A somewhat reasonable point, on the face of it. However…
You shouldn’t trust any product that subverts the security and
reliability mechanisms of the operating system, regardless of how good
it might be as a product otherwise.
Seriously, though, if the OP ends up using any of these suggestions (and
I most strongly recommend against it), please, please, please turn
back on the signature protection mechanism after you’re done!!!
Moreira, Alberto wrote:
You either trust the product you buy, or you don’t. A good product will be a
good product whether or not it gets a digital signature from a third party !Alberto.
-----Original Message-----
From: Arlie Davis [mailto:xxxxx@sublinear.org]
Sent: Tuesday, November 04, 2003 12:45 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: How Can I Prevent “Digital Signature Not Found”
Dialog Box by a Program While Installing an Unsigned Driver in Win2K?As someone who has had to maintain large sets of PCs, please, please,
PLEASE DO NOT THWART DRIVER SIGNING.[I’m directing this to the original author, not Loren specifically.]
Driver signing is there for a reason, and is a Good Thing.
If you want to disable the dialog box, because you are doing driver
development, then yes, by all means, use User Policies (or whatever its
called) to disable this. But you should NEVER, as part of a software
installer, simply bypass this. If you do this, you are f*cking with OS
internals, and are working AGAINST the OS, rather than WITH it.Crap like that is part of why Win 3x, Win 9x were such horrid beasts.
Those platforms didn’t have well-defined means to do lots of things, so
people HAD to resort to all sorts of buggery to get the job done. But
those times are OVER. Please stop writing software that does weird,
surprising, intrusive things to the OS. You just make the world a worse
place, down the road.Driver signing is a Good Thing, because it puts the control in the hands
of the system’s administrator. Administrators can impose policy
constraints on a machine – and if you work against those constraints,
system administrators will hate you, and hate your product. For
single-user machines, the user is the administrator, and should feel
free to enable/disable driver signing. But you, as a driver writer, are
NOT the person to make that decision.Again, none of this applies if you are just developing on your own box,
and just want to get the thing installed so you can test it.– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Loren Wilton
Sent: Tuesday, November 04, 2003 6:47 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: How Can I Prevent “Digital Signature Not Found”
Dialog Box by a Program While Installing an Unsigned Driver in Win2K?Pop up a message box instructing the user to disable signature checking
in the control panel. Probably won’t work if the PC is a member of a
domain.Loren
Oh, you wanted some way without user interaction? If the user is
installing as an admin, you can probably use the Security calls to
disable checking yourself. And hopefully restore it to the original
setting afterwards.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as: xxxxx@sublinear.org To
unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.comThe contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
–
…/ray..