Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
X64 Windows Vista to require signed drivers
With little fanfare, Microsoft just announced that the X64 version of
Windows Vista will REQUIRE all kernel-mode code to be digitally signed. The
details are here:
http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx. This is
very different than the current WHQL program, where the user ultimately
decides how they want to handle unsigned drivers.
Vista driver developers must obtain a Publisher Identity Certificate (PIC)
from Microsoft. Microsoft says they won't charge for it, but they require
that you have a Class 3 Commercial Software Publisher Certificate from
Verisign. This costs $500 per year, and as the name implies, is only
available to commercial entities.
This change in Vista will effectively kill any open source kernel modules,
since individual developers are unlikely to obtain the required Verisign
certificate. I'll give Microsoft the benefit of the doubt and assume this
isn't their intention, but clearly, it will be the effect. I know NTDEV
isn't particularly supportive of open source, but you don't need to buy into
Stallmanism to see the problem here.
If Microsoft controls who can write software for Windows, Windows is no
longer an open platform. If Microsoft gets away with this for drivers, what
will stop them from imposing signing on applications some day? I don't see
that happening soon, but you never know what .NET 5.0 will bring. Say that
it's being done in the name of security, and a lot of users will simply nod
their heads and go along with it.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Windows Vista will REQUIRE all kernel-mode code to be digitally signed. The
details are here:
http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx. This is
very different than the current WHQL program, where the user ultimately
decides how they want to handle unsigned drivers.
Vista driver developers must obtain a Publisher Identity Certificate (PIC)
from Microsoft. Microsoft says they won't charge for it, but they require
that you have a Class 3 Commercial Software Publisher Certificate from
Verisign. This costs $500 per year, and as the name implies, is only
available to commercial entities.
This change in Vista will effectively kill any open source kernel modules,
since individual developers are unlikely to obtain the required Verisign
certificate. I'll give Microsoft the benefit of the doubt and assume this
isn't their intention, but clearly, it will be the effect. I know NTDEV
isn't particularly supportive of open source, but you don't need to buy into
Stallmanism to see the problem here.
If Microsoft controls who can write software for Windows, Windows is no
longer an open platform. If Microsoft gets away with this for drivers, what
will stop them from imposing signing on applications some day? I don't see
that happening soon, but you never know what .NET 5.0 will bring. Say that
it's being done in the name of security, and a lot of users will simply nod
their heads and go along with it.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 16-20 October 2023 | Live, Online |
| Developing Minifilters | 13-17 November 2023 | Live, Online |
| Internals & Software Drivers | 4-8 Dec 2023 | Live, Online |
| Writing WDF Drivers | 10-14 July 2023 | Live, Online |
Comments
I personally think the policy of requiring X64 drivers be signed to be loaded is wrong-headed. At a time when Microsoft should be concerned promoting the X64 platform, a program like this seems to make it MORE difficult to adopt the platform (cuz, if the software I need isn't signed, it's not likely that I'm going to be moving to X64).
While I personally don't like the new policy for X64, I think that your post makes some odd -- and incorrect -- points. Specifically:
<QUOTE>
This change in Vista will effectively kill any open source kernel modules, since individual developers are unlikely to obtain the required Verisign certificate.
</QUOTE>
This just doesn't make any sense. I don't see anything in the Microsoft program that does anything to harm the open source movement. Folks can continue to share source code -- However, the supplier of the module to an end-user customer will have to get the executable signed.
If your point is that some high school kid that writes a driver in his room instead of doing his homework won't be able to supply drivers to the industry, well... I think that's probably the only GOOD thing about this Microsoft program.
<QUOTE>
If Microsoft controls who can write software for Windows, Windows is no longer an open platform.
</QUOTE>
Like, Windows is an open platform now?? Huh??
Peter
OSR
Peter Viscarola
OSR
@OSRDrivers
out of the business. I do most of my work through various contracting
firms. I don't have a corporate enttity so even though I write drivers, and
in some cases am the Windows Kernel Software Team for some tiny companies
who pay me for the drivers and support, I have never been on WinQual.
My problem is that with the tax structure of Massachusetts, I would have
lost money rather than made it the last two (very lean years) since between
business costs and my taxes as a corporate entity I would have gone negative
on my income. I suggest to my customers to go the Verisign route, but most
of them balk saying we don't want to give you our key, get your own. I have
talked to folks I contract through, and they say sure you can use our key,
as long as we own all the drivers you write.
For four years I have been complaining about this to Microsoft. I point out
I have secure access to the Windows source and this does not require
Verisign, so why should driver signing and getting driver bug reports
require it. At every conference since 2002 they have promised to look into
this, and when I query this a few months later they go say, just get
incorporated. When I point out the hidden costs, they go "we did not know
that" and promise again, and so the cycle continues.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
as a developer:
· Attaching a kernel debugger. Attaching an active kernel debugger
to the target computer disables the enforcement module in Windows Vista and
allows the driver to load.
· Using the F8 option. An F8 boot option introduced with Windows
Vista-"Disable Driver Signature Enforcement"-is available to disable the
kernel-signing enforcement only for the current boot session. This setting
does not persist across boot sessions.
Well using the debugger can impact (admittly slightly) the way a driver
runs, so I never consider it a valid final test to have the debugger on the
syste,.
Of course having to remember that I must choose an F8 boot option, and be by
machine everytime it reboots to manually do this is going to be lots of fun.
I wonder how this will work for testing an unsigned driver needed to boot
windows? I also wonder how it will work with the WDK image provisioning and
testing an unsigned driver, gee does that mean in the middle of the
automated process, I need a program to wake me up at 2AM to choose the F8
option?
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
While I'm not a tax lawyer, I do tend to follow taxation law rather
closely and thus was surprised by your assertion. Further, the MA
Department of Revenue web site seems to disagree
(http://www.massdor.com/rul_reg/tir/tir_97_8.htm). Admittedly there is
a cost associated with creating an LLC (MA is expensive - $500) but
there are no tax ramifications to such an entity (assuming it does not
choose to be treated as a corporation.)
*I* am horrified by Microsoft's decision to exclusively choose Verisign
(in the past, we've used Thawte for code signing certs, but apparently
some large number are more equal than other large numbers, for whatever
reason.)
However, this has become very off-topic for the forum, and this becomes
another cost of doing business in the Windows space - much like
subscribing to MSDN each year. And even if you ignore it for the Vista
timeframe, this probably won't be an option for Longhorn server given
Microsoft's announcements about dropping 32-bit support for most of the
reasons people BUY servers (e.g., Exchange will be 64-bit only.)
Bottom line: be prepared for signing your drivers. Don't count on
Microsoft changing the policy, their exclusive arrangement with Verisign
or any other aspect of this policy decision. If Microsoft requires
Verisign, and Verisign suddenly decides that in order to get a cert from
them you have to incorporate in Belize, you basically have *no choice*
in the matter. If this policy doesn't work for you, I fear you'll have
no choice but to leave the space. While I think this stinks of
anti-trust problems, Microsoft's lawyers have already determined that
this is ok.
Drivers cause tremendous problems for them, so perhaps Microsoft's goal
is to "squeeze out" more people from writing a driver. (I've heard the
security arguments and am not persuaded - look at how trivially easy
people have found it to work around the patch guard code.) Of course,
if they REALLY wanted to improve driver quality, they'd require some
sort of certification for driver writers (you can be certified to
administer Windows systems, but not to write drivers for them) before
you are allowed to get your very own cert. Then you'd sign your
drivers when you decided they were wrong.
