on systems as new as 2015, using leaked laptop schematics. I was hoping I could link you to the Project Olympus motherboard schematics, since they're open source (and therefore safe to link!), but it appears that the Intel C620 series chipsets did away with KBC entirely, moving all of those side-band signals into DMI. I'll take a look at the newer AMI BIOS code and see if/how they handle INT9 events there. – Polynomial Oct 11 '20 at 16:01
111

Ctrl-Alt-Del is the Secure Attention Key on Windows. The operating system enforces a strong non-interception policy for this key combination.

You could make an application which goes full-screen, grabs the keyboard, and displays something which looks like the normal login screen, down to the last pixel. You then log on the machine, launch the application, and go away until some unsuspecting victim finds the machine, tries to log on, and gives his username and password to your application. Your application then just has to simulate a blue screen of death, or maybe to actually log the user on, to complete the illusion.

This attack is defeated by the SAK. Your application can grab the keyboard and redirect all keypresses to itself, without needing administrative rights, except the Ctrl-Alt-Del, which the OS never allows to be redirected. Pressing Ctrl-Alt-Del ensures that you get the genuine logon screen, not an imitation.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • 6
    Hang on a second. 'The OS Never allows to be redirected'? How do the internet Kiosks that stop ctrl+alt+delete work then? And malware that does the same thing? – NULLZ Apr 29 '13 at 01:32
  • 29
    @D3C4FF Just because you can't intercept the message does not mean you can't tell windows what to do when it receives the message. The important phrase from Thomas' post is "*without needing administrative rights*" – Scott Chamberlain Apr 29 '13 at 02:05
  • 2
    @ScottChamberlain ah quite right. I missed the administrative rights part there. – NULLZ Apr 29 '13 at 02:11
  • 1
    That's why backdooring keyboards makes sense d: – JSmyth Feb 24 '15 at 18:26
39

The answer to this can actually be found on our sister site, ServerFault. How does CTRL-ALT-DEL to log in make Windows more secure?

To quote the accepted answer by Oskar Duveborn,

The Windows (NT) kernel is designed to reserve the notification of this key combination to a single process: Winlogon. So, as long as the Windows installation itself is working as it should - no third party application can respond to this key combination (if it could, it could present a fake logon window and keylog your password ;)

Community
  • 1
21

Some additional questions have been raised regarding Windows 8 SAS support, and a later deleted by owner separate question was posted about it, too. Since I've already started writing my answer to that question, and Windows 8 has also been mentioned in this thread, I'm thus posting it here. If that deleted question reappears, I'll move my answer there. Hopefully, it will help those that were wondering where SAS went on Windows 8 phones and tablets.

According to Windows 8 Hardware Certification Requirements as mandated by Microsoft:

For Windows 8, the SAS signal is sent when the combination of the Windows Key button and the Power Button is pressed.

So this is not a case of Secure Attention Key disappearing altogether (on keyboardless devices, others can still use SAS as before), and a combination of two standard hardware buttons Win+Pwr was merely added to the still exisiting Ctrl+Alt+Del combination to better support devices without a hardware keyboard, which is what Windows 8 was also designed for.

Of course, since it's not merely an operating system for portable devices without a physical keyboard, but also desktop computers that wouldn't have these Win+Pwr physical buttons (but they do have a keyboard), the old SAS method was still kept. If, for whatever reasons, you'd like to disable/re-enable this support, this blog (or this) explains how you could achieve that in a few simple steps.

Another related question (or more of a request really) was raised by @Iszi in the Requests for Question of The Week blog posts discussion on IT Security Meta: "I find it especially interesting to discover that Windows & Linux don't necessarily use the same Secure Attention Key. It would be nice if someone could expand a little upon that.". Since I'm already a late-to-the-party bottom feeder on this question here, and nobody can really accuse me of hijacking the rep train [1][2] it turned up to be - well, here it goes:

Main difference between the two implementations that I could find is, that the Linux SAK (yes, this is the acronym used in Linux in contrast to the SAS (Secure Attention Sequence) used in Windows) is that the Linux SAK never earned the National Computer Security Center's (NCSC) C2 security rating. Windows NT has:

When NT earned its C2 security rating, NCSC also recognized NT as meeting two requirements of B-level security: Trusted Path functionality and Trusted Facility Management functionality. Trusted Path functionality prevents Trojan horse programs from intercepting a user's name and password as the user logs on. NT's Trusted Path functionality exists in the form of its Ctrl+Alt+Del logon-attention sequence. This sequence of keystrokes, the Secure Attention Sequence (SAS), causes an NT logon dialog box to pop up, which initializes a process that helps NT recognize would-be Trojan horses. NT bypasses any Trojan horse that presents a fake logon dialog when a user enters the attention sequence.

