Submitted by “With little fanfare, Microsoft just announced that the x64 version of Windows Vista will require all kernel-mode code to be digitally signed. This is very different than the current WHQL program, where the user ultimately decides how they want to handle unsigned drivers. Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. Microsoft says they won’t charge for it, but they require that you have a Class 3 Commercial Software Publisher Certificate from Verisign. This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities.”
That rank right up there with banking and insurance…
I give it three months before they end up in court about this one.
That rank right up there with banking and insurance…
Na, the best scam – NRMA in Australia will sell you insurance only if you have a house alarm – ooh, and look at what they sell, house alarms!
What a co-inci-incidence!
what a mess
Edited 2006-01-21 23:02
This will not fly. This is definately MS using their monopoly to get money into at least other poeple’s pockets, who will probably pour a little bit of that back into MS’s.
No, this is Microsoft attempting to protect users from buggy, crappy, and malicious drivers. I think that’s a good thing.
That does not mean the Verisign crap is good. That just sucks. But the original idea of letting only well-written drivers and trusted drivers into the kernel is GOOD.
I was just going to say the same thing, because I knew someone would bitch about it for the sake of bitching about some Microsoft-related.
I suffered for many years from shitty VIA and Creative drivers. I’m glad that driver quality standards have gone up since then, and I’m lucky not to suffer from stability problems as a result of that nowadays. This is an excellent move on Microsoft’s part — at least in part.
You do realise that VIA and Creative and others will by a certificate and then release the buggy drivers anyway. Just because you know (the result of signing) who it comes from, in no way makes it better code.
More to the point this is simply quality through wishful thinking, because it can be circumvented.
No, this is Microsoft attempting to protect users from buggy, crappy, and malicious drivers. I think that’s a good thing.
Except it won’t have any effect on that. MS won’t be doing any sort of quality control on the drivers and from what I can read the PIC will basically be available to anyone who can cough up $500 a year and convince Verisign that they are a commercial company. Nothing stoping anyone from writing buggy drivers.
and also, what about those far eastern companies who make cheap peripherals.
will they stop supporting Windows, or will they increase the cost to reflect the increase they pay ?
You’re wrong. MS will be doing quality control, like they do now. No driver gets signed unless it passes the HCT tests.
You’re wrong. MS will be doing quality control, like they do now. No driver gets signed unless it passes the HCT tests.
Drivers can be signed by the publisher independent of MS. Drivers will not be signed w/ MS’ cert or logoed unless they are WHQLed however. Again, this is more about code trust for admins than about quality. This is fully independent of WHQL. Any additional quality/stability gains are a side-effect of the admin being able to better restrict what versions of drivers for a particular set of publishers get installed.
BTW, I can’t call up the documentation right now, but there’s a section in the DX/MDX help docs about code signing. IIRC, other trust roots than Verisign (e.g., Thawte) can be used, but I believe their was something about the process that made Verisign the recommended vendor. If this thread is still “alive”, I’ll post an excerpt from those docs when I get to them (or you can download the latest DX SDK if you can’t wait).
The signature mechanism here doesn’t ensure well-written drivers are developed and released. If that is their legitimate intention then their implementation does not reflect a significant effort, because this really offers little more in terms of assurance than signed ActiveX controls. Even to the point where the enforcement mechanism can be disabled.
Secure development of correct drivers on the other hand is an interesting research topic.
No, this is Microsoft attempting to protect users from buggy, crappy, and malicious drivers. I think that’s a good thing. —Thom Holwerda
Sorry Thom, I have to disagree here. What it means is that people with older hardware are being told to go #@*& themselves. I have an old Hauppauge WinTV card that has lasted for ages.. I believe it was in 1999 I bought it and it still works great with the latest drivers– what do you think the odds are that Hauppauge will continue to support this and other older products now that it will cost them money over and above what they already budget for to do so?
This won’t actually help much with misbehaving hardware either, I recall all the trouble I had with getting drivers for my then only two years old laptop with an ATI chipset that ATI refused to update drivers for (its the laptop manufacturer’s responsibility) and the Laptop manufacturer refused to do anything about the issue (its ATI’s responsibility) leaving me the user stuck with a laptop that for video driver reasons I had to either use an un-updated installation of XP SP1 or suffer video slowness from the Microsoft signed (and written) video drivers. No other work around existed. And trust me I looked everywhere!
Which is another reason (besides the obvious) that my next laptop will either be made by a Linux manufacturer or certified to be Linux compatible by various sources.
As a customer I have begun to accept that the industry doesn’t care about me unless I come backed by a multimillion dollar corporate account; but the industry needs to recognize that I am not required to continue to be a computing enthusiast. There are other hobbies to get into with (sometimes it seems) much better and tangible rewards. These guys need to watch or the day will come when people just don’t get arsed aout their latest and greatest any more, then what will they do?
–bornagainpenguin (who reminds the reader that the computing industry expects– demands a constant influx of new users as the home market begins to adopt computing, and wouldn’t it be a terrible thing if the home users just gave up, psuhed away by am increasingly hostile industry?)
