In Windows XP, we added about 20 new LoadOrderGroups that break down by
type of file system filter (Anti-Virus, Undelete, Replication, Quota
Management, Encryption, etc.). This helps to some degree with the load
order problems that occur in filter interop scenarios and it allows the
OS to know what type of functionality this file system filter provides.
Currently, we only have a certification program for Anti-Virus filters
and due to the mechanisms used to detect signed drivers, the OS can only
warn that an unsigned driver is being load if the driver is loaded in
the Anti-Virus LoadOrderGroup and is installed via an INF.
The OS should not give a warning when filters are installed through a
mechanism other than an INF. If you install your filter with an INF but
the LoadOrderGroup is something other than the Anti-Virus group, the OS
will also not try to enforce driver signatures (and therefore should not
complain to the user).
Overall, this is a gradual effort for providing customers with some
guarantee on the quality of the file system filter drivers that are
installed as part of applications. We plan to extend the driver signing
program to other classes of filter drivers in the future.
The tests used for the Anti-Virus filter certification process are
available as part of the IFS Kit and are useful in testing other types
of filters as well. The tests run on Windows 2000 and Windows XP.
Thanks,
Molly Brown
-----Original Message-----
From: Don Burn [mailto:xxxxx@acm.org]
Sent: Tuesday, July 24, 2001 6:53 AM
To: File Systems Developers
Subject: [ntfsd] Re: FS Filter Driver Signing
At WinHEC this year Microsoft indicated it was signing
FS filter drivers (at least virus scanner, since they were
the cause of a large number of W2K BSOD’s). I’m not
sure what they will do for the rest of the filter drivers, probably
complain.
Don Burn
Windows 2000 Device Driver and Filesystem consulting
----- Original Message -----
From:
To: “File Systems Developers”
Sent: Tuesday, July 24, 2001 9:46 AM
Subject: [ntfsd] FS Filter Driver Signing
> Hi,
>
> Does anyone know if XP will complain about a non-certified FS filter
driver
> being loaded? I keep reading that all drivers installed on XP will
> need to be digitally signed or the user will get many large angry
> warning dialogs.
>
> Does Microsoft ever certify filter drivers? Is there any value in
> getting
a
> digital ID from Verisign for my driver?
>
> Thanks,
> Adrian
>
> —
> You are currently subscribed to ntfsd as: xxxxx@acm.org
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to ntfsd as:
xxxxx@exchange.microsoft.com To unsubscribe send a blank email to
leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com