Larry Osterman's WebLog

Confessions of an Old Fogey
Blog - Title

Why is Control-Alt-Delete the secure attention sequence (SAS)?

Why is Control-Alt-Delete the secure attention sequence (SAS)?

  • Comments 50

When we were designing NT 3.1, one of the issues that came up fairly early was the secure attention sequence - we needed to have a keystroke sequence that couldn't be intercepted by any application.

So the security architect for NT (Jim Kelly) went looking for a keystroke sequence he could use.

 

It turned out that the only keystroke combination that wasn't already being used by a shipping application was control-alt-del, because that was used to reboot the computer.

And thus was born the Control-Alt-Del to log in.

I've got to say that the first time that the logon dialog went into the system, I pressed it with a fair amount of trepidation - I'd been well trained that C-A-D rebooted the computer and....

 

  • What about Windows XP and the Welcome screen - could that be spoofed? If your Windows XP machine is on a domain then you can't use the Welcome screen. I know that one reason for this (that Raymond Chen has mentioned) is because it's not feasible to enumerate network user accounts for display on that screen, but presumably another reason is that it doesn't use the SAS.
  • Rebooting won't help - what if trojan not only pretends to be NT-based login, but also fakes the boot screens?
  • Mr Blobby: I don't know the answer to that one, I'm not on the appcompat team.

    John: Actually the SAS is still there for the welcome screen - hit C-A-D twice and the old familiar logon dialog will come up.

    KiwiBlue - if you believe that the bad guy's had enough access to replace your OS, then it doesn't matter, you might as well reformat.

  • This is OT - I apologize.

    A while back (when I first used NT4) I noticed that Ctrl+Shift+Esc runs the task manager. I've used it ever since. Is this shortcut supposed to be common knowledge? I've never seen it documented anywhere. I'm curious... :)

    I was once the victim of a coworker using software that took over my desktop. Can't remember what it was... it disabled Ctrl+Alt+Delete, but luckily whomever wrote it didn't know about Ctrl+Shift+Esc, so I was able to kill the process.
  • Jerome, that's surprising - I'm not aware of any mechanism of spoofing C-A-D on NT - are you sure that was NT you were running?
  • > Norman, that's actually a really good point
    > - a user that doesn't know the OS on the
    > computer DOES have to reboot it to truly
    > ensure that NT's running.

    I'm not sure simply rebooting would resolve the issue of what OS you are running. It would be pretty trivial to spoof the Windows 2000 or XP boot screen using logo.sys, and (assuming the Windows 9x machine was using a blank password) provide a Windows NT-like login screen using Run or RunService. winver.exe could be replaced, the "Windows 9x" running up the side of the Start menu can be edited.

    Although I fail to see the reason why anyone would bother. Windows 9x is so insecure it's hardly necessary to pretend to be Windows NT to trick users into giving up information.

    However, in my experience, most people don't know what OS they are running even though a screen with clouds and the name of the OS appeared on their monitor every morning for 2 minutes (this was back in the days of P133s when even Windows 9x took a long time to start). If I had a dime for everyone who told me they were running "Windows 97" when they meant they were running Office 97 I'd be retired.
  • Larry, I did know that actually but forgot (I found it out by accident once)!

    Jerome, I know about the Task Manager shortcut and have seen it documented somewhere. Having said that, I couldn't find it in Windows XP Help.
  • Larry, I don't agree that source distributions will never be successful. Most of the time users don't simply run binaries, they have to go through an installation process. And there's absolutely no reason why the installation could not include compiling the actual binaries. The users wouldn't know, much like they do not know today what the installer does. Users currently do not manually register type libraries but that haven't prevented applications that use COM from being used by BFUs.
  • Jerry,
    Do you REALLY believe that your Grandfather would be able to install a package distributed only in source form? I know that my Mother or Father wouldn't - they wouldn't know what a compiler was (or where to find one) if it jumped up and bit them on the nose.

    And software isn't going to be successful in the end-user space if it only comes in source distributions.

    There's a really good reason that the firefox people don't distribute the source code to firefox in it's default form - if you go to GetFirefox.com, you download a pre-compiled binary, NOT the source code. Geeks like us do source code, users do not.
  • Larry is right about end users. They only care about the application. The installer process/compile/whatever is only a roadblock in their use of the "great time saver" whatever that may be.

    The idea of distributing source that is compiled at install time is pretty cool but there's way too many variables that can go wrong in that situation. What if the compile didn't take? What if it compiled but with warnings? What if it compiles but doesn't quite run right? The user won't have enough knowledge in most instances to understand the code even if you gave them immediate patches they could apply. Without automating that further your failures will be horrific and people will loathe it.

    Personally I like the idea but only if it's almost impossible to screw up. I'd love to have code I wrote 20 years ago compile right up on this new OS and "automagically" work as if I coded it yesterday, with NO modifications to the code. That would be sweet as all hell but chances of that are slim. You'd need to demodularize the OS into hardware/software API so that no matter what hardware you ran, the software would work. Then on top of that the software would have to be able to translate your old code into new controls, etc. Possible? Yes. Probable within 5 years from Microsoft, Apple, IBM, or Sun? Not at all. It's not cost effective because they're into hits they can milk quickly. The big players make more money off v.Next and this would put the emphasis on v.Now. Now could mean 20+ years literally if it's done correctly where as Next typically means 5 or so years, give or take.
  • Normon
    >For users to be secure, in addition to pressing
    >Ctrl-Alt-Del, they'd better make sure an NT-based OS is
    >actually running. Is there any way to be sure of that,
    >other than rebooting?

    The important thing about NT security is it is secure only while running. It is the procedures, physical security, and training external to the box that guarantees NT is running, and then NT [tries] to secure itself.

    Theft of laptops is the biggest data loss. A protected witness in the Melbourne gang wars details were stolen on a laptop last week.

    I hear too much security stuff about the OS but my security assessments start at physical security - can someone steal the server, can someone put a floppy in the server, etc. My next priority is electronic funds transfer. Then securing databases.

    Then I worry about minor threats like viruses. A stolen customer pricing list or the bank account cleaned out can destroy a company. A virus just forces momentary disruption. One can actually train staff to not infect themselves by forensically reconstructing the infection and showing the staff member how they were infected. The AV logs shows this works. They become almost empty.

    The clients do seem a weak point if one wrote a program (dos say) to look like NT. But the user should twig when they is nothing after logging on. And strangers really shouldn't be left alone with client computers to slip a floppy in. And screensavers on short timeout (except for admins or I leave) stop strangers from reading the screen.
  • A friend of mine who used to work at IBM and knew David Bradley (the creator of Ctrl-Alt-Del) told me that David often said:

    "I'm the one who invented Ctrl-Alt-Del, but Bill [Gates] is the one who made it famous!
    ... For the NT logon screen, of course!"
  • Larry Osterman
    >Jerome, that's surprising - I'm not aware of any mechanism of spoofing C-A-D on NT - are you sure that was NT you were running?

    Maybe I'm mistaken. It was a long time ago. Anyway, my problem was that I didn't lock my workstation and a coworker simply walked to the machine and installed all sorts of stuff. I've been mre careful since then.

    John Topley:
    >Jerome, I know about the Task Manager shortcut and have seen it documented somewhere. Having said that, I couldn't find it in Windows XP Help.

    I'm glad it is documented somewhere. Anyway, since it is being used I guess it's here to stay anyhow.
Page 3 of 4 (50 items) 1234