Change in signing policy for 64-bit drivers for Vista and Longhorn

Discussion in 'Windows 64bit' started by Don Burn, Jan 24, 2006.

  1. Don Burn

    Don Burn Guest

    If you are not aware of it Microsoft announced a change in its policy on
    drivers for 64-bit Vista last week. See the paper at
    http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx The
    change here is that prior to this while drivers needed to be signed an
    administrator could sign a driver for a computer or a domain.

    Many people in the driver development community are disturbed by this change
    since makes it harder for a small firm to ship and support drivers. In
    particular a lot of the freeware tools that have a kernel component will
    probably never make it to Vista 64-bit. Also, I know of small firms that
    are reconsidering their product plans for Vista. For those who want to see
    the discussion in the driver development community, go to
    http://www.osronline.com and sign up for the NTDEV newgroup, then look for
    "X64 Windows Vista to require signed drivers"

    At the end of the paper is the feedback email address for this stuff. If
    enough of
    us make rational comments to that address, Microsoft may realize there is a
    problem.


    --
    Don Burn (MVP, Windows DDK)
    Windows 2k/XP/2k3 Filesystem and Driver Consulting
    Remove StopSpam from the email to reply
     
    Don Burn, Jan 24, 2006
    #1
    1. Advertising

  2. Why are they charging so much? $500 is lot of money and its not a guarantee
    that your Video or Sound card drivers still won't prevent constant crashes
    which I am currently experiencing on Vista.
    --
    --
    Andre
    Extended64 | http://www.extended64.com
    Blog | http://www.extended64.com/blogs/andre
    http://spaces.msn.com/members/adacosta
    FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    "Don Burn" <> wrote in message
    news:...
    > If you are not aware of it Microsoft announced a change in its policy on
    > drivers for 64-bit Vista last week. See the paper at
    > http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx The
    > change here is that prior to this while drivers needed to be signed an
    > administrator could sign a driver for a computer or a domain.
    >
    > Many people in the driver development community are disturbed by this
    > change since makes it harder for a small firm to ship and support drivers.
    > In particular a lot of the freeware tools that have a kernel component
    > will probably never make it to Vista 64-bit. Also, I know of small firms
    > that are reconsidering their product plans for Vista. For those who want
    > to see the discussion in the driver development community, go to
    > http://www.osronline.com and sign up for the NTDEV newgroup, then look
    > for "X64 Windows Vista to require signed drivers"
    >
    > At the end of the paper is the feedback email address for this stuff. If
    > enough of
    > us make rational comments to that address, Microsoft may realize there is
    > a problem.
    >
    >
    > --
    > Don Burn (MVP, Windows DDK)
    > Windows 2k/XP/2k3 Filesystem and Driver Consulting
    > Remove StopSpam from the email to reply
    >
    >
     
    Andre Da Costa, Jan 24, 2006
    #2
    1. Advertising

  3. Don Burn

    Don Burn Guest

    Microsoft is not charging it, they are requiring a Versign ID. Verisign
    charges this and does not allow individuals to get them only companies.
    Many of the popular tools for Windows debugging and administration came out
    of individuals, with this new policy the ability for a person to create and
    distribute these is threatened.


    --
    Don Burn (MVP, Windows DDK)
    Windows 2k/XP/2k3 Filesystem and Driver Consulting
    Remove StopSpam from the email to reply



    "Andre Da Costa" <> wrote in message
    news:%...
    > Why are they charging so much? $500 is lot of money and its not a
    > guarantee that your Video or Sound card drivers still won't prevent
    > constant crashes which I am currently experiencing on Vista.
    > --
    > --
    > Andre
    > Extended64 | http://www.extended64.com
    > Blog | http://www.extended64.com/blogs/andre
    > http://spaces.msn.com/members/adacosta
    > FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    > "Don Burn" <> wrote in message
    > news:...
    >> If you are not aware of it Microsoft announced a change in its policy on
    >> drivers for 64-bit Vista last week. See the paper at
    >> http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx The
    >> change here is that prior to this while drivers needed to be signed an
    >> administrator could sign a driver for a computer or a domain.
    >>
    >> Many people in the driver development community are disturbed by this
    >> change since makes it harder for a small firm to ship and support
    >> drivers. In particular a lot of the freeware tools that have a kernel
    >> component will probably never make it to Vista 64-bit. Also, I know of
    >> small firms that are reconsidering their product plans for Vista. For
    >> those who want to see the discussion in the driver development community,
    >> go to
    >> http://www.osronline.com and sign up for the NTDEV newgroup, then look
    >> for "X64 Windows Vista to require signed drivers"
    >>
    >> At the end of the paper is the feedback email address for this stuff. If
    >> enough of
    >> us make rational comments to that address, Microsoft may realize there is
    >> a problem.
    >>
    >>
    >> --
    >> Don Burn (MVP, Windows DDK)
    >> Windows 2k/XP/2k3 Filesystem and Driver Consulting
    >> Remove StopSpam from the email to reply
    >>
    >>

