Signed drivers are a waste of time

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Aug 11, 2007.

  1. This latest flaw in a driver for Vista
    <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/> demonstrates
    how easy it is to subvert the whole signed driver concept without even
    trying. I don't understand why Microsoft even bothered with the idea: all
    it does is add to development and certification costs, and complicate the
    process of issuing updates, without really increasing security at all.
    Those who believe it makes their system more secure are just setting
    themselves up for a fall.
     
    Lawrence D'Oliveiro, Aug 11, 2007
    #1
    1. Advertising

  2. In message <f9jmo4$k0o$>, I wrote:

    > This latest flaw in a driver for Vista
    > <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/> demonstrates
    > how easy it is to subvert the whole signed driver concept without even
    > trying.


    More info here <http://blogs.zdnet.com/security/?p=438>: Microsoft can't
    revoke the certificate of the buggy driver the way they did with Atsiv,
    because that would bugger up half the Vista laptops out there.
     
    Lawrence D'Oliveiro, Aug 11, 2007
    #2
    1. Advertising

  3. Lawrence D'Oliveiro

    Fred Dagg Guest

    On Sat, 11 Aug 2007 19:01:40 +1200, Lawrence D'Oliveiro
    <_zealand> exclaimed:

    >This latest flaw in a driver for Vista
    ><http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/> demonstrates
    >how easy it is to subvert the whole signed driver concept without even
    >trying. I don't understand why Microsoft even bothered with the idea: all
    >it does is add to development and certification costs, and complicate the
    >process of issuing updates, without really increasing security at all.
    >Those who believe it makes their system more secure are just setting
    >themselves up for a fall.


    *Yawn*

    You really are quite pathetic, Lawrence.
     
    Fred Dagg, Aug 11, 2007
    #3
  4. On Sat, 11 Aug 2007 19:01:40 +1200, Lawrence D'Oliveiro wrote:

    > This latest flaw in a driver for Vista
    > <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/> demonstrates
    > how easy it is to subvert the whole signed driver concept without even
    > trying. I don't understand why Microsoft even bothered with the idea: all
    > it does is add to development and certification costs, and complicate the
    > process of issuing updates, without really increasing security at all.
    > Those who believe it makes their system more secure are just setting
    > themselves up for a fall.


    What it does is enable Micro$oft to control who can have signed drivers,
    and thus who can execute code in Kernel-space.

    What M$ should be doing is implementing userland drivers, rather than
    closed source third-party proprietary kernel-space drivers.

    That way M$ will be able to know exactly what code (only its own) is
    running in kernel space, and also, that way people will know that no code
    that was not examined and tested and approved by Micro$oft's own
    developers is in kernel space.

    And therefore, Micro$oft alone will be responsible for the security of the
    kernel, and for the security of the system's inter-process communication,
    and what processes access what devices at any given time.


    --
    Jonathan Walker

    "The IT industry landscape is littered with the dead
    dreams of people who once trusted Microsoft."
     
    Jonathan Walker, Aug 11, 2007
    #4
  5. Lawrence D'Oliveiro

    Cima Guest

    On 12 Aug 2007 08:30:50 +1200, Jonathan Walker <> wrote:

    >On Sat, 11 Aug 2007 19:01:40 +1200, Lawrence D'Oliveiro wrote:
    >
    >> This latest flaw in a driver for Vista
    >> <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/> demonstrates
    >> how easy it is to subvert the whole signed driver concept without even
    >> trying. I don't understand why Microsoft even bothered with the idea: all
    >> it does is add to development and certification costs, and complicate the
    >> process of issuing updates, without really increasing security at all.
    >> Those who believe it makes their system more secure are just setting
    >> themselves up for a fall.

    >
    >What it does is enable Micro$oft to control who can have signed drivers,
    >and thus who can execute code in Kernel-space.


    More importantly, why does he care? He don't use it, so why give a shit.
     
    Cima, Aug 12, 2007
    #5
  6. On Sun, 12 Aug 2007 11:18:43 +1200, Cima wrote:

    >>> This latest flaw in a driver for Vista
    >>> <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/>
    >>> demonstrates how easy it is to subvert the whole signed driver concept
    >>> without even trying. I don't understand why Microsoft even bothered
    >>> with the idea: all it does is add to development and certification
    >>> costs, and complicate the process of issuing updates, without really
    >>> increasing security at all. Those who believe it makes their system
    >>> more secure are just setting themselves up for a fall.

