The phrase you're groping for is 'Secure Attention Key' (in some older systems it was literally one key press). Linux has some rudimentary low-level support for this capability but it never seems to have ascended into an end user feature of any consequence. No application can trap the SAK combination because long before any code runs that lets userspace applications fiddle with the key presses, the kernel has noticed that the SAK has been pressed and short-circuited to a path that just handles this special case.
In Windows when you press the SAK it forcibly summons a separate desktop, which you can think of as being kind of like a separate X server process. This desktop is "owned" by the System user, roughly equivalent to Unix root, so anyone with permission to tamper with it could just have replaced the entire OS kernel or whatever they wanted.
On the system desktop lives the login dialog (when nobody is logged in), the lock dialog (when somebody is logged in, but their password is needed to resume their session) and that dialog which offers you choices like changing who is logged in or starting a task manager. Because they live in a separate desktop, ordinary programs can't tamper with them and are only just barely aware they exist.
Within a single desktop (or indeed an X session) ordinary programs can snoop all keypresses, silently take pictures of other windows, send fake keypress or mouse click events, initiate phony drag-and-drop operations, impersonate other programs (e.g. popping up a SSH passphrase dialog) and other nasty tricks. They cannot, however, prevent the SAK from summoning its secure desktop.