OT: Signed drivers?
Sandman
"This driver isn't signed, do you still want to install it?" question
for every driver I install (even the latest NVIDIA drivers especially
for Vista).
So, what drivers *are* signed? Why isn't every driver signed? What use
is this warning if no drivers ar signed?
What's the point?
--
Sandman[.net]
Daniel Johnson
"Sandman" <m...@sandman.net> wrote in message
news:mr-04F26D.18...@News.Individual.NET...
> Having installed Vista Ultimate on my gaming PC, I am greeted by a
> "This driver isn't signed, do you still want to install it?" question
> for every driver I install (even the latest NVIDIA drivers especially
> for Vista).
Methinks you exaggerate slightly. :D
> So, what drivers *are* signed? Why isn't every driver signed? What use
> is this warning if no drivers ar signed?
Drivers from windows update are signed, at the least.
> What's the point?
If MS has its way, they will all be signed someday. 64-bit Vista
won't normally load unsigned drivers at all.
They say this is so you can't write a root kit without
also signing your name to the thing, as it were. We'll see.
Bill Riel
daniel...@vzavenue.net says...
Is there some sort of official database of authorized signatures or
something like that? Otherwise, I'm wondering what the point is...
--
Bill
Edwin
> In article <13etdegheaa5...@news.supernews.com>,
> danieljohn...@vzavenue.net says...
http://microsoft.mrmpslc.com/InnovateOnWindowsVista/
You're welcome.
Peter Hayes
Maybe I'm cynical, but it adds $$$ to Microsoft's coffers.
Other than that, there doesn't seem to be any benefit when you consider
anyone can "sign" their drivers.
There was a thread here a little while back that exposed the flaws in
the signing scheme.
--
Immunity is better than innoculation.
Peter
Edwin
> Sandman <m...@sandman.net> wrote:
> > Having installed Vista Ultimate on my gaming PC, I am greeted by a
> > "This driver isn't signed, do you still want to install it?" question
> > for every driver I install (even the latest NVIDIA drivers especially
> > for Vista).
>
> > So, what drivers *are* signed? Why isn't every driver signed? What use
> > is this warning if no drivers ar signed?
>
> > What's the point?
>
> Maybe I'm cynical, but it adds $$$ to Microsoft's coffers.
Kewl!
> Other than that, there doesn't seem to be any benefit when you consider
> anyone can "sign" their drivers.
Maccie declares "Digital signatures have no benefit!" Film at
eleven.
> There was a thread here a little while back that exposed the flaws in
> the signing scheme.
Lack of references noted.
MuahMan
Every Nvidia driver is signed unless you are using a Beta driver. Signed
means it's passed MSFTs tests.
P.S. If you could get an real video cards for the Mac they would need
drivers too.
Sandman
"MuahMan" <mua...@aol.com> wrote:
> "Sandman" <m...@sandman.net> wrote in message
> news:mr-04F26D.18...@News.Individual.NET...
> > Having installed Vista Ultimate on my gaming PC, I am greeted by a
> > "This driver isn't signed, do you still want to install it?" question
> > for every driver I install (even the latest NVIDIA drivers especially
> > for Vista).
> >
> > So, what drivers *are* signed? Why isn't every driver signed? What use
> > is this warning if no drivers ar signed?
> >
> > What's the point?
> >
> > --
> > Sandman[.net]
>
>
> Every Nvidia driver is signed unless you are using a Beta driver. Signed
> means it's passed MSFTs tests.
I had to update the driver when installing Bioshock. It never said
whether it was a beta driver.
> P.S. If you could get an real video cards for the Mac they would need
> drivers too.
Who has claimed that a graphics card for the Mac doesn't need drivers,
Brian?
--
Sandman[.net]
Sandman
"Daniel Johnson" <daniel...@vzavenue.net> wrote:
> > Having installed Vista Ultimate on my gaming PC, I am greeted by a
> > "This driver isn't signed, do you still want to install it?" question
> > for every driver I install (even the latest NVIDIA drivers especially
> > for Vista).
>
> Methinks you exaggerate slightly. :D
I've installed three drivers and seen three such notifications. Where
is the exaggeration?
> > So, what drivers *are* signed? Why isn't every driver signed? What use
> > is this warning if no drivers ar signed?
>
> Drivers from windows update are signed, at the least.
But no others?
> > What's the point?
>
> If MS has its way, they will all be signed someday. 64-bit Vista
> won't normally load unsigned drivers at all.
Ouch. So you can't run the latest Nvidia drivers if you have 64-bit
Windows? That's pretty insane.
> They say this is so you can't write a root kit without
> also signing your name to the thing, as it were. We'll see.
Driver signing is something new? Hasn't WXP had this for years as well?