I think of it along the lines of how engineers certify drawings - they
might work for a firm but it is the *engineer* who applies his stamp to
the drawings. If we did the same thing for drivers, people would take
this a lot more seriously - they'd be staking their own professional
reputations on the drivers that they write.
Not going to happen anytime soon, though.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Don Burn
Sent: Saturday, January 21, 2006 12:51 PM
To: ntdev redirect
Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
I also don't agree with the current policy, it is going to possibly
drive me
out of the business. I do most of my work through various contracting
firms. I don't have a corporate enttity so even though I write drivers,
and
in some cases am the Windows Kernel Software Team for some tiny
companies
who pay me for the drivers and support, I have never been on WinQual.
My problem is that with the tax structure of Massachusetts, I would have
lost money rather than made it the last two (very lean years) since
between
business costs and my taxes as a corporate entity I would have gone
negative
on my income. I suggest to my customers to go the Verisign route, but
most
of them balk saying we don't want to give you our key, get your own. I
have
talked to folks I contract through, and they say sure you can use our
key,
as long as we own all the drivers you write.
For four years I have been complaining about this to Microsoft. I point
out
I have secure access to the Windows source and this does not require
Verisign, so why should driver signing and getting driver bug reports
require it. At every conference since 2002 they have promised to look
into
this, and when I query this a few months later they go say, just get
incorporated. When I point out the hidden costs, they go "we did not
know
that" and promise again, and so the cycle continues.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: [email protected]
To unsubscribe send a blank email to [email protected]
>>modules, since individual developers are unlikely to obtain the
>>required Verisign certificate.
>This just doesn't make any sense. I don't see anything in the
>Microsoft program that does anything to harm the open source
>movement. Folks can continue to share source code -- However,
>the supplier of the module to an end-user customer will have to
>get the executable signed.
Few open source developers will qualify for the Verisign cert, and fewer
still will fork over $500 a year to get it. That comes pretty close to
killing open source kernel code right there. Further, a key benefit of open
source is that everybody is free to modify the code and run their modified
version.
>If your point is that some high school kid that writes a driver in
>his room instead of doing his homework won't be able to supply
>drivers to the industry, well... I think that's probably the only GOOD
>thing about this Microsoft program.
Hey! I resemble that remark! :-) 25 years ago I was a kid writing
software in my bedroom (on a machine with an 8-bit CPU and 48K of RAM).
In all seriousness, I have two objections to your statement...
First, it's not Microsoft's place to decide that kids in their bedroom
shouldn't be able to "supply drivers to the industry". That's a choice for
the free market to make. I'm not saying that high school hackers are a good
source of quality drivers -- I'm saying it's not up to Microsoft to make
that decision.
Second, everybody should have the right to run software of their choosing on
their own machine. It isn't Microsoft's computer -- it's mine. I paid for
it. The OS shouldn't dictate what software I'm allowed to run. I think the
current WHQL program is reasonable -- it forces people to think about
loading unsigned drivers, but leaves the ultimate decision with the owner of
the computer.
>>If Microsoft controls who can write software for Windows,
>>Windows is no longer an open platform.
>
>Like, Windows is an open platform now?? Huh??
Yes, Windows is currently an open platform. Microsoft made this claim a lot
during their antitrust trial (e.g.
http://www.microsoft.com/billgates/columns/oped/11-10wsjoped.asp).
"Open platform" means anybody can write programs that run on Windows.
Contrast that with video game consoles, cable TV boxes, or cell phones,
where the platform vendor decides who is allowed to write software, and what
software they're allowed to write.
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
My town taxes LLC's as business property this means the building (my
house) and the capital equipment. At the moment we have a single tax rate,
but that is likely to change. I am friends with the tax assessor, she
estimates I would only take a 8K tax hit. Then throw in the LLC cost, and
the accountant cost and this is getting pricy.
Now the real problem is, I a number of people I know enjoy the ability
to work for myself, while not having to deal with the joys of the accounting
and other PITA things. Of course to do this I put up with giving somenthing
off the top to various firms and agencies I run my contracts through. But
since I bring them customers (not normal but I've done it several times) I
can negotiate a very good rate, since they know I and the customer can pick
up and go elsewhere.
I only know a couple other driver writers who do this, but lots of
other developers who choose this model. Basically, Microsoft's decision
threathens the way I do business.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
"Tony Mason" wrote in message news:xxxxx@ntdev...
Don,
While I'm not a tax lawyer, I do tend to follow taxation law rather
closely and thus was surprised by your assertion. Further, the MA
Department of Revenue web site seems to disagree
(http://www.massdor.com/rul_reg/tir/tir_97_8.htm). Admittedly there is
a cost associated with creating an LLC (MA is expensive - $500) but
there are no tax ramifications to such an entity (assuming it does not
choose to be treated as a corporation.)
*I* am horrified by Microsoft's decision to exclusively choose Verisign
(in the past, we've used Thawte for code signing certs, but apparently
some large number are more equal than other large numbers, for whatever
reason.)
However, this has become very off-topic for the forum, and this becomes
another cost of doing business in the Windows space - much like
subscribing to MSDN each year. And even if you ignore it for the Vista
timeframe, this probably won't be an option for Longhorn server given
Microsoft's announcements about dropping 32-bit support for most of the
reasons people BUY servers (e.g., Exchange will be 64-bit only.)
Bottom line: be prepared for signing your drivers. Don't count on
Microsoft changing the policy, their exclusive arrangement with Verisign
or any other aspect of this policy decision. If Microsoft requires
Verisign, and Verisign suddenly decides that in order to get a cert from
them you have to incorporate in Belize, you basically have *no choice*
in the matter. If this policy doesn't work for you, I fear you'll have
no choice but to leave the space. While I think this stinks of
anti-trust problems, Microsoft's lawyers have already determined that
this is ok.
Drivers cause tremendous problems for them, so perhaps Microsoft's goal
is to "squeeze out" more people from writing a driver. (I've heard the
security arguments and am not persuaded - look at how trivially easy
people have found it to work around the patch guard code.) Of course,
if they REALLY wanted to improve driver quality, they'd require some
sort of certification for driver writers (you can be certified to
administer Windows systems, but not to write drivers for them) before
you are allowed to get your very own cert. Then you'd sign your
drivers when you decided they were wrong.
I think of it along the lines of how engineers certify drawings - they
might work for a firm but it is the *engineer* who applies his stamp to
the drawings. If we did the same thing for drivers, people would take
this a lot more seriously - they'd be staking their own professional
reputations on the drivers that they write.
Not going to happen anytime soon, though.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Don Burn
Sent: Saturday, January 21, 2006 12:51 PM
To: ntdev redirect
Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
I also don't agree with the current policy, it is going to possibly
drive me
out of the business. I do most of my work through various contracting
firms. I don't have a corporate enttity so even though I write drivers,
and
in some cases am the Windows Kernel Software Team for some tiny
companies
who pay me for the drivers and support, I have never been on WinQual.
My problem is that with the tax structure of Massachusetts, I would have
lost money rather than made it the last two (very lean years) since
between
business costs and my taxes as a corporate entity I would have gone
negative
on my income. I suggest to my customers to go the Verisign route, but
most
of them balk saying we don't want to give you our key, get your own. I
have
talked to folks I contract through, and they say sure you can use our
key,
as long as we own all the drivers you write.
For four years I have been complaining about this to Microsoft. I point
out
I have secure access to the Windows source and this does not require
Verisign, so why should driver signing and getting driver bug reports
require it. At every conference since 2002 they have promised to look
into
this, and when I query this a few months later they go say, just get
incorporated. When I point out the hidden costs, they go "we did not
know
that" and promise again, and so the cycle continues.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: [email protected]
To unsubscribe send a blank email to [email protected]
>lawyers have already determined that this is ok.
