Windows 8, like Windows 7 and Vista before it, is being touted as the most secure version of Windows ever. In past releases, many of the security improvements have come through exploit mitigations such as ASLR and DEP and better software security practices during development. In Windows 8, however, one of the major changes is the addition of UEFI, a BIOS replacement that will include a secure boot sequence to help prevent low-level malware infections. That change, however, is not sitting well with everyone.
The way that Windows 8 client machines will boot is going to be quite different from the way that current Windows PCs do. Instead of a BIOS, Windows 8 PCs will include an implementation of UEFI (Unified Extensible Firmware Interface), which is more flexible and programmable than BIOS is. UEFI will sit between the firmware and the Windows operating system and Microsoft is reportedly going to require that any client machine that runs Windows 8 have a secure boot sequence enabled by default. That sequence will require that whatever software is loaded during boot be signed by one of the keys included in the firmware. If the firmware or software isn’t signed by a trusted certificate authority, Windows 8 will not load it.