Microsoft Aims to Increase Firmware Security

While antiviruses can protect a PC as soon as it loads into the operating system, many current malware attacks have started targeting the firmware of a device. As a result, these pieces of malware attempt to disrupt the UEFI or BIOS before loading into the operating system. Since antivirus software needs to load before detection can take place, the detection rates of these malicious software traces are low. To deal with this issue, Microsoft’s latest addition to its PCs is a system that attempts to secure the firmware to make it less susceptible to attackers.

Introducing the Secured-Core Initiative

The secured-core PC initiative is a series of device requirements that make it impossible for malicious users to gain access to the firmware of specific devices. Among the elements required by the program is the stipulation that the device only offers minimal trust to the firmware layer or device core. The requirements also stipulate isolation of the hardware, to ensure that anything that underpins the Windows 10 operating system cannot be compromised. The intention is to make it impossible for malware to access the underlying areas that deal with the basic functionality of Windows 10 to bypass its security systems.

While a lot of regular users may appreciate the added security, the initial secured-core initiative for devices will be marketed at professionals. Among the professions that the company will be seeking to target are medical, engineering, health, and finance industries. These devices tend to have more sensitive information on them and stand to benefit the most from more secure device operation.

A Development From the Xbox

Secured-core architecture comes from the way Microsoft has built its Xbox console. The device is manufactured in a way that makes it impossible for owners of the device to hack it to play pirated games. The Xbox manufacturing process uses an extremely high threat level since it doesn’t grant trust even to the user in possession of the device. By learning from their previous work on the console, Microsoft put together the basic building blocks of the secured-core model.