--
Sandman[.net]
Sandman
Edwin <thor...@juno.com> wrote:
> > > They say this is so you can't write a root kit without
> > > also signing your name to the thing, as it were. We'll see.
> >
> > Is there some sort of official database of authorized signatures or
> > something like that? Otherwise, I'm wondering what the point is...
>
> http://microsoft.mrmpslc.com/InnovateOnWindowsVista/
>
> You're welcome.
I couldn't find the list on that page... What do I click?
--
Sandman[.net]
Daniel Johnson
> In article <13etdeg...@news.supernews.com>,
> "Daniel Johnson" <daniel...@vzavenue.net> wrote:
>
>> Methinks you exaggerate slightly. :D
>
> I've installed three drivers and seen three such notifications. Where
> is the exaggeration?
That's all? That's enough to send you to c.s.m.advocacy to complain?
>> > So, what drivers *are* signed? Why isn't every driver signed? What use
>> > is this warning if no drivers ar signed?
>>
>> Drivers from windows update are signed, at the least.
>
> But no others?
Some others. Anything that passes WHQL testing has
to be signed, for one thing.
>> > What's the point?
>>
>> If MS has its way, they will all be signed someday. 64-bit Vista
>> won't normally load unsigned drivers at all.
>
> Ouch. So you can't run the latest Nvidia drivers if you have 64-bit
> Windows? That's pretty insane.
It is possible to sign a driver without passing WHQL testing;
but it's up to NVidia to do it.
>> They say this is so you can't write a root kit without
>> also signing your name to the thing, as it were. We'll see.
>
> Driver signing is something new? Hasn't WXP had this for years as well?
It has. But Windows XP doesn't enforce it; you can still install
unsigned drivers, and sometimes vendors will even use cheap tricks
to bypass the 'this isn't signed' dialog.
Sandman
"Daniel Johnson" <daniel...@vzavenue.net> wrote:
> >> Methinks you exaggerate slightly. :D
> >
> > I've installed three drivers and seen three such notifications. Where
> > is the exaggeration?
>
> That's all? That's enough to send you to c.s.m.advocacy to complain?
Huh? What have I complained about? Are you *already* down there making
up positions for me?
I noted that none of the drivers I installed where signed and I didn't
see the point of having signed drivers if none are signed. To you,
this is me "complaining" about something. Truly hilarious.
> >> > So, what drivers *are* signed? Why isn't every driver signed? What use
> >> > is this warning if no drivers ar signed?
> >>
> >> Drivers from windows update are signed, at the least.
> >
> > But no others?
>
> Some others. Anything that passes WHQL testing has
> to be signed, for one thing.
Examples?
> >> > What's the point?
> >>
> >> If MS has its way, they will all be signed someday. 64-bit Vista
> >> won't normally load unsigned drivers at all.
> >
> > Ouch. So you can't run the latest Nvidia drivers if you have 64-bit
> > Windows? That's pretty insane.
>
> It is possible to sign a driver without passing WHQL testing;
> but it's up to NVidia to do it.
So anyone can sign their drivers? That seems weird?
> >> They say this is so you can't write a root kit without
> >> also signing your name to the thing, as it were. We'll see.
> >
> > Driver signing is something new? Hasn't WXP had this for years as well?
>
> It has. But Windows XP doesn't enforce it; you can still install
> unsigned drivers, and sometimes vendors will even use cheap tricks
> to bypass the 'this isn't signed' dialog.
Windows Vista 32bit doesn't seem to enforce it either...
--
Sandman[.net]
Daniel Johnson
> In article <13etj4h...@news.supernews.com>,
> "Daniel Johnson" <daniel...@vzavenue.net> wrote:
>
>> That's all? That's enough to send you to c.s.m.advocacy to complain?
>
> Huh? What have I complained about? Are you *already* down there making
> up positions for me?
Well, I was trying to get a head start. :D
[snip]
>> Some others. Anything that passes WHQL testing has
>> to be signed, for one thing.
>
> Examples?
Everything that passes WHQL testing. Anything you can download
from Windows Update, for instance.
[snip]
>> It is possible to sign a driver without passing WHQL testing;
>> but it's up to NVidia to do it.
>
> So anyone can sign their drivers? That seems weird?
It isn't. It is perfectly ordinary. Just plain ordinary digital
signatures.
[snip]
>> It has. But Windows XP doesn't enforce it; you can still install
>> unsigned drivers, and sometimes vendors will even use cheap tricks
>> to bypass the 'this isn't signed' dialog.
>
> Windows Vista 32bit doesn't seem to enforce it either...
Correct. There are just huge numbers of old 32-bit drivers
that are not signed, and will never be signed.
MS hopes the 64-bit transition will be an easy time
to change over to signed drivers: you need new drivers
anyway.