Would those be the same lawyers who signed off on activities that later got
Microsoft convicted of anti-trust? I wouldn't assume that Microsoft is free
and clear. I could see somebody bringing legal action -- it doesn't take
much to file a lawsuit these days. That might not even be required -- all
it may take is filing a complaint with the judge overseeing the consent
decree. And what about the EU? They already have Microsoft in their
crosshairs.
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
message news:xxxxx@ntdev...
>
> Few open source developers will qualify for the Verisign cert, and fewer
> still will fork over $500 a year to get it. That comes pretty close to
> killing open source kernel code right there. Further, a key benefit of
> open source is that everybody is free to modify the code and run their
> modified version.
>
I will generalize what you said. Microsoft has said that an individual can
no longer ship a driver for the general populace except through a
corporation. Basically, they are barring outright the ability of the
individual programmer to ship for pay or for free. Personally, I view this
as a very poor policy.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
There IS one good thing about a policy that would require drivers to be signed: When a customer gets a driver package, they know (a) who it's from, and (b) that the driver and INF have not been modified since release. Of course, this would be accomplishable by simply requiring the driver be SIGNED, not signed under certain constraints and in a certain way, as currently defined by Microsoft.
<QUOTE>
Second, everybody should have the right to run software of their choosing on their own machine. It isn't Microsoft's computer -- it's mine. I paid for it. The OS shouldn't dictate what software I'm allowed to run. I think the current WHQL program is reasonable -- it forces people to think about loading unsigned drivers, but leaves the ultimate decision with the owner of the computer.
</QUOTE>
I agree. That's a very good point. There should be a global way for a customer to by-pass this.
Wanna bet there'll be a way for corporations to bypass this by locally signing drivers with their domain's certificate and pushing a group policy? I hasten to add that I DO NOT have any information that indicates this is the case, but I bet it's going to be the eventual outcome. If J-Random-Big Incorporated decides to deploy about 10,000 64-bit Windows graphic workstations, and one of the drivers they need doesn't happen to be signed, I'm thinkin' some bypass policy gets implemented by Microsoft rather quickly.
<QUOTE>
Few open source developers will qualify for the Verisign cert, and fewer still will fork over $500 a year to get it. That comes pretty close to killing open source kernel code right there.
</QUOTE>
Are you missing my point? So, Charlie the Computer Whiz goes home and wanders to his bedroom to make some earth-shattering modifications to -- I don't know -- SOME X64 only driver. He releases this onto the world. Nobody but other devs who have debugers hooked up can load it. This is only a good thing in my opinion. Some company picks it up to include in their suite of X64-related Windows shite. This COMPANY signs it. Charlie doesn't need a Verisign ID.
<QUOTE>
[T]he current policy ... is going to possibly drive me out of the business.
</QUOTE>
Don, you know I respect you. ANYthing is possible, but this policy having ANY impact on your business is highly unlikely. You write drivers for hardware manufacturer Z. THOSE guys sign the driver, not you.
<QUOTE>
My town taxes LLC's as business property this means the building (my house) and the capital equipment. ...
Basically, Microsoft's decision threathens the way I do business.
</QUOTE>
Don, with all due respect, I think you're seriously misguided and STRONGLY urge you to get a good tax attorney. Not your family lawyer. Not your uncle's friend's cousin's brother who took a few tax courses. Not your accountant. A real, bona fide, tax attorney.
If you do, I think you'll find you're wrong about a lot of your assumptions.
(a) As Tony pointed out, if you're an LLC, you can choose to have your income passed-through to you just like a sole proprietorship.
(b) There is no reason on God's Green Globe that your HOUSE would be considerd business property. In fact, the IRS regs -- and your town -- probably won't ALLOW you to consider your house business property (is your house in an area that's zoned commercial?). You own the house personally (just like I own my house). Your business owns whatever property it owns. Yes, if you live in a residential zone, depnding on your town, you MIGHT need to bother to get yourself permission for a "home occupation" but given that you NEVER meet customers at your home, produce no waste of any kind, etc, this is typically a formality.
Seriously, check into it. You shouldn't be in business without being incorporated in any case, for the purpose of protecting your own assets.
But, as Tony said, this discussion belongs on the Tax Issues and Consulting usenet group, not here.
P
Peter Viscarola
OSR
@OSRDrivers
>signing drivers with their domain's certificate and pushing a group policy?
>I hasten to add that I DO NOT have any information that indicates this is
>the case, but I bet it's going to be the eventual outcome. If J-Random-Big
>Incorporated decides to deploy about 10,000 64-bit Windows graphic
>workstations, and one of the drivers they need doesn't happen to be signed,
>I'm thinkin' some bypass policy gets implemented by Microsoft rather
>quickly.
This sounds like Authenticode signing, which is already supported in Windows
Server 2003. The problem is it’s only enforced when a PnP driver is
installed, not when the driver is loaded. Enforcement at load time is more
difficult. All the certificate store API’s are in user-mode, so the kernel
can’t easily validate an arbitrary root certificate. In the scheme proposed
for Vista, the kernel only needs to carry a copy of Microsoft’s public key.
>>Few open source developers will qualify for the Verisign cert, and fewer
>>still will fork over $500 a year to get it. That comes pretty close to
>>killing open source kernel code right there.
>
>Are you missing my point?
Perhaps we are talking past each other on this point, but I’d like to give
it another try.
>So, Charlie the Computer Whiz goes home and wanders to his bedroom to make
>some earth-shattering modifications to – I don't know -- SOME X64 only
>driver.
I’ll stipulate that Charlie probably isn’t writing a driver for a physical
piece of hardware. More likely he's writing a filter or some kind of
kernel-mode service. Scary as it sounds, maybe he’s writing a file system.
Either way, it doesn't really change the principles involved.
>He releases this onto the world. Nobody but other devs who have debuggers
>hooked up can load it. This is only a good thing in my opinion.
I’m very conservative about what I run on my production machines, and I
probably wouldn’t load Charlie’s driver. However, I absolutely reserve the
right to do so. This is about the freedom to use one’s own computer, and
who gets to decide what’s a “good thing” or not.
>Some company picks it up to include in their suite of X64-related Windows
>shite. This COMPANY signs it. Charlie doesn't need a Verisign ID.
For most open source projects there is no “company” –- there’s just Charlie
posting his code on SourceForge.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
<QUOTE>
This sounds like Authenticode signing, which is already supported in Windows Server 2003. The problem is it’s only enforced when a PnP driver is installed, not when the driver is loaded. Enforcement at load time is more difficult. All the certificate store API’s are in user-mode, so the kernel can’t easily validate an arbitrary root certificate. In the scheme proposed for Vista, the kernel only needs to carry a copy of Microsoft’s public key.
</QUOTE>
Precisely! And I'm all for authenticode signing. That's exactly what I was talking about, in place of this misbegotten policy.
You say load-time authenticode validation can't be done easily. We must have different ideas of the meaning of "easily" -- Calling out to user-mode when a driver's loaded isn't likely to be TRIVIAL, but by the same token, consider that this is precisely how most anti-virus programs work (intercepting the file open, and passing the file spec to a user-mode scanning program). Given the frequency with which drivers are loaded, it's not like this is a high-performance path.
I could give you the names of at least a half dozen devs in 26 or 28 that'd be up to the task. If they're too busy keeping themselves out of bug jail, I'm sure Don would be happy to write the code... for a very reasonble fee :-)
P
Peter Viscarola
OSR
@OSRDrivers
>We must have different ideas of the meaning of "easily" – Calling
>out to user-mode when a driver's loaded isn't likely to be TRIVIAL,
>but by the same token, consider that this is precisely how most
>anti-virus programs work (intercepting the file open, and passing
>the file spec to a user-mode scanning program). Given the frequency
>with which drivers are loaded, it's not like this is a high-performance
>path.
I think signature enforcement is more difficult than AV scanning. I’m not
saying it can’t be done -- just that it presents some unique challenges.
The big problem is that driver loads need to happen long before Win32
starts. Microsoft even plans to have ntldr verify signatures of boot
drivers (that’s why boot driver .sys files need to be signed directly, and
not just referenced in a catalog). I suspect that the only way to robustly
support Authenticode in the kernel is to support it IN the kernel.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
certificates on your test systems and sign your drivers with your own test
signatures. I could be wrong of course, but I would be surprised if that
were not the case.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Don Burn
> Sent: Saturday, January 21, 2006 1:23 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
>
> Another thing I really love about the new policy is the ways
> to override it as a developer:
>
> . Attaching a kernel debugger. Attaching an active
> kernel debugger
> to the target computer disables the enforcement module in
> Windows Vista and allows the driver to load.
>
> . Using the F8 option. An F8 boot option introduced
> with Windows
> Vista-"Disable Driver Signature Enforcement"-is available to
> disable the kernel-signing enforcement only for the current
> boot session. This setting does not persist across boot sessions.
>
> Well using the debugger can impact (admittly slightly) the
> way a driver runs, so I never consider it a valid final test
> to have the debugger on the syste,.
>
> Of course having to remember that I must choose an F8 boot
> option, and be by machine everytime it reboots to manually do
> this is going to be lots of fun.
> I wonder how this will work for testing an unsigned driver
> needed to boot windows? I also wonder how it will work with
> the WDK image provisioning and testing an unsigned driver,
> gee does that mean in the middle of the automated process, I
> need a program to wake me up at 2AM to choose the F8 option?
>
>
> --
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove
> StopSpam from the email to reply
>
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
>
voiced.
I am a software engineer fo a small consulting company. Device drivers are
not our business. In fact, it is just something that i started to learn
because I think it is interesting.
any device driver that i write will likely be just for personal use, like a
small USB or PCI IO interface to do some simple things for a demo or
whatever.
It would be perfectly normal for me to want a driver or kernel service to be
loaded on my system for whatever reason.
maybe this does not seem important to professional developers, but for
people like me it can become really problematic. why shouldn't i be able to
do this in a normal way?
and even if it was just a one time cost i could understand (like a vendor
ID), but now you have to keep paying each year. for some of us, this is
difficult to justify with our bosses. (not to mention having to explain why
we need to do business with verisign)
kind regards,
Bruno.
>talking about, in place of this misbegotten policy.
I am for authenticode with my own signature, but not Microsoft's one.
Apparently, there is a guy or two in Microsoft pushing their stupid ideas
about driver signing.
There's absolutely no point to check driver signatures at boot time, when
the root certificates are not available. The signatures should be checked
while the drivers are installed. Installed drivers should be hashed and the
checksums stored somewhere. At boot time, Windows just re-checks the
checksums not bothering with signatures.
One can say that someone can hack the checksums stored. Well, if one can
hack the checksums, they can easily hack the code that validates the
signatures, too.
My guess is, the Microsoft/Verisign monopoly's idea of signing drivers with
their own signatures is nothing more than an attempt to suck out hundreds of
dollars a year from developers. Just another way to get money flowing in.
--
http://www.cristalink.com
wrote in message news:xxxxx@ntdev...
Yeah...
This sounds like Authenticode signing, which is already supported in Windows
Server 2003. The problem is it's only enforced when a PnP driver is
installed, not when the driver is loaded. Enforcement at load time is more
difficult. All the certificate store API's are in user-mode, so the kernel
can't easily validate an arbitrary root certificate. In the scheme proposed
for Vista, the kernel only needs to carry a copy of Microsoft's public key.
Precisely! And I'm all for authenticode signing. That's exactly what I was
talking about, in place of this misbegotten policy.
You say load-time authenticode validation can't be done easily. We must
have different ideas of the meaning of "easily" -- Calling out to user-mode
when a driver's loaded isn't likely to be TRIVIAL, but by the same token,
consider that this is precisely how most anti-virus programs work
(intercepting the file open, and passing the file spec to a user-mode
scanning program). Given the frequency with which drivers are loaded, it's
not like this is a high-performance path.
I could give you the names of at least a half dozen devs in 26 or 28 that'd
be up to the task. If they're too busy keeping themselves out of bug jail,
I'm sure Don would be happy to write the code... for a very reasonble fee
:-)
P
> "Mr. GUID" <[email protected]> wrote in
> message news:xxxxx@ntdev...
> >
> > Few open source developers will qualify for the Verisign cert, and fewer
> > still will fork over $500 a year to get it. That comes pretty close to
> > killing open source kernel code right there. Further, a key benefit of
> > open source is that everybody is free to modify the code and run their
> > modified version.
> >
>
> I will generalize what you said. Microsoft has said that an individual can
> no longer ship a driver for the general populace except through a
> corporation. Basically, they are barring outright the ability of the
> individual programmer to ship for pay or for free. Personally, I view this
> as a very poor policy.
Would following scenario be feasable :
1. Someone develops and provides an UNSIGNED device driver ( open source or not ) to a company.
2. The same developer provides all support , scripts or even a program that calls the signing tools, to
the company
3. If the company has a valid code signing certificate , signing of the just "just purchased" driver is a 5 minutes
job,
4. if the company has NO valid signing certificate , he buys one for $500 and signs the driver with it.
Reaction appreciated ....
Christiaan
>
>
> --
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
>
signing out of the kindness of their hearts. so instead of paying per year,
you'll pay someone else per signature.
and then it might not even be legal to do this. it could be against the eula
that you no doubt have to agree to before getting the PIC.
kind regards,
Bruno.
"Christiaan Ghijselinck" wrote in
message news:xxxxx@ntdev...
>
>
>>
>> "Mr. GUID" wrote in
>> message news:xxxxx@ntdev...
>> >
>> > Few open source developers will qualify for the Verisign cert, and
>> > fewer
>> > still will fork over $500 a year to get it. That comes pretty close to
>> > killing open source kernel code right there. Further, a key benefit of
>> > open source is that everybody is free to modify the code and run their
>> > modified version.
>> >
>>
>> I will generalize what you said. Microsoft has said that an individual
>> can
>> no longer ship a driver for the general populace except through a
>> corporation. Basically, they are barring outright the ability of the
>> individual programmer to ship for pay or for free. Personally, I view
>> this
>> as a very poor policy.
>
>
> Would following scenario be feasable :
>
> 1. Someone develops and provides an UNSIGNED device driver ( open source
> or not ) to a company.
> 2. The same developer provides all support , scripts or even a program
> that calls the signing tools, to
> the company
> 3. If the company has a valid code signing certificate , signing of the
> just "just purchased" driver is a 5 minutes
> job,
> 4. if the company has NO valid signing certificate , he buys one for $500
> and signs the driver with it.
>
> Reaction appreciated ....
>
> Christiaan
>
>
>>
>>
>> --
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>>
>>
>>
>> ---
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as:
>> [email protected]
>> To unsubscribe send a blank email to [email protected]
>>
>
>
sign if was just for WinQual access). Now one of the things I do is provide
drivers for customers who can best be described as almost non-technical,
they can do a little "C", some Visual Basic and that is about it. What my
customers want is access to something that is easy to do in the kernel, and
hard or impossible in user space.
