I was running Windows 7 at work; power up the desktop pc and always had to hit Ctrl + Alt + Del before entering your username and password.
I am now running Windows 10 at work, Windows 10 Enterprise if I look on my PC. I no longer have to hit Ctrl + Alt + Del before logging in, and I am pretty sure it is not just me.
Is the existing link with rationale explained no longer relevant with Windows 10? What changed?
Is this no longer relevant? : How does CTRL-ALT-DEL to log in make Windows more secure?
Update:
From Interactive logon: Do not require CTRL+ALT+DEL:
Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords... A malicious user might install malware that looks like the standard logon dialog box for the Windows operating system, and capture a user's password. The attacker can then log on to the compromised account with whatever level of user rights that user has.
I am having trouble understanding this rationale for Ctrl + Alt + Del I mean if a malicious user installs malware that looks like the standard logon screen shouldn't I first be worried about that having happened where malware got installed? Can someone at least provide examples of those attacks user's are left susceptible to?
For so long we've all be marching to the tune of must do Ctrl + Alt + Del prior to logon, and ironically it is worded "Interactive logon: Do not require CTRL+ALT+DEL = Disabled".
Recently NIST revised their password recommendations, I believe it's publication 800-63B. As such, you can read numerous articles and opinions on the subject. My favorite is Stack Overflow cofounder Jeff Atwood's rage: password rules are b.s.. I don't need to go much further than that title to summarize that topic, basically admission that some password rules were security theater. So now I am sort of questioning the credibility of Ctrl + Alt + Del, because (1) it seems it was suddenly dropped in Windows 10, and (2) to me the [official] wording from Microsoft is quite vague.
If you use any computer you are susceptible to attacks in a variety of ways, so I am looking for technical specifics that I can wrap my head around regarding Ctrl + Alt + Del providing value prior to logon.
Aaron Margosis who writes for the Microsoft Security Guidance blog on TechNet addressed this specifically a couple of times regarding the change to "Not Configured" for Secure Attention Sequence aka Ctrl Alt Del. It basically boils down to the fact that users can't tell if they're at the secure desktop, it's easier to steal the same user credentials inside the desktop, and it's hard to implement on keyboard-less devices.
from "Security baseline for Windows 10 – DRAFT" by Aaron Margosis, October 8, 2015
from Unintended Consequences of Security Lockdowns
It's still in force, but Microsoft did that to make the device more accessible to people with disability.
You can easily enforce back the default ctrl-alt-del key combo.
GPO : Disable CTRL+ALT+DEL requirement for logon at
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Reference there
ps; If the windows 10 is under a workgroup, you can change that setting in the control panel in the advanced tab of the user management applet.
Edit 1 - As your question evolved
In Windows OS, WinLogon register the crtl-alt-delete sequence, and allow no one else to listen to that. It's called a Secure Attention Key.
A malware would need to modify or hijack the winlogon process to achieve the goal to capture that sequence.
The sequence is considered secure and the process do launch the login prompt.
Per the official documentation;
You could also see that answer there for the same reason told; https://security.stackexchange.com/questions/34972/whats-the-rationale-behind-ctrl-alt-del-for-login