

I say that with the understanding that Apple tried this with their systems and they still have virus writers who can compromise their system. Microsoft seems to have take this approach as their next step through the security door and it’s seems quite evident that they’ve not learned their lesson from others. I’ve heard time and time again this idea and it seems to be a growing concern with UEFI and how virus writers / developers will overcome UEFI and be able to install viruses / Malware around the the Windows system to be able to do what they have always been able to do. I wouldn’t call some being a small amount of people but a large amount. Some members of the technology industry have raised the concern that the well-documented, modern, high-level language interface provided by UEFI makes it easier to compromise a platform that the ability to add modulesĪnd applications to the boot process could compromise security. Unless Attestations can be programmed to boot Windows a certain everytime in hardware, we will always have the virus developers skirting around the boot process. Attestation can’t always witness or even prove a program doesn’t have the right to be run or used in boot up. The problem with this is even more obvious to the security of a system. The goal of attestation is to prove to a third party that your operating system and application software are intact and trustworthy. Microsoft is only doing the complete opposite of what they claim. I am quite concerned with this also because it seems Microsoft trying to force users onto a proprietary system. Afterall, I’ve even had my son get information on how to get around the security requirements for Windows 11 and install Windows a boot logged copy of it onto a USB just to play around with it. Even listening to others talk about what Windows 11 can do or can’t do seems quite obvious.

I have been doing some major research into secure boot and TPM and everything I’m seeing is a little bit worrying to say the least. “Microsoft claims that their telemetry shows that they have seen up to a 60% reduction in malware when TPM-enabled features like Windows Hello and BitLocker encryption are used on supported devices - it’s unclear why that would be at all true, unless it’s correlation and not causation” Steve Gibson (Security Now #825 Podcast) Photo by TheDigitalWay on Pixabay Microsoft’s bad Idea