This won’t actually help much with misbehaving hardware either, I recall all the trouble I had with getting drivers for my then only two years old laptop with an ATI chipset that ATI refused to update drivers for (its the laptop manufacturer’s responsibility) and the Laptop manufacturer refused to do anything about the issue (its ATI’s responsibility) leaving me the user stuck with a laptop that for video driver reasons I had to either use an un-updated installation of XP SP1 or suffer video slowness from the Microsoft signed (and written) video drivers. No other work around existed. And trust me I looked everywhere!
maybe you should have tried one of the normal drivers.
on my laptop i have a rage mobile which suffers from the same problem. but i currently run it with drivers for the expert 98 agp card under xp sp2 and it just works. and as it’s a p2 500mhz class laptop i doubt you have an even older gpu than this
It wasn’t a matter of being old, it was an ATI Mobility M6 Radeon onboard (duh) laptop video card. Its just that at that time ATI was being obstinate about dealing with chipset drivers, and then by the time they had been castigated enough by their users to change their minds they decided to support these chipsets anyway– but starting with the M9 series (IIRC, its been a bit now..); anyone with anything else was SOL. I got so pissed I ended up ripping the ‘Designed for Microsoft Windows XP’ sticker off the side and installing Windows 2000 on it and using the older drivers.
It was a PITA to lose cleartype but at least I no longer suffered from painfully slow video with no acceleration. I ended up giving that laptop to my brother and nabbing myself a newer laptop that works a little nicer, but I really miss the excelent battery life on the one I gave to my brother. [shrugs] The point is that the reason I was having this trouble was because Windows XP post service pack 2 refused to load the older drivers, going so far as to claim that they were written for another totally different OS altogether! I tried using the various ‘hacked’ drivers available like the Omega drivers and the DH mod tool to write in support for this chipset based on ATI reference and the older infs.. and even had a limited bit of success although they were a little too unstable IMHO. The point is, that with this new driver poolicy I wouldn’t even have that choice!
Unlesss… I switched to a different OS altogether? >
—bornagainpenguin
[i]It wasn’t a matter of being old, it was an ATI Mobility M6 Radeon onboard (duh) laptop video card. Its just that at that time ATI was being obstinate about dealing with chipset drivers, and then by the time they had been castigated enough by their users to change their minds they decided to support these chipsets anyway– but starting with the M9 series (IIRC, its been a bit now..); anyone with anything else was SOL. I got so pissed I ended up ripping the ‘Designed for Microsoft Windows XP’ sticker off the side and installing Windows 2000 on it and using the older drivers. [i]
You can hack the M6’s PCI ID into the INF file shipped with the Catalyst drivers. There are even tools on the net that allow you to do it. http://www.rage3d.com and search the forums.
As far as I can tell, a company only needs to pay $500 once to get a cert for their company, not $500 per device/driver. So that kind of kills your argument about companies not supporting their older hardware because it costs more money.
Yes, it’s going to cost a lot more than $500 to port the drivers to be 64 bit. If they decide to do that then I don’t think an extra little charge is going to matter.
No it doesn’t. When a piece of hardware falls of the manufacturer’s catalog and they stop releasing new drivers, *that’s it*. They won’t even go as far as picking up the latest release and rebuild+sign it! No, you either stick with XP or your hardware’s next stop will be the closest landfill (or recycling unit, for the environmentally conscious people out there).
You just admitted yourself that they won’t rebuilt and sign it. In fact, I think signing doesn’t influence it. I think they either rebuild it (if that alone even works, probably not) or they don’t. There may be some exceptions, but I think for the most part, this will certainly NOT affect “old hardware”.
of course it will affect old hardware.
if there is no signed driver, microsoft will expect one to be signed for, so then it will be supported.
if there is currently a driver and it is unsigned, who will pay for it if the company wont ?
can you see microsoft letting old drivers slip through for free?
can you see microsoft letting unsigned drivers even install ?
You seem to be forgetting that this is for Windows Vista x64. You can’t just use old drivers.
So it won’t be possible to use this with vista? (I don’t know it this ext2/3 driver is a kernelmode driver.)
http://www.fs-driver.org/
This would be a shame!
That depends on if MS differentiates between the IFS (installable file system) driver and the file system drivers (NTFS, FAT16/32, UDF, etc.) drivers that plug into it. I’m not a Win32/64 kernel buff, so I couldn’t hazard an educated guess.
Exactly my main concern.
Based on the page you linked, this is one of those things that will not run on Vista X64…. this doesn’t really matter for the IA32 versions of vista at all, so it probably won’t affect you since the driver is doubtless 32-bit only.
Well, duuuh…
Who says the driver is NOT going to be used on a 64-bit system? Who says the dev. won’t try and port it to Vista x64? Oh wait.. he can’t…
How do you propose we use that driver with þe x64 version of Vista?
“So it won’t be possible to use this with vista? (I don’t know it this ext2/3 driver is a kernelmode driver.) ”
According to their website, it’s a pure kernel mode driver, so it won’t work on Windows Vista.
I respectfully have to disagree. While Microsoft’s intentions may be good, I as the user should have the right to load whatever software I want on my computer. That includes drivers. If I want to load crappy, malicious, untrusted drivers on my computer that’s my business not theirs.
If the compromise is the user has to click through this huge legal disclaimer license that releases Microsoft from all liability every time I want to load an unsigned driver that would be fine. Quite frankly, I don’t see how they could be held liable anyway.
I agree with most here, companies will only pay up, sign their drivers, being good or crappy, and that’s it.
I do think there is one very good justification for this kind of enforcement, and that is in the corporate arena. Being able to control what drivers are installed on a corporate computer may be quite useful.
But on the home/SOHO front, we should be able to install what we wish, not being limited at all.
I think it will be like Varmit already said, one way to get $$ into someone’s pockets.
Personally, IMHO it’s another nail in MS Windows coffin. Alternate OS, come closer and keep coming closer.