Anyway I pointed the customer at WinQual, they came back confused enough to
tell me to do it. I said I would need their VeriSign ID, but Verisign
emphasises that this is your identity keep it safe, so the customer was
terrified of giving to me. End result they are shipping a driver, I'm
supporting it, but no WinQual data on failures ever gets accesses.
Note for a number of these folks, the price I charge is small enough, that
cost of changing my business practices to have the Verisign ID, would make
the cost to them impractical. In a couple cases, the work I have done was
to replace what was close to a malware approach, because they found a hacker
who had an approach like hooking to do what has a blessed approach.
"Christiaan Ghijselinck" wrote in
message news:xxxxx@ntdev...
>
>
>>
>> "Mr. GUID" wrote in
>> message news:xxxxx@ntdev...
>> >
>> > Few open source developers will qualify for the Verisign cert, and
>> > fewer
>> > still will fork over $500 a year to get it. That comes pretty close to
>> > killing open source kernel code right there. Further, a key benefit of
>> > open source is that everybody is free to modify the code and run their
>> > modified version.
>> >
>>
>> I will generalize what you said. Microsoft has said that an individual
>> can
>> no longer ship a driver for the general populace except through a
>> corporation. Basically, they are barring outright the ability of the
>> individual programmer to ship for pay or for free. Personally, I view
>> this
>> as a very poor policy.
>
>
> Would following scenario be feasable :
>
> 1. Someone develops and provides an UNSIGNED device driver ( open source
> or not ) to a company.
> 2. The same developer provides all support , scripts or even a program
> that calls the signing tools, to
> the company
> 3. If the company has a valid code signing certificate , signing of the
> just "just purchased" driver is a 5 minutes
> job,
> 4. if the company has NO valid signing certificate , he buys one for $500
> and signs the driver with it.
>
> Reaction appreciated ....
>
> Christiaan
>
>
>>
>>
>> --
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>>
>>
>>
>> ---
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as:
>> [email protected]
>> To unsubscribe send a blank email to [email protected]
>>
>
>
to log on to WinQual and find out that your driver is crashing. Microsoft
reports this for all drivers whether signed or not. One wonders how many
crashes would be cleaned up, if the small companies and third party
developers had access to the data on their drivers.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
"Bruno van Dooren" wrote in message
news:xxxxx@ntdev...
> this will only shift the problem. nobody is going to provide 3d party
> signing out of the kindness of their hearts. so instead of paying per
> year, you'll pay someone else per signature.
>
> and then it might not even be legal to do this. it could be against the
> eula that you no doubt have to agree to before getting the PIC.
>
> kind regards,
> Bruno.
> to log on to WinQual and find out that your driver is crashing. Microsoft
> reports this for all drivers whether signed or not. One wonders how many
> crashes would be cleaned up, if the small companies and third party
> developers had access to the data on their drivers.
>
There you have a point. But apart from this , could there be problem when the
developer provides a unsigned driver as "built for the company" and when
the company receives the driver , he has to care about : obtaining a certificate ,
a PIC and signing the driver himself. The developer could support this
signing procedure ( without receiving the certificate from the company ) if
that procedure itself would be too obscure or difficult to follow. After all ,
I don't see a reason why the developer himself should be able to provide
the signed "build for the company" driver to the world with his "own" signature.
This would be even illegal in point of view of the company that obtained/distributes
the driver. I also think about the fact that a company wishes to sign the software
he spreads with his own signature , not the signature of the developer ...
I think this would at least save the $500 costs for the developer and the time to
spend the time on obtaining the PIC , signing , etc.. . After all , the developer
is not to blame about this new driver signing method ...
Christiaan
>
>
> --
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
> "Bruno van Dooren" <[email protected]> wrote in message
> news:xxxxx@ntdev...
> > this will only shift the problem. nobody is going to provide 3d party
> > signing out of the kindness of their hearts. so instead of paying per
> > year, you'll pay someone else per signature.
> >
> > and then it might not even be legal to do this. it could be against the
> > eula that you no doubt have to agree to before getting the PIC.
> >
> > kind regards,
> > Bruno.
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
>
In my experiance too much security can close the door to using Windows for a
farily large number of specialized applications.
Small specialized industries are an example. Here the requirement may be for
one site to have specialized one-of drivers that control, for example, a
wharehouse full of sewing machines. A single developer could easily develop
and maintain drivers and other components for this environment. There is
absolutely no interest in this case for a wider distribution of drivers in
this closed system. No interest in Microsoft "approval", etc.
However, if the OS frustrates the developer when installing what is needed
on Windows platforms he (or she) may choose to move to another platform
instead of fighting the security/signing hurdles.
The Vista driver signing requirements certainly won't encourage use of
Windows in a number of innovative areas.
Thomas F. Divine, Windows DDK MVP
>
> In my experiance too much security can close the door to using Windows for a
> farily large number of specialized applications.
>
> Small specialized industries are an example. Here the requirement may be for
> one site to have specialized one-of drivers that control, for example, a
> wharehouse full of sewing machines. A single developer could easily develop
> and maintain drivers and other components for this environment. There is
> absolutely no interest in this case for a wider distribution of drivers in
> this closed system. No interest in Microsoft "approval", etc.
>
> However, if the OS frustrates the developer when installing what is needed
> on Windows platforms he (or she) may choose to move to another platform
> instead of fighting the security/signing hurdles.
>
> The Vista driver signing requirements certainly won't encourage use of
> Windows in a number of innovative areas.
>
> Thomas F. Divine, Windows DDK MVP
>
Probably , but people may be inventif on this. Assume there exists a company named
"Driver Sign International Inc." that signs your driver package for a small fee of $10 and
promptly delivers you the result back within 24 hours.
If legal and , it would prove how ridiculous the driver signing strategy is after all .
C.
P.S. I have no patent on the idea :-D
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
>
They promised to allow the admin to install the company's cert manually to
the machine (like the IE's option of "Always trust the software from La-La-La
Corporation) and thus make the non-WHQLed driver loadable.
But you see - anyway the company's cert is needed.
It is very interesting how will they deal with the cert revocation lists in
NTLDR
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
[email protected]
http://www.storagecraft.com
----- Original Message -----
From: "Mark Roddy" <[email protected]>
To: "Windows System Software Devs Interest List" <[email protected]>
Sent: Sunday, January 22, 2006 7:52 PM
Subject: RE: [ntdev] X64 Windows Vista to require signed drivers
> I assume that for testing purposes you can still install test root
> certificates on your test systems and sign your drivers with your own test
> signatures. I could be wrong of course, but I would be surprised if that
> were not the case.
>
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032
> www.hollistech.com
>
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]] On Behalf Of Don Burn
> > Sent: Saturday, January 21, 2006 1:23 PM
> > To: Windows System Software Devs Interest List
> > Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
> >
> > Another thing I really love about the new policy is the ways
> > to override it as a developer:
> >
> > . Attaching a kernel debugger. Attaching an active
> > kernel debugger
> > to the target computer disables the enforcement module in
> > Windows Vista and allows the driver to load.
> >
> > . Using the F8 option. An F8 boot option introduced
> > with Windows
> > Vista-"Disable Driver Signature Enforcement"-is available to
> > disable the kernel-signing enforcement only for the current
> > boot session. This setting does not persist across boot sessions.
> >
> > Well using the debugger can impact (admittly slightly) the
> > way a driver runs, so I never consider it a valid final test
> > to have the debugger on the syste,.
> >
> > Of course having to remember that I must choose an F8 boot
> > option, and be by machine everytime it reboots to manually do
> > this is going to be lots of fun.
> > I wonder how this will work for testing an unsigned driver
> > needed to boot windows? I also wonder how it will work with
> > the WDK image provisioning and testing an unsigned driver,
> > gee does that mean in the middle of the automated process, I
> > need a program to wake me up at 2AM to choose the F8 option?
> >
> >
> > --
> > Don Burn (MVP, Windows DDK)
> > Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove
> > StopSpam from the email to reply
> >
> >
> >
> >
> > ---
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: [email protected]
> > To unsubscribe send a blank email to [email protected]
> >
>
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
chapters. Read the book on general NT architecture like Solomon/Russinovich, if
you did not this before
advanced version of MSDN's documentation.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
[email protected]
http://www.storagecraft.com
----- Original Message -----
From: "Bruno van Dooren" <[email protected]>
Newsgroups: ntdev
To: "Windows System Software Devs Interest List" <[email protected]>
Sent: Sunday, January 22, 2006 10:39 PM
Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
> maybe I can add another point to this discussion that hasn't yet been
> voiced.
>
> I am a software engineer fo a small consulting company. Device drivers are
> not our business. In fact, it is just something that i started to learn
> because I think it is interesting.
>
> any device driver that i write will likely be just for personal use, like a
> small USB or PCI IO interface to do some simple things for a demo or
> whatever.
> It would be perfectly normal for me to want a driver or kernel service to be
> loaded on my system for whatever reason.
>
> maybe this does not seem important to professional developers, but for
> people like me it can become really problematic. why shouldn't i be able to
> do this in a normal way?
>
> and even if it was just a one time cost i could understand (like a vendor
> ID), but now you have to keep paying each year. for some of us, this is
> difficult to justify with our bosses. (not to mention having to explain why
> we need to do business with verisign)
>
> kind regards,
> Bruno.
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
work or not, which is why I floated my comment out there, hoping somebody
would say either 'yes test certificates will still work' or 'no test
certificates won't work'.
The whole thing ends up being obnoxious. Give me an ipl-time switch to
control what level of driver install security I want. How difficult would
that be?
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Maxim
> S. Shatskih
> Sent: Sunday, January 22, 2006 7:45 PM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] X64 Windows Vista to require signed drivers
>
> Do you remember the discussion on the Summit, Mark?
>
> They promised to allow the admin to install the company's
> cert manually to the machine (like the IE's option of "Always
> trust the software from La-La-La
> Corporation) and thus make the non-WHQLed driver loadable.
>
> But you see - anyway the company's cert is needed.
>
> It is very interesting how will they deal with the cert
> revocation lists in NTLDR
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> [email protected]
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: "Mark Roddy" <[email protected]>
> To: "Windows System Software Devs Interest List" <[email protected]>
> Sent: Sunday, January 22, 2006 7:52 PM
> Subject: RE: [ntdev] X64 Windows Vista to require signed drivers
>
>
> > I assume that for testing purposes you can still install test root
> > certificates on your test systems and sign your drivers
> with your own test
> > signatures. I could be wrong of course, but I would be
> surprised if that
> > were not the case.
> >
> > =====================
> > Mark Roddy DDK MVP
> > Windows 2003/XP/2000 Consulting
> > Hollis Technology Solutions 603-321-1032
> > www.hollistech.com
> >
> > > -----Original Message-----
> > > From: [email protected]
> > > [mailto:[email protected]] On Behalf Of Don Burn
> > > Sent: Saturday, January 21, 2006 1:23 PM
> > > To: Windows System Software Devs Interest List
> > > Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
> > >
> > > Another thing I really love about the new policy is the ways
> > > to override it as a developer:
> > >
> > > . Attaching a kernel debugger. Attaching an active
> > > kernel debugger
> > > to the target computer disables the enforcement module in
> > > Windows Vista and allows the driver to load.
> > >
> > > . Using the F8 option. An F8 boot option introduced
> > > with Windows
> > > Vista-"Disable Driver Signature Enforcement"-is available to
> > > disable the kernel-signing enforcement only for the current
> > > boot session. This setting does not persist across boot sessions.
> > >
> > > Well using the debugger can impact (admittly slightly) the
> > > way a driver runs, so I never consider it a valid final test
> > > to have the debugger on the syste,.
> > >
> > > Of course having to remember that I must choose an F8 boot
> > > option, and be by machine everytime it reboots to manually do
> > > this is going to be lots of fun.
> > > I wonder how this will work for testing an unsigned driver
> > > needed to boot windows? I also wonder how it will work with
> > > the WDK image provisioning and testing an unsigned driver,
> > > gee does that mean in the middle of the automated process, I
> > > need a program to wake me up at 2AM to choose the F8 option?
> > >
> > >
> > > --
> > > Don Burn (MVP, Windows DDK)
> > > Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove
> > > StopSpam from the email to reply
> > >
> > >
> > >
> > >
> > > ---
> > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as: [email protected]
> > > To unsubscribe send a blank email to
> [email protected]
> > >
> >
> >
> >
> >
> > ---
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: [email protected]
> > To unsubscribe send a blank email to
> [email protected]
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
>
I think is raher part of a policy. A policy which suxs big time, and
which takes away the rights from me, the user to install and software
I want on my machines.
Microsoft and it;'s engineers should rather spend their time ficing
very serious OS bugs and security holes then implementing
idiotic stuff. But no, they wont fix the bugs in Windows.
No, god fobid. It would be too complicated :P
They would rather take away rights from the user and shoot into the little
driver
devloper and consultant. Congrats Microsoft. Way to go.
Dan
----- Original Message -----
From: "Mark Roddy" <[email protected]>
To: "Windows System Software Devs Interest List" <[email protected]>
Sent: Monday, January 23, 2006 2:57 PM
Subject: RE: [ntdev] X64 Windows Vista to require signed drivers
> Actually I don't remember if they said that test certificates would still
> work or not, which is why I floated my comment out there, hoping somebody
> would say either 'yes test certificates will still work' or 'no test
> certificates won't work'.
>
> The whole thing ends up being obnoxious. Give me an ipl-time switch to
> control what level of driver install security I want. How difficult would
> that be?
>
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032
> www.hollistech.com
>
>> -----Original Message-----
>> From: [email protected]
>> [mailto:[email protected]] On Behalf Of Maxim
>> S. Shatskih
>> Sent: Sunday, January 22, 2006 7:45 PM
>> To: Windows System Software Devs Interest List
>> Subject: Re: [ntdev] X64 Windows Vista to require signed drivers
>>
>> Do you remember the discussion on the Summit, Mark?
>>
>> They promised to allow the admin to install the company's
>> cert manually to the machine (like the IE's option of "Always
>> trust the software from La-La-La
>> Corporation) and thus make the non-WHQLed driver loadable.
>>
>> But you see - anyway the company's cert is needed.
>>
>> It is very interesting how will they deal with the cert
>> revocation lists in NTLDR
>>
>> Maxim Shatskih, Windows DDK MVP
>> StorageCraft Corporation
>> [email protected]
>> http://www.storagecraft.com
>>
>> ----- Original Message -----
>> From: "Mark Roddy" <[email protected]>
>> To: "Windows System Software Devs Interest List" <[email protected]>
>> Sent: Sunday, January 22, 2006 7:52 PM
>> Subject: RE: [ntdev] X64 Windows Vista to require signed drivers
>>
>>
>> > I assume that for testing purposes you can still install test root
>> > certificates on your test systems and sign your drivers
>> with your own test
>> > signatures. I could be wrong of course, but I would be
>> surprised if that
>> > were not the case.
>> >
>> > =====================
>> > Mark Roddy DDK MVP
>> > Windows 2003/XP/2000 Consulting
>> > Hollis Technology Solutions 603-321-1032
>> > www.hollistech.com
>> >
>> > > -----Original Message-----
>> > > From: [email protected]
>> > > [mailto:[email protected]] On Behalf Of Don Burn
>> > > Sent: Saturday, January 21, 2006 1:23 PM
>> > > To: Windows System Software Devs Interest List
>> > > Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
>> > >
>> > > Another thing I really love about the new policy is the ways
>> > > to override it as a developer:
>> > >
>> > > . Attaching a kernel debugger. Attaching an active
>> > > kernel debugger
>> > > to the target computer disables the enforcement module in
>> > > Windows Vista and allows the driver to load.
>> > >
>> > > . Using the F8 option. An F8 boot option introduced
>> > > with Windows
>> > > Vista-"Disable Driver Signature Enforcement"-is available to
>> > > disable the kernel-signing enforcement only for the current
>> > > boot session. This setting does not persist across boot sessions.
>> > >
>> > > Well using the debugger can impact (admittly slightly) the
>> > > way a driver runs, so I never consider it a valid final test
>> > > to have the debugger on the syste,.
>> > >
>> > > Of course having to remember that I must choose an F8 boot
>> > > option, and be by machine everytime it reboots to manually do
>> > > this is going to be lots of fun.
>> > > I wonder how this will work for testing an unsigned driver
>> > > needed to boot windows? I also wonder how it will work with
>> > > the WDK image provisioning and testing an unsigned driver,
>> > > gee does that mean in the middle of the automated process, I
>> > > need a program to wake me up at 2AM to choose the F8 option?
>> > >
>> > >
>> > > --
>> > > Don Burn (MVP, Windows DDK)
>> > > Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove
>> > > StopSpam from the email to reply
>> > >
>> > >
>> > >
>> > >
>> > > ---
>> > > Questions? First check the Kernel Driver FAQ at
>> > > http://www.osronline.com/article.cfm?id=256
>> > >
>> > > You are currently subscribed to ntdev as: [email protected]
>> > > To unsubscribe send a blank email to
>> [email protected]
>> > >
>> >
>> >
>> >
>> >
>> > ---
>> > Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>> >
>> > You are currently subscribed to ntdev as: [email protected]
>> > To unsubscribe send a blank email to
>> [email protected]
>>
>>
>>
>> ---
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: [email protected]
>> To unsubscribe send a blank email to [email protected]
>>
>
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
mistake for years in not providing a way for an individual to get access to
their bug reporting and signing. Personally, I don't object to the direct
costs of the ID, though I understand people who do.
If WinQual is supposed to be helping increase the quality of Windows. And
if as has been stated at multiple Microsoft conferences, 3rd party drivers
are the biggest cause of crashes, then why is WinQual not doing every thing
in their power to get the bug data out to the responsible parties.
This new policy seems to be failing to recognize they have done a lousy job
of providing access for years. Their solution seems to be rather than fix
their procedures, we will only allow people who use our procedures to ship
drivers. I have wanted to use their procedures for years, but I don't want
the headaches of having a corporation or working for one.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
"Dan Partelly" wrote in message news:xxxxx@ntdev...
>>> How difficult would that be?
>
> I think is raher part of a policy. A policy which suxs big time, and
> which takes away the rights from me, the user to install and software
> I want on my machines.
>
> Microsoft and it;'s engineers should rather spend their time ficing
> very serious OS bugs and security holes then implementing
> idiotic stuff. But no, they wont fix the bugs in Windows.
> No, god fobid. It would be too complicated :P
>
> They would rather take away rights from the user and shoot into the little
> driver
> devloper and consultant. Congrats Microsoft. Way to go.
>
> Dan
>
Just my 2 cents
Sounds like the opportunity to start a new business!
Can't someone put together a 3rd party "Verification" company?
This company would take submissions from contractors/etc - run some
'qual' tests - and then certify with their verisign.
This could be done a many sliding $ scales to make it effective for
contractors/companies to do. You can just budget it into the project
cost and then no hassles with LLCs,INCs/etc
Maybe my company should offer this service?
Steve Spano
President, Finger Lakes Engineering
(V) 607-277-1614 x223
(F) 800-835-7164
(C) 607-342-1150
[email protected]
www.fl-eng.com
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Don Burn
Sent: Monday, January 23, 2006 8:48 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
I am not against the policy. I do think that WinQual has made a serious
mistake for years in not providing a way for an individual to get access
to
their bug reporting and signing. Personally, I don't object to the
direct
costs of the ID, though I understand people who do.
If WinQual is supposed to be helping increase the quality of Windows.
And
if as has been stated at multiple Microsoft conferences, 3rd party
drivers
are the biggest cause of crashes, then why is WinQual not doing every
thing
in their power to get the bug data out to the responsible parties.
This new policy seems to be failing to recognize they have done a lousy
job
of providing access for years. Their solution seems to be rather than
fix
their procedures, we will only allow people who use our procedures to
ship
drivers. I have wanted to use their procedures for years, but I don't
want
the headaches of having a corporation or working for one.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
"Dan Partelly" <[email protected]> wrote in message
news:xxxxx@ntdev...
>>> How difficult would that be?
>
> I think is raher part of a policy. A policy which suxs big time, and
> which takes away the rights from me, the user to install and software
> I want on my machines.
>
> Microsoft and it;'s engineers should rather spend their time ficing
> very serious OS bugs and security holes then implementing
> idiotic stuff. But no, they wont fix the bugs in Windows.
> No, god fobid. It would be too complicated :P
>
> They would rather take away rights from the user and shoot into the
little
> driver
> devloper and consultant. Congrats Microsoft. Way to go.
>
> Dan
>
---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: [email protected]
To unsubscribe send a blank email to [email protected]
returning the WinQual reports on the driver etc. You also have to be
willing to enter into 3 way NDA's between the consultant, the customer and
your firm.
And finally since a test submission to Microsoft is down to around $200, you
probably can't charge more than that youself for the total cost of getting
the driver through WHQL and subsequent report monitoring.
I hope you have a really cheap lawyer and clerical staff.
--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
"Steve Spano" wrote in message news:xxxxx@ntdev...
> Hi Folks,
>
> Just my 2 cents
>
> Sounds like the opportunity to start a new business!
>
> Can't someone put together a 3rd party "Verification" company?
>
> This company would take submissions from contractors/etc - run some
> 'qual' tests - and then certify with their verisign.
>
> This could be done a many sliding $ scales to make it effective for
> contractors/companies to do. You can just budget it into the project
> cost and then no hassles with LLCs,INCs/etc
>
> Maybe my company should offer this service?
>
>
>
>
> Steve Spano
> President, Finger Lakes Engineering
> (V) 607-277-1614 x223
> (F) 800-835-7164
> (C) 607-342-1150
> [email protected]
> www.fl-eng.com
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Don Burn
> Sent: Monday, January 23, 2006 8:48 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
>
> I am not against the policy. I do think that WinQual has made a serious
>
> mistake for years in not providing a way for an individual to get access
> to
> their bug reporting and signing. Personally, I don't object to the
> direct
> costs of the ID, though I understand people who do.
>
> If WinQual is supposed to be helping increase the quality of Windows.
> And
> if as has been stated at multiple Microsoft conferences, 3rd party
> drivers
> are the biggest cause of crashes, then why is WinQual not doing every
> thing
> in their power to get the bug data out to the responsible parties.