    >
    >
     
    Don Burn, Jan 24, 2006
    #3
  4. Don Burn wrote:
    > Many people in the driver development community are disturbed by this change
    > since makes it harder for a small firm to ship and support drivers.


    While I agree with your scepticism, I am not sure which side will be
    harmed. The availibility of drivers is the number one problem of x64
    (and Vista x64), so making it hard to write new drivers seems
    counter-intuitive (for their purposes).

    I would like to see the video mirror driver from UltraVNC for x64, for
    example. So far, nobody has developed this yet. But if signed drivers
    are required, chances are that nobody *will* ever develop it.

    Thomas
     
    Thomas Steffen, Jan 24, 2006
    #4
  5. I was heavily involved in the Beta program for XP. I resigned because of my
    dislike for WPA. It has since turned out to do virtually nothing to stop
    piracy, and indeed has only been a red flag waved in front of the cracking
    community. Few software developers have felt either the need or the
    inclination to jump on the WPA bandwagon. Other than PhotoShop, no other
    software package is so heavily cracked than XP. Photoshop's attention in the
    community is due mainly to its overpricing.

    Now M$ is attempting to further alienate the developer community by going
    this route of requiring Versign ID's which cost small companies too much
    money for niche equipment. We may see the near disappearance of things like
    Finger Print scanners and Tablets etc.

    M$ may finally have gone too far. Between the numbers of people who are
    jumping ship to Linux, and the near lack of any REAL reason to switch to 64
    bit processing M$ may finally see "this dog won't hunt".

    I have a modern Asus PCI-e mobo, a dual core CPU and 2 gigs of dual channel
    ram and have been running xp64 for 5 months. Once every week or two I run it
    up, check out the latest updates from M$ and look for drivers (which I don't
    find). There is nothing for my APC UPS, Finger Print reader, DVD Burner,
    7in1 card reader, keyboard, Joystick, RAM driver, PGP driver, flatbed
    scanner etc etc etc etc ... When my six month trial run expires I'll be
    removing it from my drive. Too much inconvenience, with almost no support,
    for virtually NO gain.

    <off soapbox>


    "Don Burn" <> wrote in message
    news:...
    > Microsoft is not charging it, they are requiring a Versign ID. Verisign
    > charges this and does not allow individuals to get them only companies.
    > Many of the popular tools for Windows debugging and administration came
    > out of individuals, with this new policy the ability for a person to
    > create and distribute these is threatened.
    >
     
    Norman Brooks, Jan 24, 2006
    #5
  6. You do realize that WPA has nothing to do with driver signing, right?
     
