The supported logon option for Windows 2000/XP is tagged as "My-T-Soft 2 Keyboard (Windows 2000 and later)" in the "My-T-Soft Logon Utilities" provided by the software. This feature uses an integration to the MSGINA.DLL (or possibly other third party GINAs, if so configured) where the software only monitors specified events (as supported by the Microsoft API for working within the GINA (Graphical Identification aNd Authentication)), so the keyboard can be shown during the logon screens, in the context of the secure WinLogon desktop. In short, this means that there is no security actions taken at all by our software - all that happens is the virtual keyboard is brought up within the GINA/WinLogon desktop, and can be used by the user to generate keystrokes for entering name/domain/password - ALL authentication takes place as it normally would by the underlying Microsoft software. The My-T-Soft software just provides a mechanism to enter text into the required fields in the secure WinLogon desktop.
The Secure Attention Sequence (SAS) is generated via the Microsoft provided API programming interface, so a physical keyboard Control-Alt-Delete keystroke is not required. However, the software does require a physical touchscreen press / mouse click event (assuming there are no other virtual event software capabilities present).
The security of this approach hasn't really been much of concern to those familiar with the technical aspects of what is going on at this level. Microsoft specifically publicly provides the GINA/WinLogon API for smart cards, biometric, and other identification schemes, but ALL authentication is done by the Microsoft software. In no way, shape, or form does this level have access to, or perform any authentication - My-T-Soft's particular implementation just provides a mechanism to enter the name/domain/password to the underlying security levels. So if you accept Microsoft's security, all that happens with the My-T-Soft software is it provides another way to enter the text (name/password) that is used to submit to the authentication system. Here is their documentation regarding this: MSDN - WinLogon and Gina
If there are further questions, or need for clarification, please contact IMG Technical Support.
|Category: General||Type: Question/Answer||Product: Logon Module|