    >>
    >>What it does is enable Micro$oft to control who can have signed drivers,
    >>and thus who can execute code in Kernel-space.

    >
    > More importantly, why does he care? He don't use it, so why give a shit.


    Indeed - why care about why email servers get swamped with so many
    viruses taking up so much bandwidth causing so much caos and frustration,
    and downtime!


    --
    Jonathan Walker

    "The IT industry landscape is littered with the dead
    dreams of people who once trusted Microsoft."
     
    Jonathan Walker, Aug 12, 2007
    #6
  7. Lawrence D'Oliveiro

    thingy Guest

    Lawrence D'Oliveiro wrote:
    > This latest flaw in a driver for Vista
    > <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/> demonstrates
    > how easy it is to subvert the whole signed driver concept without even
    > trying. I don't understand why Microsoft even bothered with the idea: all
    > it does is add to development and certification costs, and complicate the
    > process of issuing updates, without really increasing security at all.
    > Those who believe it makes their system more secure are just setting
    > themselves up for a fall.


    More $ for MS....pure and simple...

    regards

    Thing
     
    thingy, Aug 12, 2007
    #7
  8. Lawrence D'Oliveiro

    Will Spencer Guest

    On Sun, 12 Aug 2007 11:18:43 +1200, Cima wrote:

    > On 12 Aug 2007 08:30:50 +1200, Jonathan Walker <> wrote:
    >
    >>On Sat, 11 Aug 2007 19:01:40 +1200, Lawrence D'Oliveiro wrote:
    >>
    >>> This latest flaw in a driver for Vista
    >>> <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/> demonstrates
    >>> how easy it is to subvert the whole signed driver concept without even
    >>> trying. I don't understand why Microsoft even bothered with the idea: all
    >>> it does is add to development and certification costs, and complicate the
    >>> process of issuing updates, without really increasing security at all.
    >>> Those who believe it makes their system more secure are just setting
    >>> themselves up for a fall.

    >>
    >>What it does is enable Micro$oft to control who can have signed drivers,
    >>and thus who can execute code in Kernel-space.

    >
    > More importantly, why does he care? He don't use it, so why give a shit.


    Negative campaigns never work. I used to be interested in Linux but decided
    I didn't want to be involved in an operating systems backed by Commies and
    raving lunatics like Lawrence and co. It was a turn off.

    -ws
     
    Will Spencer, Aug 13, 2007
    #8
  9. Lawrence D'Oliveiro

    Miguel Guest

    On Tue, 14 Aug 2007 10:17:14 +1200, Will Spencer wrote:

    > I used to be interested in Linux but
    > decided I didn't want to be involved in an operating systems backed by
    > Commies and raving lunatics like Lawrence and co. It was a turn off.
    >
    > -ws


    Just a suggestion but you really shouldn't make decisions based on how
    other people act or what other people say. Test drive the operating
    system yourself and then make your own decision as to its suitability. If
    it's not for you then fine.

    FWIW, this suggestion can also be used in conjunction with purchasing
    most major household appliances, new cars and potential spouses.

    Miguel
     
    Miguel, Aug 14, 2007
    #9
  10. In message <1ija8km5j25ys.1pzakfwscfzia$>, Will Spencer
    wrote:

    > On Sun, 12 Aug 2007 11:18:43 +1200, Cima wrote:
    >
    >> On 12 Aug 2007 08:30:50 +1200, Jonathan Walker <>
    >> wrote:
    >>
    >>>On Sat, 11 Aug 2007 19:01:40 +1200, Lawrence D'Oliveiro wrote:
    >>>
    >>>> This latest flaw in a driver for Vista
    >>>> <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/>
    >>>> demonstrates how easy it is to subvert the whole signed driver concept
    >>>> without even trying. I don't understand why Microsoft even bothered
    >>>> with the idea: all it does is add to development and certification
    >>>> costs, and complicate the process of issuing updates, without really
    >>>> increasing security at all. Those who believe it makes their system
    >>>> more secure are just setting themselves up for a fall.
    >>>
    >>>What it does is enable Micro$oft to control who can have signed drivers,
    >>>and thus who can execute code in Kernel-space.

