But Windows would intercept it. If the user is already logged, in they get that menu that can start the task manager (I forget what else is there). The rogue application doesn't have a choice as to what Windows does with the combo (short of locking the session or logging out which would likely be fairly blatent behavior). It certainly can't snoop the keypresses on that alternate desktop (I would sincerely hope). So, since the rogue application never gets the password, I don't see how it's being bypassed.