No, this is Microsoft attempting to protect users from buggy, crappy, and malicious drivers. I think that’s a good thing.
And you really think that’s going to protect people from buggy crap drivers? All it is is an additional cost for IHVs, which many right now just don’t want to pay. How many drivers are signed right now?
Trusted Computing, here we come.
Microsoft already tried this with certified drivers; the trouble is that certified drivers are often old and ridiculously buggy versions
. As I tell people often: Never install a driver from windowsupdate.
This is a good example of “we know more than you, stop thinking for yourself.” There’s warning users, which is great; do it. And then there’s just plain saying they can’t be smart enough to know better.
“No, this is Microsoft attempting to protect users from buggy, crappy, and malicious drivers. I think that’s a good thing. ”
It is? Please name one hardware company that wont be able to fork out the $500 for the Verisign cert.
There is NO mention of any quality controls or checks being made to ensure that the people who requests a PIC also always only writes non-buggy drivers.
All that seems to be needed to get certified is the ability to pay $500.
The conspiracy theorist in me tells me it’s just another way for MS to suck up to big business media and enforce DRM in whatever form.
Edited 2006-01-23 06:40
where exactly are they getting money? They do not own or have a stake in verisign.
Yeah, but why does it have to be Verisign, and not just anyone that supplies certifications. This means Verisign must have done some negociating with MS to be the ones that give out PICs for them, that is if they are the only one’s that can give out PICs. (I actually don’t see Verisign in the article, so are there others that give these PICs out?) These PICs also mean that OSS developers are out of making drivers or possibly firmware upgrades to products since they wont be concidered a commercial entity. So OSS people will possibly need to look to the future and get a way around this so that OSS developers can get PICs for drivers they end up writing.
“Yeah, but why does it have to be Verisign, and not just anyone that supplies certifications. This means Verisign must have done some negociating with MS to be the ones that give out PICs for them, that is if they are the only one’s that can give out PICs.”
Microsoft issues the PIC’s free of charge. The issue is in order to get a PIC, you have to have a Verisign Commercial Software Publisher Certificate. Without the one from Verisign, Microsoft will not issue the PIC for you to use to sign your drivers. Since there are very few OSS drivers for Microsoft Windows, since most hardware developers write drivers for Windows for their products, this is really a non-issue IMHO.
“where exactly are they getting money? They do not own or have a stake in verisign.”
Ever heard of kickbacks?
It’s still capable of being subverted at this point:
“During the early stages of development, developers can disable enforcement in Windows so that driver signing is not necessary. The following options are available for developers to disable digital signature enforcement temporarily so that Windows will load an unsigned driver.”
Again these anti-MS GPL morons strike back. This will prevent installation of rootkits etc, It will also prevent drivers from unknown sources.
Most vendors already have SSL certificates, so i don;t think it will be too much burden on vendors to buy one 1000$ certifiate to sign their drivers.
It won’t prevent root kits from being installed, and the price cited was $500
But considering it prevents non-commercial entities to create installable drivers, this approach is most likely illegal in Denmark.
I surely hope it will attract some attention from antitrust boards all over the world. This is clearly about CONTROL, not QUALITY (no QUALITY CONTROL either
and possibly a hint of the strategy they’ll use against FLOSS (just make it impossible for it to run, and there comes back a MS only world). I fear the day all computers will be as tightly locked as XBoxes 360 are today …
rehdon
Why the fark would antitrust boards care? It has nothing to do with that.
Why is it, that everytime MS does something people don’t like, they cry for antitrust?
OK — I’ll bite:
“This will prevent installation of rootkits” – the current process would have sufficed. *Prompt me* before installing anything (signed *OR* unsigned), then let me choose. Besides, all it will take is *ONE* stolen signing key to start signing rootkits for silent installation.
“It will also prevent drivers from unknown sources.” – unknown to whom? Unknown to Microsoft, or to me? This means I cannot even choose to write my own drivers for my own machine, unless I persistently attach a debugger, or always hit F8 on boot.
“Most vendors already have SSL certificates, so i don;t think it will be too much burden on vendors to buy one 1000$ certifiate to sign their drivers.” – Mostly Correct — most *big* vendors have SSL certs. However, little vendors, even if they have Web Server SSL certs, may not have developer code signing certs *from Verisign*. What about the cert I already bought from Thawte? What if I do not qualify for the “Class 3 Commercial Software Publisher Certificate” ?
IFF (yes — two ‘F’s) microsoft really wants to register developers for code signing for the safety of end users, why not develop their own Signing Authority which is freely available upon request, instead of using the costly Verisign cert?
Signed,
Moron
—————“It will also prevent drivers from unknown sources.” – unknown to whom? Unknown to Microsoft, or to me? This means I cannot even choose to write my own drivers for my own machine, unless I persistently attach a debugger, or always hit F8 on boot.——————
Sounds to me like you need a little linux in your life. We’d be glad to have you and your driver-writing skills being as MS doesn’t want you.
😛
Actually, I am a Linux/(Free)BSD user of ~8 years (with a little bit of linux driver tickling), although forced to admin a large Active Directory as part of my day job … so I understand the flexibility Linux gives me, and experience the pain of Microshaft’s inflexibility … 😉
And why don’t you get a job as a admin/developer for your OS of choice ? why is your OS of choice so poor that it can’t support you financially ? You speak as if you are doing a favor by administrating an Active directory, or as if AD is some kind of untouchable piece of technology. And still you have to depend on it for your livlihood. I would be more repectable towards a company whose technology which is putting bread on my table. Or if it is so disgusting, i would go around and find a new job where i can enjoy myself while earning my livilihood.
