FS Filter Driver Signing

OSR_Community_User-72 · July 24, 2001, 9:49am

Hi,

Does anyone know if XP will complain about a non-certified FS filter driver
being loaded? I keep reading that all drivers installed on XP will need to
be digitally signed or the user will get many large angry warning dialogs.

Does Microsoft ever certify filter drivers? Is there any value in getting a
digital ID from Verisign for my driver?

Thanks,
Adrian

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Don_Burn_1 · July 24, 2001, 9:57am

At WinHEC this year Microsoft indicated it was signing
FS filter drivers (at least virus scanner, since they were
the cause of a large number of W2K BSOD’s). I’m not
sure what they will do for the rest of the filter drivers,
probably complain.

Don Burn
Windows 2000 Device Driver and Filesystem consulting

----- Original Message -----
From:
To: “File Systems Developers”
Sent: Tuesday, July 24, 2001 9:46 AM
Subject: [ntfsd] FS Filter Driver Signing

> Hi,
>
> Does anyone know if XP will complain about a non-certified FS filter
driver
> being loaded? I keep reading that all drivers installed on XP will need to
> be digitally signed or the user will get many large angry warning dialogs.
>
> Does Microsoft ever certify filter drivers? Is there any value in getting
a
> digital ID from Verisign for my driver?
>
> Thanks,
> Adrian
>
> —
> You are currently subscribed to ntfsd as: xxxxx@acm.org
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · July 24, 2001, 9:59am

You will need to get a digital signature through WHQL for your driver if you
intend to not have customers complaining during the installation. If you want
to use the XP logo then you must pass WHQL.

If you are writing this driver for academic reasons then you don’t need the
signature.

-Jack

xxxxx@sheedy.com wrote:

Hi,

Does anyone know if XP will complain about a non-certified FS filter driver
being loaded? I keep reading that all drivers installed on XP will need to
be digitally signed or the user will get many large angry warning dialogs.

Does Microsoft ever certify filter drivers? Is there any value in getting a
digital ID from Verisign for my driver?

Thanks,
Adrian

You are currently subscribed to ntfsd as: xxxxx@r0r3.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · July 24, 2001, 10:29am

Is there any one in Microsoft in charge of this? How
can we contact this person?

Thanks,
Lixin

----- Original Message -----
From: “Jack McCauley”
To: “File Systems Developers”
Sent: Tuesday, July 24, 2001 9:52 AM
Subject: [ntfsd] Re: FS Filter Driver Signing

> You will need to get a digital signature through WHQL for your driver if
you
> intend to not have customers complaining during the installation. If you
want
> to use the XP logo then you must pass WHQL.
>
> If you are writing this driver for academic reasons then you don’t need
the
> signature.
>
> -Jack
>
> xxxxx@sheedy.com wrote:
>
> > Hi,
> >
> > Does anyone know if XP will complain about a non-certified FS filter
driver
> > being loaded? I keep reading that all drivers installed on XP will need
to
> > be digitally signed or the user will get many large angry warning
dialogs.
> >
> > Does Microsoft ever certify filter drivers? Is there any value in
getting a
> > digital ID from Verisign for my driver?
> >
> > Thanks,
> > Adrian
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@r0r3.com
> > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@indefense.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · July 24, 2001, 10:34am

www.micorsoft.com/hwtest

lixin wrote:

Is there any one in Microsoft in charge of this? How
can we contact this person?