    Homer J. Simpson, Jan 24, 2006
    #6
  7. If you know that you purchased Windows XP legally you should not have any
    concerns about activating it. If you are reinstalling it many times,
    somethings definitely wrong with your system or you need purchase an Open
    License.
    --
    --
    Andre
    Extended64 | http://www.extended64.com
    Blog | http://www.extended64.com/blogs/andre
    http://spaces.msn.com/members/adacosta
    FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    "Norman Brooks" <> wrote in message
    news:...
    >I was heavily involved in the Beta program for XP. I resigned because of my
    >dislike for WPA. It has since turned out to do virtually nothing to stop
    >piracy, and indeed has only been a red flag waved in front of the cracking
    >community. Few software developers have felt either the need or the
    >inclination to jump on the WPA bandwagon. Other than PhotoShop, no other
    >software package is so heavily cracked than XP. Photoshop's attention in
    >the community is due mainly to its overpricing.
    >
    > Now M$ is attempting to further alienate the developer community by going
    > this route of requiring Versign ID's which cost small companies too much
    > money for niche equipment. We may see the near disappearance of things
    > like Finger Print scanners and Tablets etc.
    >
    > M$ may finally have gone too far. Between the numbers of people who are
    > jumping ship to Linux, and the near lack of any REAL reason to switch to
    > 64 bit processing M$ may finally see "this dog won't hunt".
    >
    > I have a modern Asus PCI-e mobo, a dual core CPU and 2 gigs of dual
    > channel ram and have been running xp64 for 5 months. Once every week or
    > two I run it up, check out the latest updates from M$ and look for drivers
    > (which I don't find). There is nothing for my APC UPS, Finger Print
    > reader, DVD Burner, 7in1 card reader, keyboard, Joystick, RAM driver, PGP
    > driver, flatbed scanner etc etc etc etc ... When my six month trial run
    > expires I'll be removing it from my drive. Too much inconvenience, with
    > almost no support, for virtually NO gain.
    >
    > <off soapbox>
    >
    >
    > "Don Burn" <> wrote in message
    > news:...
    >> Microsoft is not charging it, they are requiring a Versign ID. Verisign
    >> charges this and does not allow individuals to get them only companies.
    >> Many of the popular tools for Windows debugging and administration came
    >> out of individuals, with this new policy the ability for a person to
    >> create and distribute these is threatened.
    >>

    >
     
    Andre Da Costa, Jan 24, 2006
    #7
  8. I suppose I could get sarcastic but what good would that do !

    My observation was that in spite of all objections M$ carried on with WPA.
    In spite of Windows x64 being out for more than TWO YEARS they just got
    around to writing their OWN mouse driver a week ago !

    I'm not a bean counter, but I expect the vast majority of M$ R&D right now
    is going into Vista and x64 and yet they are doing exactly the opposite of
    what made them so incredibly successful just 10 years ago. When Win95 hit
    the streets 10 years ago Aug/Sep they knocked themselves out make their
    product attractive to developers. Now it seems like they could care less.

    ..-.-. -.-


    "Homer J. Simpson" <root@127.0.0.1> wrote in message
    news:%...
    > You do realize that WPA has nothing to do with driver signing, right?
    >
    >
     
    Norman Brooks, Jan 25, 2006
    #8
  9. > You do realize that WPA has nothing to do with driver signing, right?

    And that Verisign is not the only Certificate Authority that can sell you a
    valid code signing certificate. And that the same certificate can be used to
    sign everything that company distributes during the lifetime of the
    certificate (typically 1-3 years). And that a code-signing certificate is
    exactly like an SSL certificate used for secure website hosting.

    The purpose of the code-signing certificate has nothing at all to do with
    piracy. It has everything to do with ensuring to users that the bits
    actually came from who they think it came from and ensuring
    developers/vendors that the users on the other end of the support
    call/e-mail actually have the bits you sent out. Microsoft Windows Vista
    relies heavily on code-signing to let users know when the bits they are
    running are verifiable vs when they are not precisely because the primary
    way that people get their system's hacked is by running software they think
    is from a trustable source but isn't, particularly for drivers.

    --
    Chuck Walbourn
    SDE, Windows Gaming & Graphics

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Chuck Walbourn [MSFT], Jan 25, 2006
    #9
  10. >I suppose I could get sarcastic but what good would that do !

    Aw, c'mon, this is Usenet... ;-)

    > My observation was that in spite of all objections M$ carried on with WPA.


    A few years back I firmly believed MS would have dropped WPA by the time SP1
    came out. I guess it's *just* effective enough to prevent neighbors from
    swapping CD, but that's really just about it...

    > In spite of Windows x64 being out for more than TWO YEARS they just got
    > around to writing their OWN mouse driver a week ago !


    XP x64 came out last...May? That's not two years. That's not even one
    year.

    Surely you're thinking of the IA-64 version--which has nothing to do with
    the x64 version we're discussing.

    As for mouse drivers...Are you talking about some 64-bit version of
    IntelliPoint? I've *never* installed any of that crap, either for x86 or
    x64. I've always used generic Microsoft mice, and they've always worked out
    of box just fine on either plaftorm without additional drivers and what-not.
    What value are you getting out of this mouse driver you're talking about?