Alan Baker
> "Sandman" <m...@sandman.net> wrote in message
> news:mr-04F26D.18...@News.Individual.NET...
> > Having installed Vista Ultimate on my gaming PC, I am greeted by a
> > "This driver isn't signed, do you still want to install it?" question
> > for every driver I install (even the latest NVIDIA drivers especially
> > for Vista).
> >
> > So, what drivers *are* signed? Why isn't every driver signed? What use
> > is this warning if no drivers ar signed?
> >
> > What's the point?
> >
> > --
> > Sandman[.net]
>
>
> Every Nvidia driver is signed unless you are using a Beta driver. Signed
> means it's passed MSFTs tests.
Really?
Where does it say that?
>
> P.S. If you could get an real video cards for the Mac they would need
> drivers too.
--
Alan Baker
Vancouver, British Columbia
"If you raise the ceiling four feet, move the fireplace from that wall
to that wall, you'll still only get the full stereophonic effect if you
sit in the bottom of that cupboard."
Tim Murray
>> There was a thread here a little while back that exposed the flaws in
>> the signing scheme.
>
> Lack of references noted.
>
Using shitty Google and a lack of skills at finding anything noted: It's in
the thread "Thank God for Winblows"
Tim Murray
> If you could get an real video cards for the Mac they would need
> drivers too.
All hardware like keyboards, video, screens, and so on and so forth uses some
form of driver, you idiot.
Steve de Mena
>
> "Sandman" <m...@sandman.net> wrote in message
> news:mr-04F26D.18...@News.Individual.NET...
>> Having installed Vista Ultimate on my gaming PC, I am greeted by a
>> "This driver isn't signed, do you still want to install it?" question
>> for every driver I install (even the latest NVIDIA drivers especially
>> for Vista).
>
> Methinks you exaggerate slightly. :D
>
>> So, what drivers *are* signed? Why isn't every driver signed? What use
>> is this warning if no drivers ar signed?
>
> Drivers from windows update are signed, at the least.
>
>> What's the point?
>
> If MS has its way, they will all be signed someday. 64-bit Vista
> won't normally load unsigned drivers at all.
It won't un-normally either. Signing is mandatory in 64 bit Vista.
Steve
Steve de Mena
XP can be configured to require signed drivers. This is in the
registry & can be configured with a Group Policy.
Steve
MuahMan
"Tim Murray" <no-...@thankyou.com> wrote in message
news:9qGHi.72835$Lu.3...@bignews8.bellsouth.net...
You use a Mac. You are not allowed to call anyone an idiot.
Tim Murray
>
> "Tim Murray" <no-...@thankyou.com> wrote in message
> news:9qGHi.72835$Lu.3...@bignews8.bellsouth.net...
>> On Sep 17, 2007, MuahMan wrote:
>>> If you could get an real video cards for the Mac they would need drivers
>>> too.
>>
>> All hardware like keyboards, video, screens, and so on and so forth uses
>> some form of driver, you idiot.
>>
>
> You use a Mac. You are not allowed to call anyone an idiot.
>
Says the one who doesn't know a darned thing about drivers.
MuahMan
Says the one who doesn't know a darned thing about computers as is evidenced
by him using a Mac.
Sandman
"Daniel Johnson" <daniel...@vzavenue.net> wrote:
> >> That's all? That's enough to send you to c.s.m.advocacy to complain?
> >
> > Huh? What have I complained about? Are you *already* down there making
> > up positions for me?
>
> Well, I was trying to get a head start. :D
If you weren't always lying about things I might give your opinions
more credibility, Daniel.
> >> Some others. Anything that passes WHQL testing has
> >> to be signed, for one thing.
> >
> > Examples?
>
> Everything that passes WHQL testing. Anything you can download
> from Windows Update, for instance.
THose wouldn't be parts of "some others", which were drivers that
weren't from windows update.
> >> It has. But Windows XP doesn't enforce it; you can still install
> >> unsigned drivers, and sometimes vendors will even use cheap tricks
> >> to bypass the 'this isn't signed' dialog.
> >
> > Windows Vista 32bit doesn't seem to enforce it either...
>
> Correct. There are just huge numbers of old 32-bit drivers
> that are not signed, and will never be signed.
>
> MS hopes the 64-bit transition will be an easy time
> to change over to signed drivers: you need new drivers
> anyway.
Ah
--
Sandman[.net]
Sandman
"MuahMan" <mua...@aol.com> wrote:
> "Tim Murray" <no-...@thankyou.com> wrote in message
> news:hfJHi.52660$Y7.2...@bignews3.bellsouth.net...
> > On Sep 17, 2007, MuahMan wrote:
> >>
> >> "Tim Murray" <no-...@thankyou.com> wrote in message
> >> news:9qGHi.72835$Lu.3...@bignews8.bellsouth.net...
