PDA

View Full Version : Vista - drivers signing


begemott
February 7th, 2006, 11:03
http://www.eweek.com/article2/0,1759,1914966,00.asp

LLXX
February 7th, 2006, 23:53
I for one am never going to use this OS even if this "feature" gets cracked... since when did Microsoft say what I can and cannot run on my machine?!?!

M$ has been quite dictatorial recently, it seems. All the while, they concentrate on superfluous features of their software and leave the *real* issues until after they release it...

Kayaker
February 8th, 2006, 00:29
I don't know that it's all that popular with professional driver writers either. There's a debate about it on NTDEV as well as 'official' blogs,

http://blogs.msdn.com/craigrow/archive/2006/01/26/517922.aspx

disavowed
February 8th, 2006, 03:36
LLXX, I recommend in the future you do some research before believing online magazine articles.

The eWeek article is extremely misleading. Vista users will be able to run unsigned drivers by attaching a kernel debugger or by booting with F8. See http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/x64KMSigning.doc ("http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/x64KMSigning.doc") for details.

LLXX
February 8th, 2006, 05:59
...but that still entails quite a hassle. I know that any software restriction can be overcome with RCE, but the point is that Microsoft is trying to gain more control over our machines. In the future, they might require that *all* software be signed, not just drivers, with the same reasoning. I'm sure if that happened, everyone except the most mindless lusers would have something to say. This is just the beginning, the beginning of a downward progress...

CluelessNoob
February 8th, 2006, 09:36
Quote:
[Originally Posted by disavowed]LLXX, I recommend in the future you do some research before believing online magazine articles.

The eWeek article is extremely misleading. Vista users will be able to run unsigned drivers by attaching a kernel debugger or by booting with F8. See http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/x64KMSigning.doc ("http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/x64KMSigning.doc") for details.


But Microsoft has been consistently trying to lock out the small company/hobbyist crowd.

http://www.boingboing.net/2006/01/30/msft_our_drm_licensi.html


Quote:
The bombshell was Amir's explanation of the reason that his employer charges fees to license its DRM. According to Amir, the fee is not intended to recoup the expenses Microsoft incurred in developing their DRM, or to turn a profit.

The intention is to reduce the number of licensors to a manageable level, to lock out "hobbyists" and other entities that Microsoft doesn't want to have to trouble itself with.


That is Amir Majidimehr, Corporate VP of the Windows Digital Media Division, which oversees licensing and deployment of Microsoft's DRM.

disavowed
February 9th, 2006, 14:16
Quote:
[Originally Posted by LLXX]Microsoft is trying to gain more control over our machines

How does this give Microsoft any more control over your machine? It doesn't allow Microsoft to do anything new that they couldn't do before.

nikolatesla20
February 9th, 2006, 15:56
Personally I think M$ requiring signed drivers is a positive thing..it will banish those evil protectors that try to own the O.S., as well as any ring0 virii that may be in our future....(well, it would only banish protectors that could not afford to pass driver signing - but patchguard will kill Themida, etc...) - Also preventing rootkits (If one does write a rootkit, we could easily track them down henceforth)

So many M$ haters out there always moan about M$'s unsecurity. I think this is definitely a positive step forward. (The haters want it both ways - they want security, but yet they still want to hate M$)

DAMNIT don't people get it Windows is everywhere, and most users do not have computer knowlege, so these hacking bastards take advantage of them. So since we (I) can't track down each and every spammer or rootkit developer and give them a swift kick in the groin, then we must make win more secure, period. Crimony, one may not like m$, but I can guarantee that your financial information is sitting on a m$ o.s. based server somewhere. This is real life we are talking about. The modern day phishers and spammers have realized it. Everyone else needs to as well.


-nt20

Maximus
February 9th, 2006, 16:36
...but Sony's rootkit was signed, no? Who signed it?

Honestly, I think they should simply put a serious "this thing might take control of all your PC, INTERNET and DATA, are you sure?" out of 'windows' control -so that intercepting it would not be feasible- whenever something unverified is trying to gather ring0 access, yeah, something cool like BSODs

How many users would answer "yes, I accept the risk"?? I had friends that blocked internet this way, just because the big Kerio warnings popped out...

