Windows 8 is promising some interesting security improvements that should significantly cut down on some of the more annoying threats that seem to get alot of attention (both positive and negative). One is the Windows Secure Boot. This new feature should protect users against a whole class of malware that likes to attack the boot path – rootkits, boot sector viruses and various boot loader viruses. The basic premise on how this feature will behave, is by only allowing digitally signed and validated code to load during the boot process. Anything unsigned will get caught and will trigger the Windows Recovery Environment to correct it. The only downside is that the service will require an UEFI based Secure Boot feature to function. Microsoft lists some of the elements for the feature as:
- All firmware and software in the boot process must be signed by a trusted Certificate Authority (CA)
- Required for Windows 8 client
- Does not require a Trusted Platform Module (TPM)
- Reduces the likelihood of bootkits, rootkits and ransomware
New Windows 8 requirements:
- Windows 8 client systems must be certified in UEFI mode
- Secure boot
- Secure firmware update process
- UEFI GOP driver support
- New graphics requirements
- POST time maximums
During the Build conference – Arie van der Hoeven did a great session to show this functionality and on how this new feature wouldn’t impact the boot time.
Related articles
- A Sneak Peak at New Windows 8 Security Features (techie-buzz.com)
- Windows 8 Gets New, Faster Boot Process (sascho.wordpress.com)
- Windows 8 Fast Startup, Faster Boot Times (ghacks.net)
- Windows Defender Expanded in Windows 8 Security Update (linearfix.wordpress.com)
- Windows 8 to ship with built-in malware protection (go.theregister.com)
- Microsoft details its security improvements for Windows 8 (winrumors.com)
