Once you login to Windows, what you see is the default desktop - where users run their applications.
Lets start with the most familiar private desktop you see on a Windows environment.
Just press Ctrl+Alt+Del - here comes the 'winlogon' desktop, which is a private desktop, isolated from the applications running on the default desktop.
By switching to the winlogon private desktop - it makes more difficult for malicious applications running on the default desktop to steal sensitive information.
Now, lets go back to the subject.
Once the CardSpace pops up for card selection - it also creates a private desktop.
It looks like your machine is frozen and even the windows clock seems to be not running.
Actually - what you see here behind the Identity Selector is an image taken of your default desktop at the time the Identity Selector being invoked and this image being set as the background image of the CardSpace private desktop.
As per the reasons mentioned above, we get following benefits by running Identity Selector in a private desktop.
1. Protection for users when they enter confidential data while using Managed Information Cards.
2. Malicious applications running on the default desktop cannot access the Identity Selector to capture information regarding user's card usage.
Not all the time CardSpace runs on a private desktop.
In some cases, CardSpace UI also runs on the default desktop.
Say for example, once the CardSpace pops up, click the link 'Restore Cards' and then the 'Browse' button.
This action will switch the user from CardSpace private desktop to the default desktop.
But, even in this case the user won't feel that he's moving away from the private desktop - here this is a trick used to give the user a consistent experience by setting a 'faded desktop' image in the background.
Private desktops in most of the cases will protect you from malicious applications, but still you are well exposed to hardware based attacks such as external keyllogers which could intercept your keystrokes.