NT meets the Trusted Facility Management requirement by supporting separate account roles for administrative functions. For instance, NT provides separate accounts for administration (Administrators), user accounts charged with backing up the computer (Backup Operators), and standard users (Users). Microsoft is reportedly working on a B-level version of NT, but the company has not made a public statement about when it might release this version.

But this still doesn't really explain why SAK!=SAS. OK, lets dig a little deeper. From Linux 2.4.2 Secure Attention Key (SAK) handling by Andrew Morton we get the following:

From the PC keyboard, Linux has two similar but different ways of providing SAK. One is the Alt+SysRq+K sequence. You shouldn't use this sequence. It is only available if the kernel was compiled with sysrq support.

The proper way of generating a SAK is to define the key sequence using loadkeys. This will work whether or not sysrq support is compiled into the kernel.

SAK works correctly when the keyboard is in raw mode. This means that once defined, SAK will kill a running X server. If the system is in run level 5, the X server will restart. This is what you want to happen.

What key sequence should you use? Well, Ctrl+Alt+Del is used to reboot the machine. Ctrl+Alt+Backspace is magical to the X server.

It goes on explaining how to create a custom SAK handler, but the main takeaway is that the implementation differs greatly from what can be found in Windows as SAS, and that they might not be implemented at the kernel level, depending on what whether sysrq support was enabled for the build.

Does this explain the differences in Windows and Linux handling of SAS/SAK? I would say that it does. User tialaramex from LWN.net explains it neatly:

Linux has some rudimentary low-level support for this capability but it never seems to have ascended into an end user feature of any consequence. No application can trap the SAK combination because long before any code runs that lets userspace applications fiddle with the key presses, the kernel has noticed that the SAK has been pressed and short-circuited to a path that just handles this special case.

Whereas:

In Windows when you press the SAK it forcibly summons a separate desktop, which you can think of as being kind of like a separate X server process. This desktop is "owned" by the System user, roughly equivalent to Unix root, so anyone with permission to tamper with it could just have replaced the entire OS kernel or whatever they wanted.

Does it explain why different keyboard sequences were chosen? I'm not sure. It shows why there is more than a single such keyboard sequence in Linux and what the differences between them are (see Andrew Morton's explanation), but I couldn't find a clear answer on why was one chosen over the other and why different kernel builds might use different SAK combinations. I can only suspect that it boils down to personal preference of their respected authors.

nobody
  • 11,341
  • 2
  • 41
  • 60
TildalWave
  • 10,801
  • 11
  • 46
  • 85
  • 3
    Yeah, I'm still a little confused as to why Linux didn't use CTRL+ALT+DEL - Windows had to deal with the same "reboot button" issue, and they did reasonably well. Good additional detail here, though. – Iszi Apr 30 '13 at 20:46
  • 1
    The idea of using an "interrupt any running application" key as the cue for a log-in prompt predates Windows by quite awhile. The Vax 11/780 used control-Y both as a "hard quit" and a "login request" key, probably for the same reason as Windows. – supercat Aug 22 '14 at 21:44
5

The idea is that a trusted Windows process called Winlogon, and only Winlogon, can read the Ctrl+Alt+Del key sequence. This key sequence is called the secure attention sequence (SAS). By entering this key sequence, you are basically "proving" to yourself that it is Windows that is accepting your input. This guards against a malicious program intercepting your login credentials by creating a fake username and password form. Of course, this assumes that Winlogon is not compromised, and it may so happen that Winlogon has been tampered with so that this measure can be bypassed.

If you're presented with a login prompt without being required to press Ctrl+Alt+Del on a system configured to do so, do not enter your login credentials, because this means that a program has hijacked the login prompt. If you own the computer, reboot it into safe mode and clean up any malware on it. If your company owns the computer, contact your system administrator.

The same applies with Windows 8, only that there is an additional SAS, Win+Power, for tablets which do not have a physical keyboard (Surface comes to mind).

bwDraco
  • 473
  • 2
  • 10
1

Ctrl+Alt+Del was around way before Windows Logon, originally it simply did a soft reset on the system. The same combination is on other systems/OSs too (Atari ST springs to mind).

If the question is "why these three keys" then I would say because they are hard to push and a mistake is therefore hard (as people have said).

