I've started to use the "secure logon feature", which requires users to press CTRL+ALT+DELETE to unlock an account. Microsoft claims this:
"Using secure logon provides an additional layer of security for your computer by ensuring that the authentic Windows logon screen appears. When secure logon is enabled, another program (such as a virus or spyware) can't intercept your user name and password as you enter it."
So only Winlogon is supposed to recognize the three finger salute, but in the real world, can it be defeated easily? Can't a keylogger still steal your password? I'm running Windows 7.