nointegritychecks boot options is gone in Vista RC1

Michal_Vodicka-2 · September 12, 2006, 10:25pm

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Pavel A.[SMTP:xxxxx@writeme.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, September 13, 2006 3:45 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] nointegritychecks boot options is gone in Vista RC1

Yes, test signing works- heard from a co-worker who uses this often.

Actually this is a good news. “Smart” apps won’t be able to silently drop
various kernel hooks and rootkits without my approval, even from
admin account. They will have all their driver stuff unpacked so that user
could easily sign it. Time of miracles has gone, now it’s time of
security, annoyances…

What is good news? Mandatory signing itself or removing the useful option? I’d agree with signing although there are unnecessary annoyances with signing process itself. But the option should be there. I wouldn’t complain if there is a big red warning across whole desktop if the signature checking is turned off.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

Peter_Viscarola_OSR · September 12, 2006, 10:37pm

Sorry… of course. Typo… Mea culpa. I tried it on an amd64 system of course.

The signtool utility is hideous, no doubt about it. I can’t believe how poorly it’s documented and how inconsistent it is. But, whatever… Think I’ll check out inf2cat – thanks for the tip, John.

Peter
OSR

OSR_Community_User · September 17, 2006, 9:39pm

“Michal Vodicka” wrote in message news:xxxxx@ntdev…
>What is good news? Mandatory signing itself or removing the useful option? I’d agree with
>signing although there are unnecessary annoyances with signing process itself. But the option
>should be there. I wouldn’t complain if there is a big red warning across whole desktop if the >signature checking is turned
>off.

People get used to everything. They will get used to this big red warning
as if this were norm. Sadly, old good times have gone and never will be back

–PA

Michal_Vodicka-2 · September 18, 2006, 12:04pm

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Pavel A.[SMTP:xxxxx@writeme.com]
Reply To: Windows System Software Devs Interest List
Sent: Monday, September 18, 2006 4:34 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] nointegritychecks boot options is gone in Vista RC1

“Michal Vodicka” wrote in message news:xxxxx@ntdev…
> >What is good news? Mandatory signing itself or removing the useful option? I’d agree with
> >signing although there are unnecessary annoyances with signing process itself. But the option
> >should be there. I wouldn’t complain if there is a big red warning across whole desktop if the >signature checking is turned
> >off.
>
> People get used to everything. They will get used to this big red warning
> as if this were norm. Sadly, old good times have gone and never will be back
>
PeterGV just reported test signing works with any certificate even when not installed on the machine. It is basically the same as having signing turned off. There is not big red warning, just small (white?) ones in the corners of the desktop. With this in mind removing the useful option looks even more silly.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]