If the question is "why does Windows (now) use it" then I do not know, maybe because user where familiar with it it was chosen. You will need to ask the person(s) that made that decision, I am fairly sure the actual keys pressed are arbitrary (but now I am thinking it may be a low level hardware interrupt).

PMB
  • 29
  • 1
-1

Another part of the reason - AFAIK - is to be found when considering the choice of key combination: It is very difficult to press all of Ctrl, Alt and Del at the same time with a single hand; and it is also very unlikely that all 3 keys will be pressed at the same time by something hitting the keyboard, or by you sort of banging on it etc. As David Bradley choose this combination to trigger a soft reboot (Wikipedia), it was important for it not to be triggered by mistake. This caught on for things like bringing up a user login prompt; the idea is to make you demonstrate your intention by explicitly deciding to press an "difficult" key combination (e.g. before logging in).

Of course, that's not about Windows but all PC software and firmware which utilizes Ctrl+Alt+Del.

einpoklum
  • 439
  • 3
  • 12
  • 4
    The whole point of Cntrl+Alt+Delete is that other software can't utilize it. – cutrightjm Apr 28 '13 at 16:16
  • 26
    _"It is impossible to press all of Ctrl, Alt and Del at the same time with a single hand"_ Here's yours truly doing it: http://i.imgur.com/FktS4Iy.jpg – Adi Apr 28 '13 at 16:33
  • 11
    @Adnan: You used three whole fingers? Here's a picture of me doing it with just two fingers on one hand! http://i.imgur.com/mcxnanl.jpg – Scott Pack Apr 28 '13 at 17:49
  • @ScottPack Very pristine keyboard! Adnan's has more street cred ;o) Since I don't know Mac keyboards, I assume that you are pressing Ctrl, Alt, Pause with two hands? I love pictures! Thank you, to both of you. – Ellie Kesselman Apr 28 '13 at 17:52
  • 1
    @FeralOink: Thanks, I really like this keyboard too. Nice and heavy so it doesn't move on the desk, great tactile response, smooth action. The white color also tends to encourage cleanliness. It does not, however, have a pause key. Which is fine, since I've *never* used a pause key. – Scott Pack Apr 28 '13 at 17:56
  • 2
    This answer is correct - although it has no relevance in the security. Users of Linux machines may notice that ctrl+alt+delete when run in a TTY causes the machine to reboot (though this behaviour can be overridden). As such, you probably don't want to do it accidentally, so two hands are needed (altgr doesn't trigger this behaviour) – jackweirdy Apr 28 '13 at 18:04
  • 4
    @jackweirdy: Sure. Originally it was designed for debugging purposes by the Intel team and was never intended to be used by users. On the specific keyboard used by the specific developer who originally designed it, yes, it was impossible to hit those keys one-handed. It wasn't until, what 20 years later that Windows started using it for login purposes? – Scott Pack Apr 28 '13 at 18:16
  • @ScottPack I will be chided and told to resume in chat room, but `pause` reminded me of `break` both of which remain on my Windows PC keyboard, even laptop. I last used `break` with VM/CMS and MVS/TSO as a young'un. `pause` is too similar to the dreaded "hibernate" button, from which there is sometimes no waking up. I don't see THAT on my keyboard now, though ;o) thankfully! – Ellie Kesselman Apr 28 '13 at 18:28
  • 1
    Early windows-based 802.11 handheld scanners by Symbol used to use Ctrl-Alt-Del. If you knew which keys they mapped to you could get straight into the OS :-) – Rory Alsop Apr 28 '13 at 19:24
  • 1
    @ScottPack Yeah; There's no link there. I'm just saying it's an answer to a different question :) also, this http://www.youtube.com/watch?v=ZiH-iA9EO_Q – jackweirdy Apr 28 '13 at 20:19
  • I do not believe the claim that Ctrl-Alt-Del was never intended for users. – Kaz Apr 29 '13 at 00:30
  • 1
    As someone with Cerebral Palsy who can only use one hand to type I can assure you it is possible to hit *ctl-alt-del* with one hand. – Jacob Apr 29 '13 at 02:18
  • 2
    [Wikipedia: Control-Alt-Delete: History](http://en.wikipedia.org/wiki/Control-Alt-Delete#History) – user Apr 29 '13 at 09:46
  • Regarding typing `Ctrl`+`Alt`+`Del` with one hand: It would be very difficult to type this keystroke sequence with one hand on the old-style IBM PC/XT/AT 83-key/84-key keyboards as the `Ctrl` and `Alt` keys were pretty far apart on those keyboards. – Bill_Stewart Nov 16 '22 at 18:44