Linked by Thom Holwerda on Sat 21st Jan 2006 22:42 UTC, submitted by PlatformAgnostic
"With little fanfare, Microsoft just announced that the x64 version of Windows Vista will require all kernel-mode code to be digitally signed. This is very different than the current WHQL program, where the user ultimately decides how they want to handle unsigned drivers. Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. Microsoft says they won't charge for it, but they require that you have a Class 3 Commercial Software Publisher Certificate from Verisign. This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities."
Thread beginning with comment 88234
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Morons strike back
by halfmanhalfamazing on Sun 22nd Jan 2006 13:09
in reply to "RE: Morons strike back"
Member since:2005-07-23
---------------"It will also prevent drivers from unknown sources." - unknown to whom? Unknown to Microsoft, or to me? This means I cannot even choose to write my own drivers for my own machine, unless I persistently attach a debugger, or always hit F8 on boot.------------------
Sounds to me like you need a little linux in your life. We'd be glad to have you and your driver-writing skills being as MS doesn't want you.
:-P
RE[3]: Morons strike back
by dotMatt on Sun 22nd Jan 2006 22:33
in reply to "RE[2]: Morons strike back"
Member since:2005-07-29
Actually, I am a Linux/(Free)BSD user of ~8 years (with a little bit of linux driver tickling), although forced to admin a large Active Directory as part of my day job ... so I understand the flexibility Linux gives me, and experience the pain of Microshaft's inflexibility ... ;-)
Member since:
2005-07-29
OK -- I'll bite:
"This will prevent installation of rootkits" - the current process would have sufficed. *Prompt me* before installing anything (signed *OR* unsigned), then let me choose. Besides, all it will take is *ONE* stolen signing key to start signing rootkits for silent installation.
"It will also prevent drivers from unknown sources." - unknown to whom? Unknown to Microsoft, or to me? This means I cannot even choose to write my own drivers for my own machine, unless I persistently attach a debugger, or always hit F8 on boot.
"Most vendors already have SSL certificates, so i don;t think it will be too much burden on vendors to buy one 1000$ certifiate to sign their drivers." - Mostly Correct -- most *big* vendors have SSL certs. However, little vendors, even if they have Web Server SSL certs, may not have developer code signing certs *from Verisign*. What about the cert I already bought from Thawte? What if I do not qualify for the "Class 3 Commercial Software Publisher Certificate" ?
IFF (yes -- two 'F's) microsoft really wants to register developers for code signing for the safety of end users, why not develop their own Signing Authority which is freely available upon request, instead of using the costly Verisign cert?
Signed,
Moron