> >>> On Sep 17, 2007, MuahMan wrote:
> >>>> If you could get an real video cards for the Mac they would need
> >>>> drivers
> >>>> too.
> >>>
> >>> All hardware like keyboards, video, screens, and so on and so forth uses
> >>> some form of driver, you idiot.
> >>>
> >>
> >> You use a Mac. You are not allowed to call anyone an idiot.
> >>
> >
> > Says the one who doesn't know a darned thing about drivers.
> >
>
> Says the one who doesn't know a darned thing about computers as is evidenced
> by him using a Mac.
So... what's your excuse? :-D
--
Sandman[.net]
Edwin
> In article <1190050903.715168.182...@w3g2000hsg.googlegroups.com>,
>
> Edwin <thorn...@juno.com> wrote:
> > > > They say this is so you can't write a root kit without
> > > > also signing your name to the thing, as it were. We'll see.
>
> > > Is there some sort of official database of authorized signatures or
> > > something like that? Otherwise, I'm wondering what the point is...
>
> >http://microsoft.mrmpslc.com/InnovateOnWindowsVista/
>
> > You're welcome.
>
> I couldn't find the list on that page... What do I click?
Help for your Web browser.
You're welcome.
Sandman
Edwin <thor...@juno.com> wrote:
It didn't mention where I would click on that page to find the list.
Where do I click?
--
Sandman[.net]
Alan Baker
Edwin <thor...@juno.com> wrote:
> On Sep 17, 12:43 pm, notinu...@btinternet.com (Peter Hayes) wrote:
> > Sandman <m...@sandman.net> wrote:
> > > Having installed Vista Ultimate on my gaming PC, I am greeted by a
> > > "This driver isn't signed, do you still want to install it?" question
> > > for every driver I install (even the latest NVIDIA drivers especially
> > > for Vista).
> >
> > > So, what drivers *are* signed? Why isn't every driver signed? What use
> > > is this warning if no drivers ar signed?
> >
> > > What's the point?
> >
> > Maybe I'm cynical, but it adds $$$ to Microsoft's coffers.
>
> Kewl!
>
> > Other than that, there doesn't seem to be any benefit when you consider
> > anyone can "sign" their drivers.
>
> Maccie declares "Digital signatures have no benefit!" Film at
> eleven.
"Edwin makes a claim that has no basis in the previous statement"
>
> > There was a thread here a little while back that exposed the flaws in
> > the signing scheme.
>
> Lack of references noted.
--
kangaro...@yahoo.co.uk
seem to have had no problems with installation, nvidia also seem to be
some of the best supported drivers around (or the most numerous). The
link is on the left. The certification means the driver has been
tested by windows, that's all as far as i can see, and requires you to
buy a copy of vista ;)... maybe just to up their sales... Also, I
wouldn't like to be too cynical, but i suspect you have to pay more
for the colour sticker over the grey one.
Ian
--
michelle ronn
> Having installed Vista Ultimate on my gaming PC, I am greeted by a
> "This driver isn't signed, do you still want to install it?" question
> for every driver I install (even the latest NVIDIA drivers especially
> for Vista).
>
> So, what drivers *are* signed? Why isn't every driver signed? What use
> is this warning if no drivers ar signed?
>
> What's the point?
Driver signing came about because Alchin (who ran the Windows org at
the time) got sick of 3rd party kernel level drivers crashing the OS.
Video drivers were some of the worst culprits.
In the beginning, you ran your driver code against a test suite, then
uploaded it to Microsoft and paid them a fee. They would run more
tests, and then issue you a signature if it all passed.
The idea was that the OS would either 1) not load an unsigned driver,
or 2) warn the user that the driver was not signed, and let the user
decide.
This reduced crashes substantially, and ensured that 3rd party kernel
level code met at least some sort of quality bar.
Not a perfect solution, but it did improve 3rd party driver quality for
Windows substantially.
I think Apple could benefit quite a bit with a similar program for OS X.
Snit
2007092821022150073-completelyinvalid@boguscom on 9/28/07 9:02 PM:
All well and good - but that does not answer the question. If few drivers
are signed, even by "good" companies, then the signing process is useless.
--
Facts do not cease to exist because they are ignored.
--Aldous Huxley
michelle ronn
Most of the drivers that I deal with are signed.
The network that I use at the office also has the system policies set
to only allow signed drivers. We probably get away with this because we
only have tier 1 hardware, and Dell gear. Not so sure I could do this
if we had a bunch of home built equipment.
My understanding is that MSFT does not allow many companies to self
sign, only companies they trust. This may have changed in the past few
years, but they used to be really strict about signature
qualifications. Don't pass their test at their facility, no cert.