    (I'm not being a smart-ass, I honestly want to know what mouse feature
    doesn't work without this driver)

    > I'm not a bean counter, but I expect the vast majority of M$ R&D right now
    > is going into Vista and x64 and yet they are doing exactly the opposite of
    > what made them so incredibly successful just 10 years ago. When Win95 hit
    > the streets 10 years ago Aug/Sep they knocked themselves out make their
    > product attractive to developers. Now it seems like they could care less.


    Personally...I'm all in favor of driver signing, and I can understand MS's
    goal. They're trying to build a stable OS, and bad drivers account for most
    BSODs. While I *fully* understand that a signed driver doesn't
    automatically make it bug-free (HA!), at least it'll stop any Joe Schmuck
    from publishing hacked drivers, and companies will be forced to get serious
    about hiring competent people to write drivers for them. And maybe
    ATI/Nvidia will stop releasing beta drivers weekly.

    If you want a wide open OS where anybody can take a piss in the
    pool...there's always Linux.

    All IMNSHO, of course... :)
     
    Homer J. Simpson, Jan 25, 2006
    #10
  11. Don Burn

    Don Burn Guest

    "Homer J. Simpson" <root@127.0.0.1> wrote in message
    > Personally...I'm all in favor of driver signing, and I can understand MS's
    > goal. They're trying to build a stable OS, and bad drivers account for
    > most BSODs. While I *fully* understand that a signed driver doesn't
    > automatically make it bug-free (HA!), at least it'll stop any Joe Schmuck
    > from publishing hacked drivers, and companies will be forced to get
    > serious about hiring competent people to write drivers for them. And
    > maybe ATI/Nvidia will stop releasing beta drivers weekly.
    >

    I concur with your thought but not the conclusion. This program does not
    require testing of the drivers, just signing them. 3rd party drivers are
    the biggest problem for the stability of Windows, but as you pointed out
    some large firms produce poor quality drivers, while some small shops have
    drivers that rarely if ever crash.


    --
    Don Burn (MVP, Windows DDK)
    Windows 2k/XP/2k3 Filesystem and Driver Consulting
    Remove StopSpam from the email to reply
     
    Don Burn, Jan 25, 2006
    #11
  12. Don Burn

    John Barnes Guest

    > (I'm not being a smart-ass, I honestly want to know what mouse feature
    > doesn't work without this driver)


    You can't program the various functions on a mouse with extended
    functionality. I don't personally use it, but use this type of flexability
    on the extended keyboard, so I understand why someone would want it. Having
    a mouse that facilitates the functions you use frequently in your daily
    operations is great. I use the built in back and forward functions a couple
    hundred times a day.
     
    John Barnes, Jan 25, 2006
    #12
  13. > I concur with your thought but not the conclusion. This program does not
    > require testing of the drivers, just signing them. 3rd party drivers are
    > the biggest problem for the stability of Windows, but as you pointed out
    > some large firms produce poor quality drivers, while some small shops have
    > drivers that rarely if ever crash.


    Typically drivers are signed as part of the WHQL process, so often a
    code-signed driver is tested more than one that is not. The core problem
    here is that many vendors are putting out 64-bit drivers at beta quality and
    then not getting around to finishing them...

    --
    Chuck Walbourn
    SDE, Windows Gaming & Graphics

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Chuck Walbourn [MSFT], Jan 25, 2006
    #13
  14. Don Burn

    Don Burn Guest

    Chuck,

    The problem here is that the new policy does nothing to require
    testing, but significantly impacts many firms ability to test. A lot of
    automated testing schemes are broken once Vista applies it new policy,
    because you have to have a person in place to handle the debugger, or to
    press F8.

    The message comming out of much of the driver community is, rather
    than run testing every night, since Microsoft broke our tools we will just
    test less!


    --
    Don Burn (MVP, Windows DDK)
    Windows 2k/XP/2k3 Filesystem and Driver Consulting
    Remove StopSpam from the email to reply


    "Chuck Walbourn [MSFT]" <> wrote in message
    news:43d7d3a7$...
    >> I concur with your thought but not the conclusion. This program does not
    >> require testing of the drivers, just signing them. 3rd party drivers are
    >> the biggest problem for the stability of Windows, but as you pointed out
    >> some large firms produce poor quality drivers, while some small shops
    >> have drivers that rarely if ever crash.