    >>
    >> More importantly, why does he care? He don't use it, so why give a shit.

    >
    > Negative campaigns never work. I used to be interested in Linux but
    > decided I didn't want to be involved in an operating systems backed by
    > Commies and raving lunatics like Lawrence and co. It was a turn off.


    Odd, isn't it? I didn't make a single mention of Linux in my posting, yet
    people like you once again show the chip you have on your shoulder about
    this.
     
    Lawrence D'Oliveiro, Aug 14, 2007
    #10
  11. Lawrence D'Oliveiro

    Will Spencer Guest

    On Tue, 14 Aug 2007 13:05:36 +1200, Lawrence D'Oliveiro wrote:

    > In message <1ija8km5j25ys.1pzakfwscfzia$>, Will Spencer
    > wrote:
    >
    >> On Sun, 12 Aug 2007 11:18:43 +1200, Cima wrote:
    >>
    >>> On 12 Aug 2007 08:30:50 +1200, Jonathan Walker <>
    >>> wrote:
    >>>
    >>>>On Sat, 11 Aug 2007 19:01:40 +1200, Lawrence D'Oliveiro wrote:
    >>>>
    >>>>> This latest flaw in a driver for Vista
    >>>>> <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/>
    >>>>> demonstrates how easy it is to subvert the whole signed driver concept
    >>>>> without even trying. I don't understand why Microsoft even bothered
    >>>>> with the idea: all it does is add to development and certification
    >>>>> costs, and complicate the process of issuing updates, without really
    >>>>> increasing security at all. Those who believe it makes their system
    >>>>> more secure are just setting themselves up for a fall.
    >>>>
    >>>>What it does is enable Micro$oft to control who can have signed drivers,
    >>>>and thus who can execute code in Kernel-space.
    >>>
    >>> More importantly, why does he care? He don't use it, so why give a shit.

    >>
    >> Negative campaigns never work. I used to be interested in Linux but
    >> decided I didn't want to be involved in an operating systems backed by
    >> Commies and raving lunatics like Lawrence and co. It was a turn off.

    >
    > Odd, isn't it? I didn't make a single mention of Linux in my posting, yet
    > people like you once again show the chip you have on your shoulder about
    > this.


    I've managed to convince two Linux users to ditch it for Vista. I didn't
    bag Linux either, I just did a demo of what Vista can do. I hope to make it
    at least three by the end of the year.

    -ws
     
    Will Spencer, Aug 14, 2007
    #11
  12. Lawrence D'Oliveiro

    Shane Guest

    Will Spencer wrote:

    > On Tue, 14 Aug 2007 13:05:36 +1200, Lawrence D'Oliveiro wrote:
    >
    >> In message <1ija8km5j25ys.1pzakfwscfzia$>, Will Spencer
    >> wrote:
    >>
    >>> On Sun, 12 Aug 2007 11:18:43 +1200, Cima wrote:
    >>>
    >>>> On 12 Aug 2007 08:30:50 +1200, Jonathan Walker <>
    >>>> wrote:
    >>>>
    >>>>>On Sat, 11 Aug 2007 19:01:40 +1200, Lawrence D'Oliveiro wrote:
    >>>>>
    >>>>>> This latest flaw in a driver for Vista
    >>>>>> <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/>
    >>>>>> demonstrates how easy it is to subvert the whole signed driver
    >>>>>> concept without even trying. I don't understand why Microsoft even
    >>>>>> bothered with the idea: all it does is add to development and
    >>>>>> certification costs, and complicate the process of issuing updates,
    >>>>>> without really increasing security at all. Those who believe it makes
    >>>>>> their system more secure are just setting themselves up for a fall.
    >>>>>
    >>>>>What it does is enable Micro$oft to control who can have signed
    >>>>>drivers, and thus who can execute code in Kernel-space.
    >>>>
    >>>> More importantly, why does he care? He don't use it, so why give a
    >>>> shit.
    >>>
    >>> Negative campaigns never work. I used to be interested in Linux but
    >>> decided I didn't want to be involved in an operating systems backed by
    >>> Commies and raving lunatics like Lawrence and co. It was a turn off.

