Star Windows Vista x64 To Require Signed Drivers
Linked by Thom Holwerda on Sat 21st Jan 2006 22:42 UTC, submitted by PlatformAgnostic
Windows "With little fanfare, Microsoft just announced that the x64 version of Windows Vista will require all kernel-mode code to be digitally signed. This is very different than the current WHQL program, where the user ultimately decides how they want to handle unsigned drivers. Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. Microsoft says they won't charge for it, but they require that you have a Class 3 Commercial Software Publisher Certificate from Verisign. This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities."
E-mail Print r 0   107 Comment(s) http://osne.ws/abw
Permalink for comment 88234
To read all comments associated with this story, please click here.
RE: Morons strike back
by dotMatt on Sat 21st Jan 2006 23:27 UTC in reply to "Morons strike back"
dotMatt
Member since:
2005-07-29

OK -- I'll bite:
"This will prevent installation of rootkits" - the current process would have sufficed. *Prompt me* before installing anything (signed *OR* unsigned), then let me choose. Besides, all it will take is *ONE* stolen signing key to start signing rootkits for silent installation.

"It will also prevent drivers from unknown sources." - unknown to whom? Unknown to Microsoft, or to me? This means I cannot even choose to write my own drivers for my own machine, unless I persistently attach a debugger, or always hit F8 on boot.

"Most vendors already have SSL certificates, so i don;t think it will be too much burden on vendors to buy one 1000$ certifiate to sign their drivers." - Mostly Correct -- most *big* vendors have SSL certs. However, little vendors, even if they have Web Server SSL certs, may not have developer code signing certs *from Verisign*. What about the cert I already bought from Thawte? What if I do not qualify for the "Class 3 Commercial Software Publisher Certificate" ?

IFF (yes -- two 'F's) microsoft really wants to register developers for code signing for the safety of end users, why not develop their own Signing Authority which is freely available upon request, instead of using the costly Verisign cert?

Signed,
Moron

Reply Parent Bookmark Score: 5