We have brought you the potential perils of the upcoming UEFI Forum-implemented - www.uefi.org - Windows 8 secure boot feature here, here and here. However, it appears that it may not be so 'secure' after all, since there appears to be a surefire way to circumvent it, at least for the moment, while it's in development. Softpedia has scored an exclusive interview with security researcher Peter Kleissner, who has created various Windows (XP, Server 2003 etc) "bootkits", which allow OS infection at the highest privilege level, giving unrestricted access to the whole of the PC. His latest one, called Stoned Lite, shows how the Windows 8 secure boot process, still in development, can be subverted, as it stands. He is planning to release details of how the code works at the upcoming International Malware Conference (MalCon) - http://malcon.org - that will take place in India on November 25th. It appears that the real vulnerability exists in the legacy BIOS boot procedure, not in Microsoft's implementation of secure boot, as Kleissner said: And as Softpedia put it: Kleissner explained that the basic way Stoned Lite works is by using command line escalation: So, this problem is only present if someone has physical access to the computer and is able to boot off a CD or USB stick. Therefore, this security vulnerability will have no impact in many scenarios where the threat of this kind of attack is very low. Examples include the home environment (usually) and data centres with very good physical security and the other measures they have in place. The most likely place for problems could be in workplaces where someone boots a PC after hours and installs a keylogger or other malware on the system. A significant threat, to be sure. However, despite this vulnerability, secure boot still makes conventional malware attacks useless, such as drive-by downloads from malicious or hacked websites and opening attachments from spam emails, among the many infection vectors around. Still, it makes Microsoft's bold claim in September, that: a little less reassuring, doesn't it? Note that Kleissner will not be at MalCon in person, because he will be attending another conference held on the same day, the European Bitcoin Conference in Prague, where he will show "how to re-direct locally initiated BitCoin transactions, but also show how the BitCoin wallet can be secured better against theft." Therefore, someone else will go in his place to deliver the message, or he may pre-record it. Finally, while this is a big step forward for PC security, like every other security improvement, there's always a hack to get around it with time somehow, somewhere, which can then be patched and hacked and patched... However, in this case, when the secure boot system goes live and a core vulnerability is found in the UEFI or some other low level component, patching won't be so simple, or maybe even impossible, due to its low level nature. So, once again the suspicion remains that this whole 'initiative' is a backdoor to locking out competing operating systems such as Linux and to DRM your whole PC to 'protect' the profits of big content, in a similar way they already do on games consoles. There's a lot of big corporate interests riding on secure boot, so do not ever rule out the possibility that it will be subverted to further them.