    >
    > Typically drivers are signed as part of the WHQL process, so often a
    > code-signed driver is tested more than one that is not. The core problem
    > here is that many vendors are putting out 64-bit drivers at beta quality
    > and then not getting around to finishing them...
    >
    > --
    > Chuck Walbourn
    > SDE, Windows Gaming & Graphics
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
     
    Don Burn, Jan 25, 2006
    #14
  15. "Homer J. Simpson" <root@127.0.0.1> wrote in message
    news:...
    > >I suppose I could get sarcastic but what good would that do !
    > >

    > As for mouse drivers...Are you talking about some 64-bit version of
    > IntelliPoint? I've *never* installed any of that crap, either for x86 or
    > x64. I've always used generic Microsoft mice, and they've always worked
    > out of box just fine on either plaftorm without additional drivers and
    > what-not. What value are you getting out of this mouse driver you're
    > talking about?


    Double click on the wheel. Can't live without it. I was using XMouse until
    last week.
    Just because you don't use something doesn't make it 'crap' !


    > (I'm not being a smart-ass, I honestly want to know what mouse feature
    > doesn't work without this driver)



    All the signing Certificate does is (as pointed out by my betters !) ensure
    that the driver comes from someone M$ knows. It means absolutely diddly
    squat about the effectiveness of the driver, its functionality or freedom
    from bugs. The DAY some software outfit gives me a "satisfaction guaranteed
    or your money refunded", I'll believe in the quality of their software
    engineers. As long as every EULA begins and ends with statements either
    exactly like or very similar to:

    "
    All software and accompanying written materials provided by the AUTHOR are
    provided "as is", without warranty of any kind. Further, the AUTHOR does not
    warrant, guarantee, or take any representations regarding the use, or the
    results of use, of the PRODUCTS or written materials in terms of accuracy,
    reliability, currentness or other such representations. The entire risk as
    to the results and performance of the software and accompanying
    documentation, is assumed by the USER. "

    Certificate authenticity for driver signing is just another money grab. Some
    of the best paid programmers in the world write the buggiest code in the
    world. As one sage says of M$ " Every time they kill a bug, two more show up
    at the funeral" !

    <off soapbox>
     
    Norman Brooks, Jan 26, 2006
    #15
  16. I was under the impression that this was controlled by a group policy
    setting in the OS. Is it not present? I'd suggest that you file a bug report
    to that effect. The plan of record is that unsigned drivers will be loadable
    with administrator privileges.

    On XP it's located at: gpedit.msc->Local Computer Policy->Computer
    Configuration->Windows Settings->Security Settings ->Local
    Policies->Security Options -> Devices:Unsigned driver installation behavior

    --
    Chuck Walbourn
    SDE, Windows Gaming & Graphics

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Chuck Walbourn [MSFT], Jan 26, 2006
    #16
  17. http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx

    There is a specific call out for developers as to how to disable this
    requirement as a boot option or by attaching a kernel debugger.

    --
    Chuck Walbourn
    SDE, Windows Gaming & Graphics

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Chuck Walbourn [MSFT], Jan 26, 2006
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U2NvdHQxOTY5?=

    Vista 64 bit Driver Signing

    =?Utf-8?B?U2NvdHQxOTY5?=, Feb 3, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    409
    =?Utf-8?B?U2NvdHQxOTY5?=
    Feb 3, 2007
  2. =?Utf-8?B?YnJvY2NvbGliZWVm?=

    Disabling Driver Signing Enforcement in Vista 64 bit

    =?Utf-8?B?YnJvY2NvbGliZWVm?=, Nov 8, 2007, in forum: Windows 64bit
    Replies:
    4
    Views:
    849
    =?Utf-8?B?YnJvY2NvbGliZWVm?=
    Nov 8, 2007
  3. Giuen
    Replies:
    0
    Views:
    1,444
    Giuen
    Sep 12, 2008
  4. Homer J. Simpson
    Replies:
    5
    Views:
    797
    Jim Barry
    Jan 19, 2009
  5. David B.
    Replies:
    0
    Views:
    529
    David B.
    Jan 20, 2009
Loading...

Share This Page