Opcode
February 9th, 2006, 18:48
This is not really about security.
Driver signing is not security.

Imho, this is all about DRM.
This document clear states my opinion:
http://www.microsoft.com/whdc/device/stream/output_protect.mspx

Btw, very interesting protection mechanisms described in the doc.

Regards,
Opc0de

disavowed
February 9th, 2006, 22:25
Quote:
[Originally Posted by Maximus]...but Sony's rootkit was signed, no?

I don't know whether or not Sony's "rootkit" was signed. However, if it was signed, then it would be trivial to determine who wrote it (in this case, Sony). The same can't be said for truly malicious rootkits. Requiring a path of non-repudiation via signing is a huge step forward in hindering the authoring and distribution of malicious rootkits.

Quote:
[Originally Posted by Maximus]Honestly, I think they should simply put a serious "this thing might take control of all your PC, INTERNET and DATA, are you sure?" out of 'windows' control -so that intercepting it would not be feasible- whenever something unverified is trying to gather ring0 access, yeah, something cool like BSODs

How many users would answer "yes, I accept the risk"?? I had friends that blocked internet this way, just because the big Kerio warnings popped out...

I hope this is not a serious suggestion.
1. If Windows displayed that prompt, then it couldn't be out of Windows's control.
2. Even if it could be out of Windows's control, users will always click "Yes" because they want to make $0.005 for clicking on banners or they want to see flying pink elephants.

By taking security decisions out of the hands of the common user, social engineering attacks are greatly hindered.

LLXX
February 9th, 2006, 22:41
Quote:
[Originally Posted by Opcode]This is not really about security.
Driver signing is not security.

Imho, this is all about DRM.
This document clear states my opinion:
http://www.microsoft.com/whdc/device/stream/output_protect.mspx

Btw, very interesting protection mechanisms described in the doc.

Regards,
Opc0de
Yes. It is DRM, which is all about preventing you from doing what you want with your hardware and software, while giving software and hardware companies more control over what your machine can and cannot do. Just like Trusted Computing, in a way.

Maximus
February 10th, 2006, 07:43
Quote:
[Originally Posted by disavowed]
Requiring a path of non-repudiation via signing is a huge step forward in hindering the authoring and distribution of malicious rootkits.


This is true, but the problem remains: why should I pay $$ for signing drivers and each update/upgrade at m$? They started this 'policy' when they initially marketed the 'designed 4 win95 app' logo in the nineties, and still go on on such line.

It would just be a tax (well, another one) on small developers (do you think they'll sign for free every patch/upgrade and so on? Not even ATI signs all its drivers...)


Quote:
[Originally Posted by disavowed]
I hope this is not a serious suggestion.


Yes and No

Quote:
[Originally Posted by disavowed]
1. If Windows displayed that prompt, then it couldn't be out of Windows's control.
2. Even if it could be out of Windows's control, users will always click "Yes" because they want to make $0.005 for clicking on banners or they want to see flying pink elephants.


1. Out of 'Windows', not out of Windows. You can check kb and mouse far before they fall down in the messagin pump.
2. Nothing is fool-proof. But as I said, I know many users really worried of security, often discouraged when they discover they need to install and use 5-6 products to gather a minimal security level. ...You would only save ppl capable of using the brain when a big red mark appear

Quote:
[Originally Posted by disavowed]
By taking security decisions out of the hands of the common user, social engineering attacks are greatly hindered.


This is ethically a very controversial point. Let's start FAR. Aristotheles (whatever this is written in english) in his analysis of Politics said that a nation should not take care of the citizens as if they were idiot children. Still, 2'500 years after, I perfectly agree (ok, I made it short, or the post wold be 10 pages long).
Who is M$ for chosing in my name what is good and what is not for me? Windows is an M$ property, no doubt in it, but it is also an OS. And m$ 'should' guarantee my rights of having the OS work for my software, and not 'taking' over my control of the PC like sony's DRM.
M$ choices affects a very large number of ppl in all the world, so m$ is not (at least ethically) free to do whatever it wants.

Whereas requiring the signing of everything good that run at r0 is a good thing for ~reducing~ and block the malware creators, it will not make it at (nearly) zero cost -ready to bet it.

