Isnt it when first introduced at win8 you cant even install win8 os if secure boot is disabled?
First, it is important to note Secure Boot was required ONLY with factory assembled computers and ONLY if those makers wanted to put a "Windows certified" (or some similar verbiage) sticker on the computer (and box). And of course, the motherboard had to have a UEFI BIOS, not a traditional BIOS. Home builders did not have to enable it.
But StrayKAT is right again and MS has fixed and changed a lot about how SB is implemented in W10.
It should also be noted that MS endured years and years of relentless bashing over security (or lack of it). Even 10 years after XP came out, they were still getting bashed when it was the bad guys perpetrating the crimes, not MS. And why didn't Norton, McAfee, TrendMicro and the others stop it? Because they had no financial incentive to rid the world of malware - but that's for another discussion.
MS is stuck between a rock and hard place. If they make Windows too flexible, it exposes security vulnerabilities and gives the bad guys lots of opportunities and ways to get in - and then MS gets bashed for not caring about user security.
If Microsoft locks down Windows and takes away flexibility, even though security is greatly improved, MS gets bashed for not caring about user flexibility.
With XP, a great amount of flexibility (which included legacy hardware and software support) was built in, but security was compromised and Microsoft was relentlessly bashed. So then the pendulum swung the other way and Windows 8, while much more secure, was very inflexible. YOU WILL LIKE the new UI for example. You WILL USE secure boot. And more. And then of course, MS was relentlessly bashed for being too rigid and Windows sales plummeted.
Microsoft, and rightfully so IMO, would much rather be bashed for being inflexible than for allowing the bad guys to run roughshod over their users.
So now with W10, the pendulum has swung back closer to the middle. Microsoft is putting security well ahead of flexibility, but at the same time, allowing users to once again customize and personalize Windows to our own liking. And IMO, they are doing a great job of that.
We (consumers) have to realize one of Windows greatest assets is it is highly customizable. Users can configure it to look and feel just about anyway we want. We can install all sorts of hardware from 1000s of different makers and be confident Windows will support it. Same with software. If we wanted a computer that was so locked down, so controlled with "proprietary" configurations and parts, we all would have bought Macs! Right?
But we must also understand and accept that one of Windows greatest liabilities is it is highly customizable. And that leaves opportunities for mistakes and vulnerabilities to be accidentally (intentionally?) written into or opened up in the software or driver code - especially if we dink with W10 defaults.