>
> This new policy seems to be failing to recognize they have done a lousy
> job
> of providing access for years. Their solution seems to be rather than
> fix
> their procedures, we will only allow people who use our procedures to
> ship
> drivers. I have wanted to use their procedures for years, but I don't
> want
> the headaches of having a corporation or working for one.
>
>
> --
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
> "Dan Partelly" wrote in message
> news:xxxxx@ntdev...
>>>> How difficult would that be?
>>
>> I think is raher part of a policy. A policy which suxs big time, and
>> which takes away the rights from me, the user to install and software
>> I want on my machines.
>>
>> Microsoft and it;'s engineers should rather spend their time ficing
>> very serious OS bugs and security holes then implementing
>> idiotic stuff. But no, they wont fix the bugs in Windows.
>> No, god fobid. It would be too complicated :P
>>
>> They would rather take away rights from the user and shoot into the
> little
>> driver
>> devloper and consultant. Congrats Microsoft. Way to go.
>>
>> Dan
>>
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
>
>
>
>
>
Recently someone form MS posted that 80% of system crashes where due to
third-party drivers according to the dumps
that MS receives. However, in the last few years MS platforms have
become increasingly difficult to bring down unless your
actively developing software on one. I believe MS is introducing this
restriction in an attempt to make the platform even more
stable while overlooking the fact that 99% of home and business users
are more so affected by spyware, worms, viruses, ect. that exploit
the vuns in the OS. <- That is the average person's MAIN concern,
keeping malware out of their system!
I could live with a few bsod's in exchange for a system that couldn't be
torn-up be the latest worm. MS just doesn't seem to understand
what the consumer wants anymore; this is the exact reason GM is laying
off 25,000 workers today - selling crap people don't need or want.
MS needs to get back to the basics of an 'easy to use, easy to program'
operating system.
Matt
Dan Partelly wrote:
>>> How difficult would that be?
>>
>
> I think is raher part of a policy. A policy which suxs big time, and
> which takes away the rights from me, the user to install and software
> I want on my machines.
>
> Microsoft and it;'s engineers should rather spend their time ficing
> very serious OS bugs and security holes then implementing
> idiotic stuff. But no, they wont fix the bugs in Windows.
> No, god fobid. It would be too complicated :P
>
> They would rather take away rights from the user and shoot into the
> little driver
> devloper and consultant. Congrats Microsoft. Way to go.
>
> Dan
>
>
> ----- Original Message ----- From: "Mark Roddy" <[email protected]>
> To: "Windows System Software Devs Interest List" <[email protected]>
> Sent: Monday, January 23, 2006 2:57 PM
> Subject: RE: [ntdev] X64 Windows Vista to require signed drivers
>
>
>> Actually I don't remember if they said that test certificates would
>> still
>> work or not, which is why I floated my comment out there, hoping
>> somebody
>> would say either 'yes test certificates will still work' or 'no test
>> certificates won't work'.
>>
>> The whole thing ends up being obnoxious. Give me an ipl-time switch to
>> control what level of driver install security I want. How difficult
>> would
>> that be?
>>
>> =====================
>> Mark Roddy DDK MVP
>> Windows 2003/XP/2000 Consulting
>> Hollis Technology Solutions 603-321-1032
>> www.hollistech.com
>>
>>> -----Original Message-----
>>> From: [email protected]
>>> [mailto:[email protected]] On Behalf Of Maxim
>>> S. Shatskih
>>> Sent: Sunday, January 22, 2006 7:45 PM
>>> To: Windows System Software Devs Interest List
>>> Subject: Re: [ntdev] X64 Windows Vista to require signed drivers
>>>
>>> Do you remember the discussion on the Summit, Mark?
>>>
>>> They promised to allow the admin to install the company's
>>> cert manually to the machine (like the IE's option of "Always
>>> trust the software from La-La-La
>>> Corporation) and thus make the non-WHQLed driver loadable.
>>>
>>> But you see - anyway the company's cert is needed.
>>>
>>> It is very interesting how will they deal with the cert
>>> revocation lists in NTLDR
>>>
>>> Maxim Shatskih, Windows DDK MVP
>>> StorageCraft Corporation
>>> [email protected]
>>> http://www.storagecraft.com
>>>
>>> ----- Original Message -----
>>> From: "Mark Roddy" <[email protected]>
>>> To: "Windows System Software Devs Interest List" <[email protected]>
>>> Sent: Sunday, January 22, 2006 7:52 PM
>>> Subject: RE: [ntdev] X64 Windows Vista to require signed drivers
>>>
>>>
>>> > I assume that for testing purposes you can still install test root
>>> > certificates on your test systems and sign your drivers
>>> with your own test
>>> > signatures. I could be wrong of course, but I would be
>>> surprised if that
>>> > were not the case.
>>> >
>>> > =====================
>>> > Mark Roddy DDK MVP
>>> > Windows 2003/XP/2000 Consulting
>>> > Hollis Technology Solutions 603-321-1032
>>> > www.hollistech.com
>>> >
>>> > > -----Original Message-----
>>> > > From: [email protected]
>>> > > [mailto:[email protected]] On Behalf Of Don Burn
>>> > > Sent: Saturday, January 21, 2006 1:23 PM
>>> > > To: Windows System Software Devs Interest List
>>> > > Subject: Re:[ntdev] X64 Windows Vista to require signed drivers
>>> > >
>>> > > Another thing I really love about the new policy is the ways
>>> > > to override it as a developer:
>>> > >
>>> > > . Attaching a kernel debugger. Attaching an active
>>> > > kernel debugger
>>> > > to the target computer disables the enforcement module in
>>> > > Windows Vista and allows the driver to load.
>>> > >
>>> > > . Using the F8 option. An F8 boot option introduced
>>> > > with Windows
>>> > > Vista-"Disable Driver Signature Enforcement"-is available to
>>> > > disable the kernel-signing enforcement only for the current
>>> > > boot session. This setting does not persist across boot sessions.
>>> > >
>>> > > Well using the debugger can impact (admittly slightly) the
>>> > > way a driver runs, so I never consider it a valid final test
>>> > > to have the debugger on the syste,.
>>> > >
>>> > > Of course having to remember that I must choose an F8 boot
>>> > > option, and be by machine everytime it reboots to manually do
>>> > > this is going to be lots of fun.
>>> > > I wonder how this will work for testing an unsigned driver
>>> > > needed to boot windows? I also wonder how it will work with
>>> > > the WDK image provisioning and testing an unsigned driver,
>>> > > gee does that mean in the middle of the automated process, I
>>> > > need a program to wake me up at 2AM to choose the F8 option?
>>> > >
>>> > >
>>> > > --
>>> > > Don Burn (MVP, Windows DDK)
>>> > > Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove
>>> > > StopSpam from the email to reply
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > ---
>>> > > Questions? First check the Kernel Driver FAQ at
>>> > > http://www.osronline.com/article.cfm?id=256
>>> > >
>>> > > You are currently subscribed to ntdev as: [email protected]
>>> > > To unsubscribe send a blank email to
>>> [email protected]
>>> > >
>>> >
>>> >
>>> >
>>> >
>>> > ---
>>> > Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>> >
>>> > You are currently subscribed to ntdev as: [email protected]
>>> > To unsubscribe send a blank email to
>>> [email protected]
>>>
>>>
>>>
>>> ---
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: [email protected]
>>> To unsubscribe send a blank email to [email protected]
>>>
>>
>>
>>
>>
>> ---
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: [email protected]
>> To unsubscribe send a blank email to [email protected]
>
>
>
>
> ---
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: [email protected]
> To unsubscribe send a blank email to [email protected]
>