The reason, again, is ethic and is tied to the willingness of m$ to impose what it thinks right for it to billion users, in the name of 'security' without really giving ppl a true choice, just an 'order'.

The reasoning you exposed is wrong -in my opinion- because the choice is not taken by many ppl like ANSI, but by a very restricted group of ppl which probably follows DRM rules, not surely 'what is better for end-user'. If it was, winhome should not possess full socket implementation, a basic firewall should have been implemented since win95 days at least etc etc.

So, whereas I agree in principle that certain choices should be removed from endless discussions and removed from socials, I still think that they should not be superimposed by a buch of programmers that have the duty of preventing DRM breaks -at least they should be engineered in a more serious fashion.

I perfectly understand that this is impossible due to the fact m$ is a private company. Still, a company with a billion of users should have 'limits' for its heavy social impact.

Regards,
Maximus

nikolatesla20
February 10th, 2006, 11:23
Quote:
[Originally Posted by Maximus]This is true, but the problem remains: why should I pay $$ for signing drivers and each update/upgrade at m$? They started this 'policy' when they initially marketed the 'designed 4 win95 app' logo in the nineties, and still go on on such line.

I
Regards,
Maximus



You don't have to pay to have them signed. As the article states M$ will give out the PID for free to use for signing, all the developer has to pay for is the Verisign license for the digital signature.

-nt20

disavowed
February 10th, 2006, 13:34
Quote:
[Originally Posted by Maximus]why should I pay $$ for signing drivers and each update/upgrade at m$?


nikolatesla answered the drivers part. As for the update part, Microsoft doesn't charge people for updates.

Quote:
[Originally Posted by Maximus]It would just be a tax (well, another one) on small developers

Small developers aren't manufacturing hardware en masse, though. This is not aimed at small developers.

Quote:
[Originally Posted by Maximus](do you think they'll sign for free every patch/upgrade and so on? Not even ATI signs all its drivers...)

ATI is not a small developer. I would rather install a signed ATI driver than an unsigned one.

Quote:
[Originally Posted by Maximus]I know many users really worried of security, often discouraged when they discover they need to install and use 5-6 products to gather a minimal security level.

5-6 products?! I see the need for antivirus software, and perhaps firewall software if they're not behind a router, but they shouldn't need anything else if they follow safe habits.

Quote:
[Originally Posted by Maximus]Who is M$ for chosing in my name what is good and what is not for me?

Microsoft is not choosing for you. You're not the average user. Microsoft is choosing what's best for the average user, and tries to give everyone else optoins to change the defaults (related to the 80/20 rule).

Quote:
[Originally Posted by Maximus]And m$ 'should' guarantee my rights of having the OS work for my software

What if your software is malware? Why should Microsoft guarantee that your malware will work?

Quote:
[Originally Posted by Maximus]The reason, again, is ethic and is tied to the willingness of m$ to impose what it thinks right for it to billion users, in the name of 'security' without really giving ppl a true choice, just an 'order'.

I still don't see why you keep saying that people don't have a choice. People will still be able to install unsigned drivers if they want to.

Quote:
[Originally Posted by Maximus]a buch of programmers that have the duty of preventing DRM breaks

Again, this has nothing to do with DRM. This is to make it more difficult to write and spread malware.

Maximus
February 10th, 2006, 14:36
Quote:

You don't have to pay to have them signed. As the article states M$ will give out the PID for free to use for signing


Mmh... I'll reread. ...Oh... I'm sure many small developers are wishing to give 500$/Year to VeriSign just for distributing a tool on the net. What a good protection we'll have... I have the strange feeling it won't work so much.
You won't have many small products signed, and you are effectively wrenching them out of the market. Whereas ATI won't have any problem spending them for signing, probably many small developers -or ppl that makes little tools- won't follow this policy.
Let's say I have a freeware tool, or a small shareware r0 tool that don't give back, by itself, alot of money, just few k/year. What one would do?

Signed or not, I would trust my ATI drivers, or (theorically) Sony's or whatever a big company does -you noticed how much the 'sony rootkit' costed to Sony, no?-.

