In Windows 8, your traditional BIOS has now been replaced with UEFI, the Unified Extensible Firmware Interface. While UEFI alone is not controversial, one of its features, called “Secure Boot,” certainly is. Secure Boot prevents a computer from booting into an operating system unless the boot loader code is digitally signed with a certificate derived from a key stored in the UEFI firmware. This digital signature allows the UEFI firmware to verify that the boot loader code it reads from the disk into memory is in fact from a trusted source before allowing the processor to execute it. This effectively mitigates the risk of a malicious “boot-kit” from being run on boot to facilitate persistent malware. In considering the security aspects of Secure Boot, you must consider that hackers have stolen digital certificates in the past and those certificates have been used to successfully sign malware. So with that line of thinking, the jury is still out on the UEFI Secure Boot benefits.
While not an all-encompassing review of the security features available in Windows 8, in this slideshow, Paul Henry, security and forensic analyst at Lumension, takes a quick look at some of the more noteworthy capabilities in this latest iteration from Microsoft.