Thanks,
Lixin

----- Original Message -----
From: “Jack McCauley”
> To: “File Systems Developers”
> Sent: Tuesday, July 24, 2001 9:52 AM
> Subject: [ntfsd] Re: FS Filter Driver Signing
>
> > You will need to get a digital signature through WHQL for your driver if
> you
> > intend to not have customers complaining during the installation. If you
> want
> > to use the XP logo then you must pass WHQL.
> >
> > If you are writing this driver for academic reasons then you don’t need
> the
> > signature.
> >
> > -Jack
> >
> > xxxxx@sheedy.com wrote:
> >
> > > Hi,
> > >
> > > Does anyone know if XP will complain about a non-certified FS filter
> driver
> > > being loaded? I keep reading that all drivers installed on XP will need
> to
> > > be digitally signed or the user will get many large angry warning
> dialogs.
> > >
> > > Does Microsoft ever certify filter drivers? Is there any value in
> getting a
> > > digital ID from Verisign for my driver?
> > >
> > > Thanks,
> > > Adrian
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@r0r3.com
> > > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@indefense.com
> > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
> —
> You are currently subscribed to ntfsd as: xxxxx@r0r3.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · July 25, 2001, 10:56am

Thanks,
Lixin

----- Original Message -----
From: “Jack McCauley”
To: “File Systems Developers”
Sent: Tuesday, July 24, 2001 10:28 AM
Subject: [ntfsd] Re: FS Filter Driver Signing

> www.micorsoft.com/hwtest
>
> lixin wrote:
>
> > Is there any one in Microsoft in charge of this? How
> > can we contact this person?
> >
> > Thanks,
> > Lixin
> >
> > ----- Original Message -----
> > From: “Jack McCauley”
> > To: “File Systems Developers”
> > Sent: Tuesday, July 24, 2001 9:52 AM
> > Subject: [ntfsd] Re: FS Filter Driver Signing
> >
> > > You will need to get a digital signature through WHQL for your driver
if
> > you
> > > intend to not have customers complaining during the installation. If
you
> > want
> > > to use the XP logo then you must pass WHQL.
> > >
> > > If you are writing this driver for academic reasons then you don’t
need
> > the
> > > signature.
> > >
> > > -Jack
> > >
> > > xxxxx@sheedy.com wrote:
> > >
> > > > Hi,
> > > >
> > > > Does anyone know if XP will complain about a non-certified FS filter
> > driver
> > > > being loaded? I keep reading that all drivers installed on XP will
need
> > to
> > > > be digitally signed or the user will get many large angry warning
> > dialogs.
> > > >
> > > > Does Microsoft ever certify filter drivers? Is there any value in
> > getting a
> > > > digital ID from Verisign for my driver?
> > > >
> > > > Thanks,
> > > > Adrian
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as: xxxxx@r0r3.com
> > > > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > >
> > >
> > > —
> > > You are currently subscribed to ntfsd as: xxxxx@indefense.com
> > > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> > >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@r0r3.com
> > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@indefense.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · July 25, 2001, 2:24pm

In Windows XP, we added about 20 new LoadOrderGroups that break down by
type of file system filter (Anti-Virus, Undelete, Replication, Quota
Management, Encryption, etc.). This helps to some degree with the load
order problems that occur in filter interop scenarios and it allows the
OS to know what type of functionality this file system filter provides.

Currently, we only have a certification program for Anti-Virus filters
and due to the mechanisms used to detect signed drivers, the OS can only
warn that an unsigned driver is being load if the driver is loaded in
the Anti-Virus LoadOrderGroup and is installed via an INF.

The OS should not give a warning when filters are installed through a
mechanism other than an INF. If you install your filter with an INF but
the LoadOrderGroup is something other than the Anti-Virus group, the OS
will also not try to enforce driver signatures (and therefore should not
complain to the user).

Overall, this is a gradual effort for providing customers with some
guarantee on the quality of the file system filter drivers that are
installed as part of applications. We plan to extend the driver signing
program to other classes of filter drivers in the future.

The tests used for the Anti-Virus filter certification process are
available as part of the IFS Kit and are useful in testing other types
of filters as well. The tests run on Windows 2000 and Windows XP.

Thanks,
Molly Brown

-----Original Message-----
From: Don Burn [mailto:xxxxx@acm.org]
Sent: Tuesday, July 24, 2001 6:53 AM
To: File Systems Developers
Subject: [ntfsd] Re: FS Filter Driver Signing

At WinHEC this year Microsoft indicated it was signing
FS filter drivers (at least virus scanner, since they were
the cause of a large number of W2K BSOD’s). I’m not
sure what they will do for the rest of the filter drivers, probably
complain.