Wrenching small developers out of the market/freeware is not a good solution to the problem, in my opinion.
Surely the fastest and less-costly for m$ (would they make the famous 'day tests' for the drivers? the sony rtk was uninstallable -mmh...) because they would simply install/Office works/sign it, as in case of rtk you can easily know who made it.

Quote:

5-6 products?! I see the need for antivirus software, and perhaps firewall


mmh.. privacy, anti-spyware, malware not detected by AV, HTTP/P2P black-listing software, etc. -having not a single app that covers all the needs, they are more than one.

Quote:

What if your software is malware?


It is not
But sometime wish it were

Well, my point is NOT that requiring a signed driver is a bad idea. The idea, by itself, is good.
(I even wanted the std drivers in R1, and not R0 -but fresh m$ developers copied too many concepts from unix and forgot the cool 4-levels implementation of 386+ -or maybe twas made as NT to keep compatibility across processors)

Let's say I feel the suggested implementation... very messy (clearly contrary to m$ style).

LLXX
February 10th, 2006, 15:40
I'm just completely against driver signing. The reasons they say for promoting driver signing are just euphemised ways of saying that Microsoft wants you to do whatever it wants. "to reduce the spread of malware"? They have no right to decide for me what is malware or not. I can run whatever software I want. The stupid lusers that don't have any idea are at fault. If they get infected with rootkits or virii, they are responsible for their own actions. If they get infected, they face the consequences. It was their fault in the first place.

disavowed
February 11th, 2006, 00:26
Quote:
[Originally Posted by LLXX]They have no right to decide for me what is malware or not.

They are not deciding for you what is malware and what is not.

Quote:
[Originally Posted by LLXX]I can run whatever software I want.

Yes, you can.

Quote:
[Originally Posted by LLXX]The stupid lusers that don't have any idea are at fault. If they get infected with rootkits or virii, they are responsible for their own actions. If they get infected, they face the consequences. It was their fault in the first place.

Yes, in the case of social engineering based infections, it is the users' fault. However, consider this: When a user who doesn't know anything about security gets infected via a social engineering vector, who do they blame? Microsoft.
Here's the thing: users don't want to be responsible for their own actions. If they did want to be held responsible, then there would be no market for AV software since users would either be smart enough to not get infected (from social engineering vectors, anyway) or when they did get infected they would accept the consequences and learn from their mistakes. Since neither of these happen for the typical users, AV software exists.

SiNTAX
February 22nd, 2006, 11:35
Quote:
[Originally Posted by nikolatesla20]You don't have to pay to have them signed. As the article states M$ will give out the PID for free to use for signing, all the developer has to pay for is the Verisign license for the digital signature.

-nt20


Lol.. and we all know what a Verisign certificate is worth... remember the time when a non-microsoft person got himself a certificate named Microsoft?! :-)

http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx

dELTA
February 22nd, 2006, 17:14
Hehe, yeah. Btw, nice to see you around SiNTAX, it's been a while since we last heard from you.

SiGiNT
February 22nd, 2006, 17:26
Quote:
[Originally Posted by SiNTAX]Lol.. and we all know what a Verisign certificate is worth... remember the time when a non-microsoft person got himself a certificate named Microsoft?! :-)


Kind of like the Phishing spam I got that said my E-bay acct. had been suspended, out of curiosity, (since I don't have an E-bay acct. ), I clicked the link and sure as shit an absolutely authentic looking site complete with Verisign.

SiGiNT

SiNTAX
February 23rd, 2006, 03:35
Quote:
[Originally Posted by dELTA]Hehe, yeah. Btw, nice to see you around SiNTAX, it's been a while since we last heard from you.


Whow didn't know I had a fan club Anyway you know how it goes.. RL getting in the way of fun..

OHPen
February 23rd, 2006, 04:42
I'm personaly think it's a good thing if the drivers got signed,
BUT it have to be ensured that all, and i mean really ALL people are able to develope drivers...
This have to be possible without applying any cheats or other complex actions like manually configuring windows to start with unsigned drivers.

Nevertheless im sure M$ do this für gaining more control over software development in future. The day will come when mircosoft grab whole control or loose all...

Maybe be live to see that.

Regards, PAPiLLiON.