RSA 2012: Malware gets the boot in Windows 8, notes Charney

Charney told the RSA 2012 conference on Tuesday that Windows 8 will use UEFI, which will employ a secure boot sequence to help prevent malware infections in the computer boot phase. The computer is particularly vulnerable to infection during this phase because anti-virus software cannot detect it.

In a white paper, Microsoft explained that in contrast to BIOS, the UEFI firmware uses Authenticode digital signatures in the pre-operating system environment. “By using this capability, the firmware can verify software before it executes and ensure that no untrusted code runs before the operating system loads. This enables the operating system to establish a secure foundation for all the other software on the computer. Microsoft supports this capability and encourages hardware partners to take advantage of it.”

According to some researchers, the threats to computer at the boot phase are growing, targeting weaknesses in the current BIOS firmware. In September, Symantec discovered the Trojan.Mebromi malware designed to infect the BIOS as well as the master boot record.

The primary means that cyber criminals use to attack the BIOS is through a type of rootkit known as a bootkit. The number of bootkits targeting the Microsoft Windows platform increased rapidly last year, a trend that is likely to continue this year, according to David Harley, senior research fellow at ESET UK.

Microsoft’s plan to switch to UEFI for Windows 8 has received some criticism. Ross Anderson, a researcher with the University of Cambridge, worried that this move by Microsoft could prevent operating systems like Linux and FreeBSD from running.

“Proposed changes to the UEFI firmware spec would enable (in fact require) next-generation PC firmware to only boot an image signed by a keychain rooted in keys built into the PC. I hear that Microsoft (and others) are pushing for this to be mandatory, so that it cannot be disabled by the user, and it would be required for OS badging....The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate. It is clearly unlawful and must not succeed”, he wrote in a blog.

What’s hot on Infosecurity Magazine?