An IBM keyboard signed by ctrl-alt-del inventor David Bradley.
Speaking at Harvard earlier this month, Bill Gates was asked why you have to press ctrl-alt-del before you can enter your password and log in to Windows. After explaining the security rationale, Gates then said that it was a “mistake” and that it was due to IBM refusing to add a single button to take the place of the three finger salute.
It’s a nice story, but it doesn’t really add up.
Ctrl-alt-del was invented by IBM in the early 1980s. In 1980 or 1981—the exact date is lost to the mists of time, as it was “not a memorable event”—IBM engineer David Bradley coded a routine for the BIOS of the IBM PC to enable the machine to be quickly rebooted. He originally planned to use ctrl-alt-esc, but he realized that ctrl-alt-esc might be dangerous, as you could press all three keys just by pressing down on the left-hand side of the keyboard. Ctrl-alt-del fixed that issue; by using keys on both sides of the keyboard, it required the use of two hands.
The reset feature was originally intended to be an undocumented feature for IBM’s own use. It became clear, however, that resetting the machine (to restart when a program hung, for example) was useful for end users, too, so it became one of the many things that early PC users had to learn and know about.
Microsoft gets involved in the ctrl-alt-del action
Back in those early days, ctrl-alt-del was a BIOS feature. It became a prominent software feature with Windows 3.0’s Enhanced Mode.
Windows 3.0 lived in a world where 286s and 386s were both abundant. The 386 introduced lots of important on-chip hardware, such as support for virtually addressed protected memory and a special mode, “protected mode,” to enable this hardware. The 286 did have a limited protected mode of its own, but it lacked the richer capabilities of the 386.
Microsoft wanted Windows to take advantage of the 386’s extra hardware when possible, so Windows 3 had two distinct modes of operation. It had “Standard Mode” for 286s and “Enhanced Mode” for 386s (and better). Enhanced Mode Windows had two significant capabilities that Standard Mode Windows did not. First, it could use virtual memory: it supported a pagefile and could move program memory between hard disk and RAM on an as-needed basis.
Second, Enhanced Mode Windows could be used to run multiple MS-DOS programs simultaneously. Behind the scenes, Windows 3.0 Enhanced Mode was actually a lot more clever than people gave it credit for: it had a 32-bit supervisor that pre-emptively multitasked among a bunch of virtual machines. It always created one virtual machine to run Windows Standard Mode (within which 16-bit Windows applications were cooperatively multitasked), and each DOS program ran in its own, independent DOS virtual machine.
The utility of ctrl-alt-del to reset the computer still existed, of course, but the old BIOS-actuated set mechanism wasn’t a good fit for this new multitasking environment. If you’re running several DOS programs side by side, you don’t want to reset the entire machine just because one of those programs is misbehaving.
So that 32-bit supervisor did something else: it trapped ctrl-alt-del for itself. Pressing ctrl-alt-del wouldn’t reset the machine. Instead, it would show a once-familiar blue screen (though not a blue screen of death) that gave three options: you could press escape to go back to the program, press enter to terminate it, or press ctrl-alt-del a second time to reboot the computer.
Thanks to the success of Windows 3.0 and 3.1, ctrl-alt-del became closely associated both with restarting machines and bringing errant processes under control. As Bradley once joked, it was Bill Gates and Microsoft who made ctrl-alt-del famous.
Concurrent with the development of DOS-derived Windows, Microsoft was working on its heavyweight Windows NT operating system.
Windows NT was designed for servers and serious workstations, and Microsoft wanted to sell it to the US government. To be used by the government, it had to meet various security criteria. The operating system had to offer certain features and capabilities, such as individual user accounts, filesystem permissions, and many others.
One of the features it needed was a Secure Attention Key (SAK, also called a Secure Attention Sequence). The authors of the security constraints recognized that if an application could spoof a login prompt, an unwary user might type their password into a hostile program.
The SAK addresses this problem: only the core operating system is allowed to trap and respond to the SAK. When users press the SAK, they can be confident that any subsequent login prompts belong to the operating system itself, not malicious software, and hence they know that it’s safe to type in their passwords.
Windows NT’s SAK is ctrl-alt-del. Press ctr-alt-del and you’ve got a direct line to the core operating system, with no ability for regular applications to intercept your password.
In the interview, Bill Gates says that Microsoft wanted IBM to add a new button to the keyboard to serve as the SAK, but IBM refused, leaving them stuck with the three-key combo that we know and love.
The thing is, by the time Windows NT came to market in 1993, IBM wasn’t in control of, well, anything any more. Sure, machines of the time were still “IBM PC compatible,” but what they weren’t was “IBM PCs.” They were Dells, Compaqs, HPs, and many others.
Indeed, in a weird quirk of history, even if IBM had put a dedicated SAK on its keyboards, they wouldn’t have worked with most PCs. At the time, most non-IBM PCs used the old 5-pin AT keyboard connector of the 1984 IBM PC/AT. Since 1987, however, IBM used the 6-pin so-called PS/2 connector for its keyboards. (The PS/2 connector would later become dominant, and indeed it can still be found on many PC motherboards even today.)
In any case, IBM simply didn’t have the market power to drive through a new keyboard design.
This wasn’t something that happened late in NT’s development, either. IBM’s loss of influence was no secret and had been clear since the mid-1980s. 1987’s PS/2 computer was IBM’s attempt to reassert its control of the PC industry. In addition to the new keyboard interface, the PS/2 also had a new expansion bus for add-in cards (Micro Channel Architecture, or MCA). With this new system architecture, IBM hoped to once again shape the way that PCs are built.
But it failed. While the PS/2 keyboard and mouse ports did catch on eventually, MCA never did. The PC clone OEMs were simply too powerful. IBM was, until 1994, the biggest single PC OEM, but IBM couldn’t define the market’s direction.
If you want something done properly, do it yourself
There was, however, a company that could force new keys onto keyboards. Microsoft.
In 1994, Redmond launched the first Microsoft Natural Keyboard. In addition to its unusually curved ergonomic design, the keyboard boasted some keys not found on other devices of the time. Three of them, in fact. Two bore the Windows logo; the third bore a menu icon.
It didn’t happen overnight, but those keys have become standard fixtures of all PC keyboards. Lately the menu key (which is used to show context menus and is essentially equivalent to right clicking or pressing shift-F10) has started to disappear, but the Windows key remains a steadfast fixture of the modern keyboard.
And yet, strikingly, Microsoft didn’t add a SAK button to its Natural Keyboard. It hasn’t added one to any subsequent keyboard, either. All sorts of other keys have materialized—keys to control media playback, change the volume, adjust the screen brightness, and so on—but a logon key is not one of them.
Which is not to say that logon keys have not been tried. While consumer-oriented versions of NT lift the SAK requirement (by default, you don’t actually need to press ctrl-alt-del to log on, though you can enable the option if you prefer), enterprises tend to stick with it. This creates a conundrum for enterprise-oriented Windows tablets: how to press ctrl-alt-del on a tablet with no keyboard at all? Their solution is simple: a single key that emulates the pressing of ctrl-alt-del to allow logging on. Microsoft even has a name for such a key: it’s called the Windows Security Button.
Adding such a key to the keyboard would have been trivial. It would even sidestep any compatibility issues (as falling back to a traditional ctrl-alt-del would always be possible on legacy systems that lacked the key). Microsoft had the power and the opportunity, but it didn’t bother.
So our question to Bill Gates would be, if you really wanted this button so much, why didn’t you do it yourself? IBM couldn’t have done it, but Microsoft sure could.
Our guess as to the answer? Nobody actually cares that much. Ctrl-alt-del is no hardship, and leveraging a well-known key combination for this kind of feature is, in fact, logical and straightforward. Blaming IBM—who did, after all, first put those three keys together—makes for an amusing way of ending an otherwise far-too-nerdy-for-its-own-good digression, even if it’s playing a bit fast and loose with the facts.