What’s the fuss about Windows 8 turning UEFI on by default?
Here’s Ed Bott’s post:
Malware authors are getting more creative and more vicious. A rootkit that can infect key operating system files can hide itself so thoroughly that it is virtually impossible to detect. The TDL4 rootkit is probably the best known and most deadly of the bunch. It can patch the Windows Boot Configuration Database, overwrite key system modules, and disable driver signing requirements, just for starters. It is a nightmare to clean up.
The secure boot feature pulls the rug out from under this rootkit and everything like it. Those key boot files that the rootkit tampers with are digitally signed. With Secure Boot enabled, any modification to those files is detected at startup by the UEFI code-signing check, and the system stops in its tracks. Rootkit foiled, user protected, recovery possible.
Here’s the deal: OEMs will offer an option to disable UEFI for non-Windows 8 OS and enable it by default with Windows 8.
It’s that simple. No FUD necessary.