Again these anti-MS GPL morons strike back. This will prevent installation of rootkits etc, It will also prevent drivers from unknown sources.
Unless these rootkits are signed. I doubt Sony will frown at getting a 500$/yr licence. On the other hand, the average Joe could feel confident at installing a malicious driver just because it got a seal.
I doubt it will bring any safety to the customers since home-made drivers for Windows are not rampant on the streets. I am pretty sure it’s a question of DRM, and again, the decision was not made with the customer in mind.
This will prevent installation of rootkits etc — the still flamebaiting CrazyDude0
No it won’t. Sony will simply purchase a license that will install as a part of whatever musicplayer they insist on us using and the rootkit will install as a signed officially approved part of the Operating System with access to the kernel.
Heh… thank you Microsoft for yet again confirming my decision to not upgrade past XP and to move on to a different OS at the earliest point possible!
–bornagainpenguin
PS: You call anyone who disagrees with you an anti-MS GPL morons [sic]? Dude you so crazy, thinking that insults will substitute for logic!
Why? It’s not like IA32 is going away soon. I can understand the part on protected content (even if I completely disagree with DRM), but I really don’t see how it’s going to help their cause. Unless they want to promote “better stability” on that platform for promoting sales…
As for protecting from buggy and crappy drivers, it won’t. To what I understand from the page, a signed driver doesn’t mean it passed the WHQL tests. Anyway, it’s not like being WHQL-certified was a achievement on quality. I don’t know if Microsoft made some changes lately, but I remember they were a faulty driver for the Marvell Yukon that was crashing randomly via Windows Update… It’s not merely a rumour, I had the issue.
In any case, the new driver architecture might help preventing BSoD, but a signature won’t necessarily be a label of quality. That said, I guess Verisign is laughing flippantly.
Edit: WHQL, not WHQC!
[i]Edited 2006-01-21 23:29
What about those of us who dream of hacking together our own hardware? What about those of us who aspire to write better drivers for our systems? What about those of us who are/were/want to be students, and want to pursue driver development?
It’s great if they’d like to ensure good drivers, but I think it would be enough to require user intervention in the process of installing unverified drivers. In some cases, we have no choice but to use unofficial drivers – I’ve used numerous drivers developed by independant hackers for hardware that wasn’t supported under XP or Windows 2000. There IS a need for them; hardware developers aren’t always going to support specific pieces of hardware on every OS.
What about those of us who dream of hacking together our own hardware? What about those of us who aspire to write better drivers for our systems? What about those of us who are/were/want to be students, and want to pursue driver development?
Pursue it on another platform? There are plenty that would welcome the help.
In specific, contribute to F/OSS operating system driver bases.
I really think this “no unsigned drivers” thing will end up being the death of Windoze. Who will want to use an operating system where every driver for every bit of hardware must 1. Run in kernel mode, 2. Be commercial and 3. Go through a certification process that takes up time and somebody’s money?
I really think this “no unsigned drivers” thing will end up being the death of Windoze. Who will want to use an operating system where every driver for every bit of hardware must 1. Run in kernel mode, 2. Be commercial and 3. Go through a certification process that takes up time and somebody’s money?
None of that is true. Every driver doesn’t run in kernel mode. Vista, in fact, moves more drivers out of the kernel and into user mode. Signing doesn’t apply to all drivers, just specific classes of kernel drivers, though only administrators will be able to install unsigned drivers for the classes that are allowed to be unsigned. Most drivers that run on Windows already go through WHQL and/or have binaries signed by the publishers, so there is little change in the process.
Edited 2006-01-22 05:55
“What about those of us who dream of hacking together our own hardware? What about those of us who aspire to write better drivers for our systems? What about those of us who are/were/want to be students, and want to pursue driver development?”
Why on earth would you want to do such a thing using Windows? I never hear of any cool hardware hacks using Windows as the OS. Try NetBSD if you want to run an OS on your toaster, Windows is not for hackers and Microsoft likes to emphasize that.
“It’s great if they’d like to ensure good drivers, but I think it would be enough to require user intervention in the process of installing unverified drivers.”
Just like you want the (l)user to handles viruses, trojans, spyware? 🙂 Seriously though, people point and click and ignore information dialogs. A setting somewhere that enables an “advanced user” mode would be nice though.
“In some cases, we have no choice but to use unofficial drivers – I’ve used numerous drivers developed by independant hackers for hardware that wasn’t supported under XP or Windows 2000. There IS a need for them; hardware developers aren’t always going to support specific pieces of hardware on every OS.”
More the reason to drop Windows for an alternative. I enjoy watching MS shooting itslef in the feet (it has to be in plural, by this time they’ve done it so many times that a single foot would’ve been blown off by now).
Lets be realistic – sometimes we have reasons to use Windows. I use Linux, NetBSD, and FreeBSD, personally, but Windows also has it’s place in my world – I’m a professional website developer and graphic designer. Photoshop “runs” under Wine, but not well enough to be functional (don’t suggest the Gimp – it honestly still doesn’t compare to Photoshop for my work). I’ve had to use older scanners and more, that didn’t have drivers for Windows XP or 2000 originally.
I’m not going to boot into Linux just to scan something, or retrieve a file, when I can use 3rd party drivers. Not to mention the fact that there is no guarantee that drivers will be available under Linux – and I don’t have the time to hack together drivers myself.
