Adding an extra layer of security is never a bad thing, but you may find yourself wondering about the benefits you actually gain from said layer. Today’s SuperUser Q&A post explains what makes “Secure Login” secure for a curious reader.
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
Photo courtesy of Matt Biddulph (Flickr).
The Question
SuperUser reader Nexusfactor wants to know what makes Secure Login (Ctrl+Alt+Del) secure:
What makes Secure Login (Ctrl+Alt+Del) secure?
The Answer
SuperUser contributors duDE and Louis have the answer for us. First up, duDE:
Followed by the answer from Louis:
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
In Windows, there are actually different types of desktops. The one that we work in is what we all call the desktop, but has been known by other names such as default, interactive, or application desktop. It is here that any given application can run.
The login screen is actually an entirely different kind of desktop, a secure desktop where only trusted processes are running as SYSTEM. While the key combination will guard against fake login screens, it does not protect against a virus infection that is keylogging all of your keystrokes. The desktop concept adds further protection here by not allowing such a background program access to what is happening on the secure desktop.
You can picture this isolation by remembering what happens to the default desktop when UAC prompts appear. You will notice that UAC prompts are actually in one of these secure desktops.
You can also imagine what the isolation means in terms of security when considering a virus that spoofs your mouse pointer. The UAC team blogged about such a scenario: