With little fanfare, Microsoft just announced that the X64 version of
Windows Vista will REQUIRE all kernel-mode code to be digitally signed. The
details are here: http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx
. This is
very different than the current WHQL program, where the user ultimately
decides how they want to handle unsigned drivers.
Vista driver developers must obtain a Publisher Identity Certificate (PIC)
from Microsoft. Microsoft says they won't charge for it, but they require
that you have a Class 3 Commercial Software Publisher Certificate from
Verisign. This costs $500 per year, and as the name implies, is only
available to commercial entities.
This change in Vista will effectively kill any open source kernel modules,
since individual developers are unlikely to obtain the required Verisign
certificate. I'll give Microsoft the benefit of the doubt and assume this
isn't their intention, but clearly, it will be the effect. I know NTDEV
isn't particularly supportive of open source, but you don't need to buy into
Stallmanism to see the problem here.
If Microsoft controls who can write software for Windows, Windows is no
longer an open platform. If Microsoft gets away with this for drivers, what
will stop them from imposing signing on applications some day? I don't see
that happening soon, but you never know what .NET 5.0 will bring. Say that
it's being done in the name of security, and a lot of users will simply nod
their heads and go along with it.
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/