    >>
    >> Odd, isn't it? I didn't make a single mention of Linux in my posting, yet
    >> people like you once again show the chip you have on your shoulder about
    >> this.

    >
    > I've managed to convince two Linux users to ditch it for Vista. I didn't
    > bag Linux either, I just did a demo of what Vista can do. I hope to make
    > it at least three by the end of the year.
    >
    > -ws


    And I have several Vista users (per week) coming to me for help converting
    to Linux. Note: They converted themselves.
    --
    Q: Who knows everything there is to be known about vector analysis?
    A: The Oracle of del phi!
     
    Shane, Aug 14, 2007
    #12
  13. In message <om7avvqly96r.hsyov52sp5tm$>, Will Spencer wrote:

    > I've managed to convince two Linux users to ditch it for Vista.


    Did you tell them about the Vista DRM issue
    <http://www.pcworld.com/article/id,135814-pg,1/article.html>,
    <http://arstechnica.com/articles/culture/aacs-tentacles.ars>? Or did you
    cover it up?
     
    Lawrence D'Oliveiro, Aug 14, 2007
    #13
  14. Lawrence D'Oliveiro

    Rob S Guest

    Shane wrote:
    > Will Spencer wrote:
    >
    >> On Tue, 14 Aug 2007 13:05:36 +1200, Lawrence D'Oliveiro wrote:
    >>
    >>> In message <1ija8km5j25ys.1pzakfwscfzia$>, Will Spencer
    >>> wrote:
    >>>
    >>>> On Sun, 12 Aug 2007 11:18:43 +1200, Cima wrote:
    >>>>
    >>>>> On 12 Aug 2007 08:30:50 +1200, Jonathan Walker <>
    >>>>> wrote:
    >>>>>
    >>>>>> On Sat, 11 Aug 2007 19:01:40 +1200, Lawrence D'Oliveiro wrote:
    >>>>>>
    >>>>>>> This latest flaw in a driver for Vista
    >>>>>>> <http://www.theregister.co.uk/2007/08/10/ati_driver_snafu/>
    >>>>>>> demonstrates how easy it is to subvert the whole signed driver
    >>>>>>> concept without even trying. I don't understand why Microsoft even
    >>>>>>> bothered with the idea: all it does is add to development and
    >>>>>>> certification costs, and complicate the process of issuing updates,
    >>>>>>> without really increasing security at all. Those who believe it makes
    >>>>>>> their system more secure are just setting themselves up for a fall.
    >>>>>> What it does is enable Micro$oft to control who can have signed
    >>>>>> drivers, and thus who can execute code in Kernel-space.
    >>>>> More importantly, why does he care? He don't use it, so why give a
    >>>>> shit.
    >>>> Negative campaigns never work. I used to be interested in Linux but
    >>>> decided I didn't want to be involved in an operating systems backed by
    >>>> Commies and raving lunatics like Lawrence and co. It was a turn off.
    >>> Odd, isn't it? I didn't make a single mention of Linux in my posting, yet
    >>> people like you once again show the chip you have on your shoulder about
    >>> this.

    >> I've managed to convince two Linux users to ditch it for Vista. I didn't
    >> bag Linux either, I just did a demo of what Vista can do. I hope to make
    >> it at least three by the end of the year.
    >>
    >> -ws

    >
    > And I have several Vista users (per week) coming to me for help converting
    > to Linux. Note: They converted themselves.


    And I've had one switch back to XP after I had convinced her to switch
    to Linux. She couldn't do without Itunes which I couldn't get running
    reliably under Wine, and she didn't want the hassle involved in running
    XP under Vmware or suchlike. Now I have her ringing me about once a week
    asking why her pc is running really slow, or what to do when her home
    page gets hijacked. I've left her complete written instructions on
    security procedures, but as one of her favorite apps is Limewire,
    there's no way to keep everything out.


