In Windows Vista x64, drivers are required to be signed by someone holding a VeriSign code certificate or they won’t load. There is no way to (permanently) disable this signing even if you are Administrator. The F8 startup menu has an option to disable it, but you must select it every time you boot up. Microsoft’s claimed reason for this is that it prevents Trojans from installing kernel-mode rootkits. That is a load of crap.<\/p>\n
First of all, kernel-mode rootkits are rare. The vast majority of Trojans are user-mode programs that install a keyboard hook, request an incoming port, and add themselves to the registry so they run at startup. Most of them are there to steal passwords, install adware, and\/or become a spam-sending zombie. None of these require a kernel driver. Considering how many are written in Visual Basic, it seems unlikely that most Trojan authors would have the skill.<\/p>\n
Second, if you’re running as Administrator, driver signing is not going to stop you. Although the DevicePhysicalMemory loophole (Windows’s \/dev\/mem) was blocked in NT 5.2 (2003 and XP64), there are still other ways to get around it:<\/p>\n
Microsoft definitely knows about these problems, and is likely going to solve them through Trusted Computing. Vista’s “Bitlocker” does this, but is currently optional. We all know it won’t be optional in NT 6.1 or 7.0.<\/p>\n
The driver signing serves as only security through obscurity against kernel rootkits, and most Trojans don’t even care about the kernel. Vista also has Mac OS-style authorization dialogs for any privileged operation, which hopefully will make you aware when something is wrong. That is the real feature against Trojans, not driver signing.<\/p>\n
So why does Microsoft do this? Three-letter answer: DRM. Microsoft wants to prevent fake audio (and video) drivers from streaming decrypted audio to disk instead of to a sound card. Since they currently can’t get the “secure audio path” they want, they’ll settle for driver signing. By forcing driver signing, it’s no longer possible to anonymously write drivers. With the DMCA and similar laws around the world, nobody wants to attach their real name to a crack. Not to mention that VeriSign only certifies established companies, not individuals.<\/p>\n
Microsoft has publicly said that the purpose of driver signing is not DRM. But their own statements contradict this. From http:\/\/www.microsoft.com\/whdc\/system\/platform\/64bit\/kmsigning.mspx<\/a>:<\/p>\n “When Windows Vista accepts test signed kernel mode binaries, some premium content that is protected may not be accessible on the system.”<\/em><\/p>\n In other words, when you use a test signing key (allowing you to get away with a non-fully signed driver), Windows Media DRM disallows playback of protected media. Clearly, the driver signing system is<\/strong> tied to DRM, contrary to Microsoft’s statements.<\/p>\n myria<\/p>\n","protected":false},"excerpt":{"rendered":" In Windows Vista x64, drivers are required to be signed by someone holding a VeriSign code certificate or they won’t load. There is no way to (permanently) disable this signing even if you are Administrator. The F8 startup menu has an option to disable it, but you must select it every time you boot up. … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[],"class_list":["post-12","post","type-post","status-publish","format-standard","hentry","category-whines"],"_links":{"self":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts\/12","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12"}],"version-history":[{"count":0,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=\/wp\/v2\/posts\/12\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pagetable.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}