You can’t just ask me to buy new hardware, either – for instance, right now, money is VERY tight. I just graduated from college, and am saving up to move out. I’m in a very complex financial situation at the moment, and can’t warrant blowing money on new hardware, when it’ll hurt me in the long term to do so.
<quote>What about those of us who dream of hacking together our own hardware? What about those of us who aspire to write better drivers for our systems? What about those of us who are/were/want to be students, and want to pursue driver development? </quote>
Windows is not a development environment for hackers, nor has it ever been geared for that use. If you want hack drivers try a real development systems, such as freeBSD or Linux.
Well it’s great PR from a company that always seems to put PR first. As MS won’t be writing the code that gets verified, I don’t see how they can vouch for its stability or even, perhaps, for its security. All that can be said is that the code got signed. One sentence in the press release caught my eye:
Drivers must be signed for devices that stream protected content. This includes audio drivers that use Protected User Mode Audio (PUMA) and Protected Audio Path (PAP), and video device drivers that handle protected video path-output protection management (PVP-OPM) commands.
So security for DRM would seem to feature somewhat prominently. Security against malware? Oh, just trust us: after all, we have digital signatures now …
The way I see it MS is digging its own grave slowly. With all the DRM going into the OS, now preventing individuals and small companies to support it, the tendency to look at Open Source solutions will grow.
It won’t be much of a problem for the big companies, but the smaller ones have one more reason to ditch MS software and ultimately they will influence the big ones.
MS better be careful… One of the advantages Windows has over other OS’s is the availability of drivers for just about anything.
This will have a similar effect to the availability of drivers on OS X, pretty much only the latest drivers will be available, limiting the use of a lot of the older peripherals.
Please note : I’m not saying older hardware won’t be supported, or that OS X “only” caters for the latest stuff, but I do know that connecting older scanners and printers to a Mac isn’t always plug and play, nor can you find the drivers… I’m guessing we will start seeing this with Vista (x64)… Who is going to shell out lots of money to write/update the drivers for, then get the certificate to support older hardware?
MS should provide their own certificates I think for devs, and they should be free (or low cost for the lifetime of the driver), but you would need to register etc…
I don’t think MS is worry; they have millions of users locked in to their products.because of ease of use and dumb-a-dozen of so called techs that know how to fix ms products. like network televison has their couch potatos. the moral of the story is ms can do what they fell like and millions will still follow.
MS better be careful… One of the advantages Windows has over other OS’s is the availability of drivers for just about anything.
OK people, please stop and read the headline here.
Windows Vista X64 to require signed drivers
ie, ONLY the amd64 version will have this restriction, the standard 32 bit version that most people will be using will continue to work as it did before. They can do this because Windows 64 cannot load 32 bit drivers, they have to be compiled specifically for the OS.
There is exactly one reason they’re doing this, and it’s because it’s necessary for security. You simply cannot have a sane or secure operating system which allows anybody to load code into kernel mode: there is no point having the idea of low priviledge users, root users, restricting programs, or any security at all really if usermode code can control the kernel.
Viruses and worms are already using rootkits to stop virus scanners finding them, and soon the AV tools will also be loading rootkits to search out the first ones. In other words it’s a total arms race and the result will be computers that make todays worst spyware infections look like a stroll through a grassy meadow.
If I was to design a new OS today, I’d absolutely make this a requirement from the start. No code – nothing – gets into kernel mode unless it’s been verified as legit. Now Microsoft can’t do this all themselves, and code auditing is generally a waste of time anyway, but what using the VeriSign infrastructure allows for is linking some piece of code running in kernel mode back to a real world corporate identity. So no, it won’t stop a rerun of the Sony incident, but it will cut down on the flow of countless anonymous rootkit developers loading whatever crap they like into the kernel with no way to identify (read: sue) them.
Drivers on Vista 64 are also blocked from overwriting the syscall table or kernel code, and operate under a host of other restrictions that make writing rootkits difficult.
Unfortunately MS can’t enforce this restriction for Vista 32 as there are too many legitimate applications like iTunes or popular games which rely on loading kernel-mode code to operate and which would break if this was done. But x64 is a clean break ….
Edited 2006-01-22 00:31
” You simply cannot have a sane or secure operating system which allows anybody to load code into kernel mode”
Someone already had a very good answer to that argument, you can see it further up, but for you’re convenience I’ll restate it. If MS wants to push this they should ideally also provide a cheap or free alternative to getting the $500 USD verisign certificate.
“There is exactly one reason they’re doing this, and it’s because it’s necessary for security.”
Pff! That was exactly was they said about ActiveX signing and people’s machines get stuffed with spyware every day. And they don’t even need to exploit some hole in the system, because you can just get a certificate, and then sign all kinds of crap with it.
Better luck next time…
It’s not necessary for security for knowledgeable users. Nothing in usermode can affect kernel-mode without the user’s permission. If the user wants to install something, then he/she can do so securely by logging on as an admin and running the install task. Drivers can’t just install themselves, especially if they’re unsigned. Currently these unsigned drivers can be installed after a user prompt.
This is not a security measure. If anything it’s a quality measure and a DRM-enforcement technique. It’s probably not going to last, I predict, because all it will do is slow the adoption of X64. After a while Microsoft will probably decide to open it up again.
ITS JUST ONE MORE STEP TOWARDS TRUSTED COMPUTING!
So, this is the new Vista revolutionary architecture… developers need to pay 😉
Many argue that one of the reasons Windows took off so quickly in the beginning was because Microsoft gave their developer tools away for free unlike their competitors. Now MS is popular enough they can stick a price tag on everything and get away with it. Ironic isn’t it, even though Microsoft isn’t the one making the money from this they have still come up with a system that will take money out of developers’ pockets, and yet they’ll keep their popularity.