Don Burn
Windows 2000 Device Driver and Filesystem consulting

----- Original Message -----
From:
To: “File Systems Developers”
Sent: Tuesday, July 24, 2001 9:46 AM
Subject: [ntfsd] FS Filter Driver Signing

> Hi,
>
> Does anyone know if XP will complain about a non-certified FS filter
driver
> being loaded? I keep reading that all drivers installed on XP will
> need to be digitally signed or the user will get many large angry
> warning dialogs.
>
> Does Microsoft ever certify filter drivers? Is there any value in
> getting
a
> digital ID from Verisign for my driver?
>
> Thanks,
> Adrian
>
> —
> You are currently subscribed to ntfsd as: xxxxx@acm.org
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to ntfsd as:
xxxxx@exchange.microsoft.com To unsubscribe send a blank email to
leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User-72 · July 26, 2001, 10:24am

Thanks Molly,

I’m pleased that there won’t be any warning messages when people use my
FS filter driver on XP.

But part of the reason I asked this question about certification is that
I want to tell customers it’s certified so they can feel comfortable
about running it.

I look forward to the future when other filter drivers can be signed -
and non-signed ones DO give warnings.

Adrian

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-ntfsd-
xxxxx@lists.osr.com] On Behalf Of Molly Brown
Sent: Thursday, 26 July 2001 4:19 AM
To: File Systems Developers
Subject: [ntfsd] Re: FS Filter Driver Signing

In Windows XP, we added about 20 new LoadOrderGroups that break down
by
type of file system filter (Anti-Virus, Undelete, Replication, Quota
Management, Encryption, etc.). This helps to some degree with the
load
order problems that occur in filter interop scenarios and it allows
the
OS to know what type of functionality this file system filter
provides.

Currently, we only have a certification program for Anti-Virus filters
and due to the mechanisms used to detect signed drivers, the OS can
only
warn that an unsigned driver is being load if the driver is loaded in
the Anti-Virus LoadOrderGroup and is installed via an INF.

The OS should not give a warning when filters are installed through a
mechanism other than an INF. If you install your filter with an INF
but
the LoadOrderGroup is something other than the Anti-Virus group, the
OS
will also not try to enforce driver signatures (and therefore should
not
complain to the user).

Overall, this is a gradual effort for providing customers with some
guarantee on the quality of the file system filter drivers that are
installed as part of applications. We plan to extend the driver
signing
program to other classes of filter drivers in the future.

The tests used for the Anti-Virus filter certification process are
available as part of the IFS Kit and are useful in testing other types
of filters as well. The tests run on Windows 2000 and Windows XP.

Thanks,
Molly Brown

-----Original Message-----
From: Don Burn [mailto:xxxxx@acm.org]
Sent: Tuesday, July 24, 2001 6:53 AM
To: File Systems Developers
Subject: [ntfsd] Re: FS Filter Driver Signing

At WinHEC this year Microsoft indicated it was signing
FS filter drivers (at least virus scanner, since they were
the cause of a large number of W2K BSOD’s). I’m not
sure what they will do for the rest of the filter drivers, probably
complain.

Don Burn
Windows 2000 Device Driver and Filesystem consulting

----- Original Message -----
From:
> To: “File Systems Developers”
> Sent: Tuesday, July 24, 2001 9:46 AM
> Subject: [ntfsd] FS Filter Driver Signing
>
>
> > Hi,
> >
> > Does anyone know if XP will complain about a non-certified FS filter
> driver
> > being loaded? I keep reading that all drivers installed on XP will
> > need to be digitally signed or the user will get many large angry
> > warning dialogs.
> >
> > Does Microsoft ever certify filter drivers? Is there any value in
> > getting
> a
> > digital ID from Verisign for my driver?
> >
> > Thanks,
> > Adrian
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@acm.org
> > To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@exchange.microsoft.com To unsubscribe send a blank email to
> leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to ntfsd as: xxxxx@sheedy.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com