Wednesday, December 24, 2008

Part 21: Control-alt-delete to log in

When I start up my Mac, it boots to a login screen. I type in my password (in the past, I never even had to do this, it just booted to the desktop, and if I ever find the need to do so I may set it back to that) and it goes to my desktop.

On the PC? It boots to a screen that says to hold down Ctrl-Alt-Delete. Once I do this, it allows me to enter my password. Once my password is in, it goes to the desktop. Now, I sometimes wonder why it needs this extra step; why it makes me do the three-fingered salute instead of just letting me type in my password. So I clicked "help" today for more information. I found that:

To log on, hold down the Ctrl and Alt keys, then press the Delete key. This key combination is recognized only by Windows, so pressing it before logging on ensures that you are giving your password only to Windows.

This applies only to your Windows or domain password. Passwords associated with Web pages or specific programs will not require you to press Ctrl-Alt-Delete.

Oh, where to start.

This key combination is recognized only by Windows

No shit, Sherlock. This is a Windows machine. I am booting Windows. I am going to use Windows. I am being forced in to dealing with Windows. Do I have a choice, Mr. Gates? I of course chose Windows because it is such a secure platform.

pressing it before logging on ensures that you are giving your password only to Windows

Oh, goodie. I'm sure that it would be next to impossible for someone to write a script that could be contained in a virus that would, I don't know, spoof this page and be activated by Ctrl-Alt-Delete.

And what if you turned on your machine and it didn't ask you to salute, but rather just gave your a password screen. Would you flip out and think it had been sabotaged? Or would you enter your password and go on your merry way?

Passwords associated with Web pages or specific programs will not require you to press Ctrl-Alt-Delete

Because most of these programs are not written by Microsoft, and therefore employ normal logic in their processes.

Well it seems as though you can turn it off. Done. But OH NOES it might kill my computer:
"Disabling the CTRL+ALT+DELETE sequence creates a 'security hole.' The CTRL+ALT+DELETE sequence can be read only by Windows, ensuring that the information in the ensuing logon dialog box can be read only by Windows."

Riiight. Whatever.


Igor said...

When you hit Ctrl-Alt-Delete and the login screen responds, you can be pretty sure that it is a genuine Windows login screen, as opposed to a fake front put up by a malicious program or even a website trying to steal your password.

And, as you point out, you can turn it off. So, I don't see much of a reason to hate Windows here.

Ari said...

Two words: Security Theater. That is all.

David said...

And how hard would it be to spoof the login screen when the user does the 3-finger salute? And then steal the login sequence and be off to the races?

And, yes, I am a rocket scientist, making my living in network and computer security.

Ross Youngblood said...

This is pure Marketing Speak. Instead of
"Ctrl-Alt-Delete" was an old hack and as long as we can paint this as a security feature, we will continue to do so, since it's cheaper to hire marketing hacks to write feature jackets on bugs, than to hire some engineers to fix this.

We are worried about the tablet and smart phone space, but think we have a solution. To turn on your smart phone, press #,SEND,END, and push the bluetooth pairing button on your headset all at the same time, to login to your Windows Smart phone.