Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Question using trust Driver signing

Gova_GimerGova_Gimer Member - All Emails Posts: 65

Hello,

I have some questions :

Someone legally signs their kernel driver with a legally purchased certificate and signs it with Microsoft portal service for windows 10.11 compatibility,
He is amateur (confirmed) on windows kernel driver development.

What happens if its driver deployed contains bugs making the Windows system unstable?
What happens if the use of its driver causes BSODs?
What happens if a some users complains ?
What happens if the developer is not able to correct system instability and BSOD bugs caused by his driver (the developer's)?

INFO: Developing a driver becomes more and more complicated when a new windows is deployed.

Thanks.

Comments

  • Mark_RoddyMark_Roddy Member - All Emails Posts: 4,559

    This is a legal question and generally none of us, especially me, are qualified to answer the question. However, the general practice is to include a license with your software that basically states that you or your corporation are not liable for damages resulting from defects in your software. This is the case for all software, all of which can have defects that can result in harm to the user.

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,373

    The purpose of the digital signature is not to ensure quality. The purpose is to ensure that there is a rock-solid path toward establishing your identity for liability purposes. If you distribute an unsigned driver that causes BSODs and instability, you could always say "well, I don't know where they got that, I didn't produce it." But if the package had your digital signature, then it has to be you. Those who were damaged can use the certificate chain to locate you and sue you.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • MBond2MBond2 Member Posts: 477

    Rock solid or not, a chain of identity does not indicate in any way what they can sue you for. Everything varies by jurisdiction, but generally software, especially free software, is provided as is without any warrantee or guarantee of fitness for a purpose.

    Certainly being sued - even when you have no culpability or liability still sucks

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 12 September 2022 Live, Online
Internals & Software Drivers 23 October 2022 Live, Online
Kernel Debugging 14 November 2022 Live, Online
Developing Minifilters 5 December 2022 Live, Online