MICROSOFT_PRESS_EBOOK_INTRODUCING_WINDOWS_10
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
FIGURE 5-1 Security features in Windows <strong>10</strong>, enabled on modern hardware, help prevent malicious software from<br />
tampering with the boot process.<br />
Here is a description of the four numbered elements shown in Figure 5-1:<br />
■■<br />
Secure Boot The most basic protection is the Secure Boot feature, which is a standard part of<br />
the UEFI architecture. (It’s defined in Chapter 27 of the UEFI 2.3.1 specification.) On a PC with a<br />
conventional BIOS, anyone who can take control of the boot process can boot using an alternative<br />
OS loader, potentially gaining access to system resources. When Secure Boot is enabled,<br />
you can boot only by using an OS loader that’s signed using a certificate stored in the UEFI firmware.<br />
Naturally, the Microsoft certificate used to digitally sign the Windows 8.1 and Windows<br />
<strong>10</strong> OS loaders are in that store, allowing the UEFI firmware to validate the certificate as part of<br />
its security policy. This feature must be enabled by default on all devices that are certified for<br />
Windows 8.1 or Windows <strong>10</strong> under the Windows Hardware Certification Program.<br />
■ ■ Early Launch Antimalware (ELAM) Antimalware software that’s compatible with the<br />
advanced security features in Windows 8 and later versions can be certified and signed by<br />
Microsoft. Windows Defender, the antimalware software that is included with Windows <strong>10</strong>,<br />
supports this feature; it can be replaced with a third-party solution if that’s what your organization<br />
prefers. These signed drivers are loaded before any other third-party drivers or applications,<br />
allowing the antimalware software to detect and block any attempts to tamper with the<br />
boot process by trying to load unsigned or untrusted code.<br />
60 CHAPTER 5 Security and privacy in Windows <strong>10</strong>