secure attention sequence (SAS)

Definition of secure attention sequence (SAS) in The Network Encyclopedia.

What is SAS (Secure Attention Sequence)?

The Ctrl+Alt+Delete keystroke combination in Microsoft Windows NT and Windows 2000, which displays the Windows Security dialog box. (Note that in Windows NT the dialog box is called Windows NT Security.) Users can press this key combination to do the following:

  • Log on to or log off of a Windows workstation
  • Lock the console or unlock a locked workstation
  • Change their passwords
  • Invoke Task Manager
  • Shut down, log off, or restart their systems

The secure attention sequence (SAS) offers protection against Trojan horse programs that masquerade as common system applications. For example, it is impossible to write a Trojan horse program that presents the user with a phony Windows Security dialog box in an attempt to steal a user’s credentials, because this program cannot be activated by the SAS. The most that a hacker can do is write a Trojan horse program that displays a Windows Security dialog box at random times while the user is already logged on. To guard against such an event, you should educate users to always use the SAS keystroke sequence even if the computer they are using already displays what appears to be the Windows Security dialog box.

The SAS also kills any logon scripts that are running and can be used to terminate scripts that have stopped responding.