In 1985 Bill Gates was also a fierce opponent of software patents. Guess what? That has changed, too
EDIT: Congruent error.(To remember: He, she, it has (also true for that and this))
Edited 2006-01-22 02:24
It seems sadly true that people often choose money over personal moral convictions. I wonder if Gates still has a little voice in his head telling him the difference between right and wrong, of if it’s been completely drowned out by the one which tells him the difference between financial gain and loss.
“Drivers must be signed for devices that stream protected content. This includes audio drivers that use Protected User Mode Audio (PUMA) and Protected Audio Path (PAP), and video device drivers that handle protected video path-output protection management (PVP-OPM) commands. ”
It looks to me that MS will be supporting all of the companies that will be producing copy protected music CDs, and video DVDs, as well as other streaming media. This will set us all up to pay more for our entertainment purchases. And we will not be able to make backup copies, rip music to mp3 to play in portable players, and other fair use activities.
The system will be more locked down, even from the system’s owner! No thanks, MS!
[quote]
It looks to me that MS will be supporting all of the companies that will be producing copy protected music CDs, and video DVDs, as well as other streaming media. This will set us all up to pay more for our entertainment purchases. And we will not be able to make backup copies, rip music to mp3 to play in portable players, and other fair use activities.
[/quote]
You can do that now on Windows and you will be able to continue to do this on Windows. This announcement has nothing to do with that at all.
This has to do with companies just installing anything that affects the kernel of windows and makes it unstable. See using Vista, most of everything has been pulled out of kernel mode as much as possible such as Audio and Video. Now only the things that need to be in the kernel are there to cause less crashes.
You are not losing any “rights” or you are not losing the ability to do what you want. Kernel mode should not be used for 99 percent of software, it’s basically the heart of the OS and if you put kitchen knives in there it can get dangerous and this is a protection for that.
It’s not about freedom its about stability and security, it might not be a 100 percent solution, but it’s a start. It’s not about killing off what you want to do, it’s about making it better for you.
Okay,that’s all you can head back underground in Montana now.
“You are not losing any “rights” or you are not losing the ability to do what you want. Kernel mode should not be used for 99 percent of software, it’s basically the heart of the OS and if you put kitchen knives in there it can get dangerous and this is a protection for that.”
I understand the stability and ‘security’issues.
But you will be losing some of your ability to use the computer in the way you see fit if the drivers that control the protected media streams can only be run if the drivers are “signed”. That means that the companies who want to control the content on your PC will be the ones who control the drivers, too.
If your computer has “protected audio”, sound will not get out of the output port of your sound card to the speakers, audio system, or input to another device unless you use that “signed” driver.
DVDs will not be viewable unless your PCs “protected video” system has drivers to allow it.
I don’t know about you, but I don’t want Sony writing the drivers to allow my PC to play CDs.
Maybe I’m being a bit paranoid, but I am slowly losing my trust in even the so-called reputable companies.
But you will be losing some of your ability to use the computer in the way you see fit if the drivers that control the protected media streams can only be run if the drivers are “signed”. That means that the companies who want to control the content on your PC will be the ones who control the drivers, too.
This is no different than the case with Secure Audio Path on Windows today. Unsigned drivers will still be able to play unprotected content and even protected content that doesn’t demand output content protection. The content that does demand output content protection would not be playable without the presence of output protection anyway, as is the case today, so there’s no loss in functionality or control. MS had to implement the protections first before they could even hope to play premium content. Expect other OS vendors to do similar if they want legal playback on their platform.
It looks to me that MS will be supporting all of the companies that will be producing copy protected music CDs, and video DVDs, as well as other streaming media. This will set us all up to pay more for our entertainment purchases. And we will not be able to make backup copies, rip music to mp3 to play in portable players, and other fair use activities. —Cyberbear
I don’t personally think there’s anything wromg with this, but then again I can take a hint; Microsoft doesn’t want us as a customer, it would rather court the media cartels. That’s fine, but I’d like to see what happens when the users Microsoft promised the cartels begin slowly migrating over to a different OS. Remember, its really US the geeks and ‘power users’ that steer the use of computers and technology in the home. Without our willingness to provide free tech support this house of cards would have collapsed a long time ago. So when me and thee move to the next thing, we’ll be sure to bring with us our string of ‘where’s the internet?’ (MSIE link) users.
–bornagainpenguin
I believe that Microsoft should certify the drivers as thsi leads to stability, but charging the vender raises a red flag.
daman
Doesn’t Windows XP Supports them?
I’ve seen a service using “services.msc” named “Windows User Mode Driver Framework”
Drivers developers, use it http://www.microsoft.com/whdc/driver/wdf/UMDF.mspx
Edited 2006-01-22 02:51
In case you haven’t realised yet, it’s all about Microsoft being able to CONTROL what drivers windows will load. This is TRULY proprietary MS tactics at it’s best.
What is somebody wants to make a Kernel-Level drivers to interoperate with say, another operating system? You can’t. Unless you’re a company, but then again, if MS feels like your drivers is a security threat (to the monopoly), you’re certificate can easily be revoked…
I didn’t know Microsoft could revoke a certificate issued by Verisign.
“I didn’t know Microsoft could revoke a certificate issued by Verisign.”
They can’t, but they can revoke the Publisher Identity Certificate required for you to install the driver, which MS provides at no charge. There are 2 items here, as MS will only issue the PIC if the entity buys the other certificate from Verisign. You will need both.
