Results 1 to 8 of 8
  1. #1
    Banned Member
    Join Date
    Mar 2012
    Location
    Calgary
    Posts
    2,522
    Thanks
    0
    Thanked 170 Times in 142 Posts

    Thumbs up So, you don't like malware, right?

    Secure Boot in Windows 8 prevents malware on systems. But, you are require to use UEFI machines to have Secure Boot.

    Microsoft made improvements in Windows 8 with UEFI based machines.

    http://blogs.msdn.com/b/b8/archive/2...with-uefi.aspx

    Cheers,
    Drew
    Win8Logo (2013_02_06 10_30_24 UTC).jpg

    PS: This is one big reason why I was happy to go to a UEFI M/B & Windows 8

  2. #2
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,801
    Thanks
    33
    Thanked 53 Times in 52 Posts
    Right, Drew, I do not like malware either. This UEFI is a step forward. In my machines, I have the MBR protected. would this achieve the same purpose in a different way? The way that I look at it, it seems to me that if malware intervenes in my booting, the machine stops and yells a warning as in UEFI, it would keep going to boot and save the day. My MBR protection is in BIOS, once done, set for ever. Of small means, I do not have a new UEFI MoBo . . . yet ! Jean.

  3. #3
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,764
    Thanks
    26
    Thanked 424 Times in 338 Posts
    Actually, Secure Boot prevents un-signed boot code from executing, and that's all it does. Once Windows boots up, there is no further protection from Secure Boot. My laptop is UEFI capable, and I've re-configured it from the factory MBR setup through a bit of a convoluted process. But I haven't enabled Secure Boot, and probably won't.

    I might want to try Linux on this laptop at some point, and I don't want to have to jump through hoops to do it.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  4. #4
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    New Hampshire USA
    Posts
    431
    Thanks
    12
    Thanked 37 Times in 34 Posts
    There are problems with mechanisms other than merely different operating systems. For example, TrueCrypt's documentation suggests that its bootable whole-disk encryption facility works only with MBR-style disks, and even if they could extend it to work with UEFI-(edit: probably should say GPT-)style disks it seems clear that Secure Boot wouldn't play nicely with it.

    By contrast, I suspect that one would merely need to disable BIOS MBR protection while encrypting a disk and then reenable it afterward to work with TrueCrypt's bootable whole-disk encryption.

    I'd be curious whether such BIOS MBR protection mechanisms protect the entire first logical track on the disk, though, since if they don't installation of a facility (such as some boot managers) that uses later portions of the track for boot management might allow substitution of malicious code at the point the MBR jumps to. It also seems likely that protecting the MBR wouldn't protect against malware modification of the code that the MBR code jumps to in the active partition - i.e., that this protection only guards against attacks that target the MBR itself without providing the end-to-end boot protection that Secure Boot (for all its downsides) provides.

    On the third (or is it now fourth?) hand, if malware could (in the absence of Secure Boot) compromise one's computer it could usually simply compromise portions of the operating system and applications on it, as most conventional malware does: where, after all, would the code that initially sabotages the boot environment normally first execute but within your running system? So while Secure Boot may guard against some special-case scenarios in which some external agent messes around with your disk while you're not booted from it, Secure Boot doesn't sound to me like it's worth its annoyances.
    Last edited by - bill; 2013-03-31 at 16:16.

  5. #5
    3 Star Lounger
    Join Date
    Mar 2012
    Location
    NY state
    Posts
    229
    Thanks
    12
    Thanked 23 Times in 22 Posts
    Does it interfere when booting from a rescue CD like Acronis TI to restore an image?
    Joe

  6. #6
    Banned Member
    Join Date
    Mar 2012
    Location
    Calgary
    Posts
    2,522
    Thanks
    0
    Thanked 170 Times in 142 Posts
    "for all its downsides"

    Not to seem naive but, what are they?

    Cheers,
    Drew

    Sent from Windows Phone 8

  7. #7
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Location
    Polk County, Florida
    Posts
    3,764
    Thanks
    26
    Thanked 424 Times in 338 Posts
    Quote Originally Posted by Drew1903 View Post
    "for all its downsides"

    Not to seem naive but, what are they?
    You have to be there... Here's a sample. There's lots more - Google.

    What it boils down to is that buying a license for Microsoft Software in conjunction with a PC should not become an obligation to use only that software on that PC. Had Microsoft left Secure Boot as an opt in for end users, there would not be much of a story.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  8. #8
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,798
    Thanks
    117
    Thanked 799 Times in 720 Posts
    It also gets messy when you want to dual boot with an older version of windows.

    Jerry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •