I've recently done some development for a product which we're going to make available for free with some hardware that we've designed and sell, this software makes (in our eyes) buying our hardware a no-brainer.

Now this software runs under Windows (or linux & mac os if I were to recompile on those platforms) but has to run in a kiosk style mode, i.e prevent little fingers and "hackers" from obtaining access to the OS.

The basic premise is that I replace the shell for a particular user with our application (or rather a "launcher" which simply starts our application and restarts it should it happen to crash). Now the fun begins with the secure attention sequence (Ctrl+Alt+Del) which windows uses to always show an "authentic login window", I can understand the reasoning behind this in a corporate environment, but if you have admin privileges on a machine, then it really would be nice to disable it.

So I have a couple of solutions, one of which is to change the scan code map so that Alt is disabled. This has the effect of disabling the SAS with the minimum amount of impact on the users, menu shortcuts in the application won't work (although our application doesn't have a menu so that's not a problem!).

The second option is to write a keyboard filter driver, which tracks the key states and can stop Ctrl+Alt+Del getting through, this is the preferred option as it allows all keyboard functions to operate normally and the Ctrl+Alt+Del combo can be turned on or off from user mode by creating a device node.

Which got me thinking, that the whole point of the SAS was to ensure an authentic login screen, but if I were to install a keyboard filter and a user mode application I could fake the SAS screen anyway (Trap Ctrl+Alt+Del and send some other bizarre key sequence up the chain that only the target app could possibly be interested in). Sure I'd need admin privileges to do this, but it's possible.

So I don't see why providing a way to disable the SAS is such a "security hole" if you're an administrator on that machine (and you want to do it), given that as the administrator on that machine I could fake the SAS anyway. So is this just a way of increasing sales of XP embedded?