This has everything to do with security. It’s about making it easier for administrators to only run code that is trusted, either because they verified it themselves and signed it or because it comes from a trusted publisher.
For media rendering devices that support output content protection, it’s about being able to trust the components that makeup the render paths and being able to restrict compromised or non-compliant drivers from rendering protected content either entirely or at full quality.
Microsoft currently has a driver certification program in place that evaluates drivers before they get signed. The vast number of problems with shitty drivers under XP are caused by unsigned drivers that don’t go through any kind of certification.
Microsoft is taking a step here with x64 of not only requiring certification but making sure that kernel mode drivers get signed. This is definitely a GOOD THING. It means that there will be a significantly reduced chance that crappy drivers will take down the OS.
Remember, folks. A lot of you complain about MS when their stability sucks. Then, when MS tries to do something about it, you also complain. That’s simply not fairor reasonable. I applaud them here. They’re finally doing something good.
As for somebody talking about MS getting sued, that’s nonsense. It isn’t a problem for MS to require a digital signature, as long as it applies that standard equally to ALL developers. It’s bogus to say that people doing kernel mode development for x64 aren’t going to be in a position to get a digital signature. Because they have to go through MS’s driver certification process, anyway. So they’ve already got plenty of skin in the game.
“Microsoft is taking a step here with x64 of not only requiring certification but making sure that kernel mode drivers get signed.”
You are just making that up… Only signing will be required, there is nothing mentioning certification anywhere.
One can only assume certification will keep being optional, and that makes sense, since certification introduces a significant delay in the release process (ever noticed how, for instance, how nvidia seems to alternate between releasing certified and non-certified drivers for their chips?) as well as a burden on Microsoft. Certification means testing, and they can’t test every driver that the vendors throw at them and do it quickly at the same time.
Do some research on WHQL. I don’t have time to educate you.
note:Please forgive the long post, but it is all on topic
I think there is a little more to this article than meets the eye.
Someone earlier said that this won’t affect 32-bit Vista, so it really won’t concern most people and people should in effect shut up.
I don’t think that the above is entirely correct. I think Microsoft is anticipating a surge in the 64-bit computing industry. I mean think about it, if MS one day comes up on a TV commercial and says: “BUY A 64-BIT CPU”, in a more clever and marketing-wise approach (it’s faster! It runs Vista better! It makes you cool!…..), they can effectively move the entire industry from 32-bit to 64-bit (kicking and screaming if it has to).
Furthermore, I don’t think that MS’s intervention is necessary in the first place! Most of AMD’s chips are already 64-bit, and Intel is heading that way. It’s true that the 16-bit to 32-bit “revolution” took years (maybe decades?), but I think that the move from 32 to 64 will be a lot faster one. (yes in theory 64-bit has existed for a LONG time, but I’m talking about from the time of being commercially (and affordable) available to most computers users have 64b). Heck, I have a 64-bit CPU, have had one for a year, and don’t see why my next CPU purchase should be 32-bit (even though there is very little dif between the two)
My point is, in a couple years, the x64 Vista market may surpass the 32b Vista market, and MS will be happy for making a couple thousands extra bucks + control.
Personally, I agree with the above points that:
1) Won’t limit the usage of “bad” drivers (if you got the cash and can get certified, then you have kernel access [even if limited])
2) This breaks the ability (possibility) to write your own driver and implemented it to fix whatever isn’t working/problem (or someone else writes it and distributes it)
3) Control + money (very little of it at that, let’s say 10,000 companies register at 500$, that’s 5 million, how much of it would MS “theoretically” get if there is some business between Verisign and MS? let’s say 2.5m, that’s nothing to MS, Maybe pay for a small R+D project, and that’s if 10,000 companies follow through. I doubt MS is in it for the money, unless verisign is paying MS a considerable amount, in a similar to advertising ploy)
4) One more form of control on users (you can run this program, this program, this…wait a min! I didn’t certify that! NO.)
Whatever, I’m not getting Vista, I honestly like some of the eye-candy (I’m a sucker for eye-candy
), but with all these rules and regulations, TC, DRM… Just gives me a headache….lol
I’m not trying to flame MS, but I don’t think that their motives are pure, and they will break a nice amount of stuff if they do this. Good Idea (help with writing better drivers), bad way of implementing it (shut down all driver-writers that aren’t commercially certified).
(Besides, Windows is not the only OS maker that has 64-bit OSs, look at the Unix/Linux camp!
)
EDIT: small typos, additon of 4),
–ZaNkY
Edited 2006-01-22 04:01
I can’t wait to see this cracked.
Try as they might they cannot take the power of the computer away from the hands of the user.
Although on one hand it *might* make it harder for companies to ship crap drivers.
Make no mistake this is about controlling the hardware that runs with windows. Yes I’m a windows user but I’m not blind.
Mmmm… If this is not in clear breach of any antimonopoly ruling ever decided against MS, I do not know what it is!
I guess this is the right time to pull something like this since x64 is not in the mainstream yet, it will not affect too many people RIGHT now.
Speaking of crappy Creative drivers, this move will not help. Quite the opposite, it sounds like it will make things difficult for the alternate KX drivers for Soundblaster ( http://kxproject.lugosoft.com/index.php?skip=1 ), drivers that are superior in many respects to Creative’s drivers.
I doubt they will be considered a commercial entity (with the drivers available for free and all) and in this instance anyway, forcing drivers to be signed won’t necessarily help with stability.
99 percent of the software should not use Kernel mode anyway. What is the big deal?
Audio and now Video drivers are now out of Kernel mode and you shouldn’t be playing in Kernel model anyway (in any REAL OS anyway).
No software should run in Kernel mode (I am glad Microsoft is going away from the mess from OS’s like Linux that have to run a lot of things in Kernel mode.
I am glad Microsoft is going away from the mess from OS’s like Linux
Well, you talk as if there was nothing like the “mess” you mention in pre-vista windows.
I do believe video drivers have run outside of kernel mode on *nix for a long time (or, since their inception).
Except of course most of the commercial drivers.
But it is a good point that not everything is totally shut out. They have made writing user mode drivers a possibility for a lot of devices. I wonder if the ext2 driver will be able to run as user mode?
There is already a lot of old hardware that is unsupported on XP x64, and since 64-bit drivers are required, there are no old drivers that can be used, signed or unsigned. Everything with XP x64-drivers will most likely have Vista x64-drivers so this will change nothing.
Now if MS would just fix the major bugs in XP x64… but seems they wont (I suppose that’s why they sell it as OEM only).
I really did not think through about this topic earlier but now that i think more of it, i really don’t agree to the logic behind this move.
I think the earlier scheme of warning the user (as in XP) was nice but this new scheme will really kill independent and open source kernel mode development for windows. This will also invite anti-trust guys to MS ass.
Damn if i upgrade to vista 64 it will not even allow me to use drivers like winPCAP and that would suck. I hope MS realize this and change their decision. I don’t really understand, however, who are these dickheads in Microsoft, who decide such crappy decisions. Microsoft, If you don’t like code in kernel, then you move your driver model to userland. Period.
You can still use drivers written to run in usermode, which most, like winpcap, should anyway.
WinPCAP can’t work in user mode. It is an NDIS protocol driver and it works in kernel mode.
Are you sure it won’t be able to under Vista?
It’ll work just fine in your 32-bit boxes
Say goodbye to any notion of Windows Vista loading handling Ext2fs, Ext3fs, UFS, HFS and so forth. It’ll be NTFS/FAT32 or die making it impossible to practically share a partition between differnet OSes (well, Windows on the one side, all otherrt OSes on the other). FAT32 might do it for your MP3 collection, but it doesn’t work for someone editing videos.
You can write (not particularly well-performing) file-system drivers in usermode that function by opening the drive in RAW mode and reading the data off of it. There’s an explorer interface that allows you to hook your user-mode file system to the folder browsers. I’m not sure if/how it works for purposes other than browsing and copying files (I doubt you’ll be able to execute anything from the drive or memory-map the files).
Imagine what will happen if you want to write a kernel-mode device driver for your academic research or if you are a hobbist. You WILL CANNOT do this.
Microsoft is like Bush government: you have to exchenge your freedom by false “security”.
Driver is buggy ? You should choose if want to install or not. Companies that make buggy drivers will pay MS tax to sign your drivers and the problem will remain. Don’t want buggy drivers ? Buy decent hardware ! Don’t you like to freedom for choose ? Buy Apple hardware.
I think 1984 is now, 2006.
What MS tax? Microsoft is not making money from this.
Microsoft recognizes Windows users are too stupid to leave such an important decision to. Their basic trusting sheep-like nature would lead them to follow the wrong driver. This was the only solution.
I understand having drivers digitially signed is a good idea. Though I’m wondering how this will affect users of legacy hardware where the manufacturer is unwilling to provide a signed driver with the Verisign certificate for use with Windows Vista? This would in essence make legacy hardware obsolete forcing users to upgrade their systems which can be costly for the enterprise sector.
As for the $500.00 USD annual fee for a Class 3 Commercial Software Publisher Certificate from Verisign this shouldn’t be much of an issue unless it’s referring to each software application and drivers instead of on a per company basis. This change in policy may also mean that open source software will not be able to run on Windows Vista due to not providing a Verisign certificate. After all not every open source project developer makes money from the project unless they charge for providing technical support.
Again, this is for x64 and hence the drivers would have to be rebuilt/recompiled anyway.
… if you want a secure OS, with proper DRM, when you playback video, you must prevent people from installing a driver that captures the video output.
Of course you want to enforce video card manufacturers to enable the Macrovision signal at the TV-OUT, to prevent people from using a VCR. You can only enforce this, if you can control what kind of drivers do install.
This is the whole reason for this measure, and nothing else. DRM.
Since this is clearly an attempt of a corporation to use its monopoly powers over consumers, please sent complaints to the Consumer Liaison Office of the Directorate General Competition of the EU:
http://europa.eu.int/comm/competition/publications/competition_poli…
OK, I found an online link to the documentation that detailed why Verisign the recommended vendor in this case. It has to do with Windows Error Reporting. If an ISV/IHV wants to, they can gain access to MS’ WER data for error/crash info that is relaated to the respective ISV/IHV’s application, driver, hardware, etc. Currently, this process requires a Verisign cert. If you don’t want WER data, you can use a cert from another vendor such as Thawte. Below is the specific paragraph from the online documentation and a link:
“To obtain a trusted certificate, you will need to apply to a Certification Authority (CA) such as VeriSign or Thawte. For a complete list of trusted third-party certificate authorities, see Microsoft Root Certificate Program Members. Microsoft doesn’t recommend any CA over another, but if you want to integrate into the Windows Error Reporting (WER) service, you should consider using VeriSign to issue the certificate because accessing the WER database requires a WinQual account which requires a VeriSign ID.”
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/di…