How much trust should I put in my windows password screen?

[nonxcarbonx]

I realize that the windows login is vulnerable to things, but I'm not really worried about boot attacks like that thanks to truecrypt. I'm more concerned about leaving my computer by itself for periods of time, while it's running, with only the windows password screen preventing access to it. Poorly chosen password vulnerabilities aside, is that password screen vulnerable to an attack that doesn't involve restarting the computer?

 

[sminlal]

The biggest potential vulnerability from the password screen is that some program will spoof it. For example, you walk away from your computer with the expectation that after a few minutes the screensaver will kick in. You come back after a while, hit the spacebar to turn the display back on, and type your password to reactivate your session.

If a virus was running it could easily determine the screensaver timeout, wait just a few seconds short of that amount of time, disable the system screensaver and throw up it's OWN copy of your screensaver. When you return and hit the spacebar, you're no longer entering your password into the Windows dialogue box, you're now entering it into the virus's dialogue box. Boom - password stolen.

The way Windows prevents this from happening is to treat the "Ctrl-Alt-Del" keystroke sequence as a system-level event that can't be trapped by any program. When you press those keys it directly activates a Windows dialogue box in a separate, secure session. That gives you confidence that you're typing your password into Windows and not some virus.

Of course it doesn't prevent a keystroke logger from logging the keystrokes directly...