    --

    Rob
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    http://www.aspir8or.com
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


    When they broke open molecules, they found they were only stuffed with
    atoms. But when they broke open atoms, they found them stuffed with
    explosions.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     
    Rob S, Aug 14, 2007
    #14
  15. Lawrence D'Oliveiro

    Shane Guest

    Rob S wrote:

    > as one of her favorite apps is Limewire,
    > there's no way to keep everything out.
    >
    >


    By far and away the best way Ive found to 'help' such users is to bill
    them :)
    Nothing motivates change like a bill

    --
    Q: What is hallucinogenic and exists for every group with order divisible by
    p^k?
    A: A psilocybin p-subgroup.
     
    Shane, Aug 15, 2007
    #15
  16. Lawrence D'Oliveiro

    Rob S Guest

    Shane wrote:
    > Rob S wrote:
    >
    >> as one of her favorite apps is Limewire,
    >> there's no way to keep everything out.
    >>
    >>

    >
    > By far and away the best way Ive found to 'help' such users is to bill
    > them :)
    > Nothing motivates change like a bill
    >

    Family

    --

    Rob
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    http://www.aspir8or.com
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     
    Rob S, Aug 15, 2007
    #16
  17. Lawrence D'Oliveiro

    Fred Dagg Guest

    On Wed, 15 Aug 2007 07:59:46 +1200, Shane <-a-geek.net>
    exclaimed:

    >And I have several Vista users (per week) coming to me for help converting
    >to Linux. Note: They converted themselves.


    You're a liar, Shane.
     
    Fred Dagg, Aug 15, 2007
    #17
  18. Lawrence D'Oliveiro

    Fred Dagg Guest

    On Wed, 15 Aug 2007 10:31:31 +1200, Lawrence D'Oliveiro
    <_zealand> exclaimed:

    >In message <om7avvqly96r.hsyov52sp5tm$>, Will Spencer wrote:
    >
    >> I've managed to convince two Linux users to ditch it for Vista.

    >
    >Did you tell them about the Vista DRM issue
    ><http://www.pcworld.com/article/id,135814-pg,1/article.html>,
    ><http://arstechnica.com/articles/culture/aacs-tentacles.ars>? Or did you
    >cover it up?


    At least they can play protected Hidef content in Vista, not like
    Linux which can't play it at all...
     
    Fred Dagg, Aug 15, 2007
    #18
  19. Fred Dagg wrote:
    > On Wed, 15 Aug 2007 07:59:46 +1200, Shane <-a-geek.net>
    > exclaimed:
    >> And I have several Vista users (per week) coming to me for help converting
    >> to Linux. Note: They converted themselves.

    >
    > You're a liar, Shane.


    Classic.
     
    Mark Robinson, Aug 15, 2007
    #19
  20. Lawrence D'Oliveiro

    Fred Dagg Guest

    On Wed, 15 Aug 2007 13:33:45 +1200, Mark Robinson
    <2tod.net> exclaimed:

    >Fred Dagg wrote:
    >> On Wed, 15 Aug 2007 07:59:46 +1200, Shane <-a-geek.net>
    >> exclaimed:
    >>> And I have several Vista users (per week) coming to me for help converting
    >>> to Linux. Note: They converted themselves.

    >>
    >> You're a liar, Shane.

    >
    >Classic.


    Glad you liked it. Doesn't make it any less true.

    If he had said "several Windows users (per week)" I might have
    believed him (except for his general lack of credibility, of course),
    but I simply don't believe his claims of "several Vista users" per
    week.

    And the fact that he's a proven liar doesn't help, of course.
     
    Fred Dagg, Aug 15, 2007
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Neil
    Replies:
    10
    Views:
    758
    Rowdy Yates
    Jul 27, 2004
  2. Ad C

    VOIP seems a waste of time

    Ad C, Aug 5, 2005, in forum: UK VOIP
    Replies:
    232
    Views:
    3,851
  3. Andre Da Costa [Extended64]

    News: Windows Vista x64 To Require Signed Drivers

    Andre Da Costa [Extended64], Jan 22, 2006, in forum: Windows 64bit
    Replies:
    14
    Views:
    534
    @(none)
    Jan 24, 2006
  4. Kue2

    signed & unsigned drivers?

    Kue2, Aug 29, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    1,436
    Carlos
    Sep 1, 2007
  5. tom2218
    Replies:
    5
    Views:
    691
    Carlos
    Dec 17, 2007
Loading...

Share This Page