Page 3 of 3
ESET's Goretsky hopes that ELAM is eventually upgraded to provide more flexible functionality that would overcome current limitations in memory and processing parameters.
Symantec's Egan agrees that ELAM is a step in the right direction.
"This gives us an opportunity to load our drivers much earlier in the boot cycle to help us fight off rootkits and bootkits," he said. "We won’t have IPS or reputation-based systems running yet. But it will help."
Egan also questions the effectiveness of the forthcoming use of SmartScreen, which checks software against a database of known threats before it is installed. "We are a bit skeptical about this because we have found that when you ask users to make choices around security, they typically make choices based on what they think will take them quickly to where they want to go, as opposed to thinking about security aspects, which they frequently don’t understand," he said.
In the end, it’s possible that the main effect of increased security in Windows 8 will push the attacks further up the stack towards applications, and particularly the browser.
Added Goretsky, "If this becomes a very secure operating system, we could see a shift towards all sorts of social engineering types of attacks, because no matter how secure you make the technology, as long as there's a human using it, the human is going to behave in a fallible way."
Microsoft declined to be interviewed for this report.