Windows 8 will be released next week and beside the cosmetic changes we’re all seeing, the new operating system also comes with a very important list of security updates.
Microsoft’s brand new “Early Launch Anti-Malware,” also known as ELAM, is a major step towards a more secure working environment, said Aryeh Goretsky, researcher at antivirus software firm ESET.
This built-in tool developed by Microsoft is actually a way to make sure that anti-malware software starts before the malicious apps at system boot.
In case the infected files are allowed to run before the antivirus products, they could disable system security entirely and allow the execution of other malicious drivers.
“While the effectiveness of ELAM is as yet unproven, the concept behind it is fundamentally sound and it should prove to be a major deterrence to boot-time malware. The technology, however, may need to be periodically updated to overcome existing limitations and provide additional functionality,” Goretsky explained.
“Advanced functionality for memory and disk manipulation would be useful for enhancing the detection and removal capabilities of anti-malware programs.”
It’s important to note however that ELAM is not a malware removal product, but only a security feature aimed at blocking infected code from interfering with the system, the security researcher said.
Security products are still needed, he added, but Microsoft has also improved this area too by releasing an updated version of its popular Windows Defender.
“ELAM device drivers are limited to using 128MB of memory to store both its program code and data. More importantly, it has no ability to remove malware. ELAM is strictly a detection technology at this point,” Gorestky concluded.