|Driver Signing To Be Enforced In Next Windows 10|
|Written by Mike James|
|Wednesday, 27 July 2016|
The control of what software users can run on their machines is becoming ever tighter. Now Microsoft has announced that only signed drivers will work in the next release of Windows 10.
Before you start to panic about backward compatibility with existing drivers the lockdown is only going to be enforced on new installations of Windows 10. If you simply upgrade an existing system then the OS will take over the drivers that are already installed.
Microsoft cannot take the chance that lots of people suddenly discover that their machines no longer work because an existing driver is rejected, so what if they are running with compromised systems! Only new installations, i.e. installing all drivers from scratch, will enforce the new rules from Windows 10 version 1607.
To quote from the Hardware Certification Blog:
"We’re making these changes to help make Windows more secure. These changes limit the risk of an end-user system being compromised by malicious driver software."
So if you are already compromised - tough.
You can see the rationale, however. Since Windows 10 was announced all drivers have had to be submitted to the Windows Hardware Developer Center to be digitally signed by Microsoft.
Even so I would bet that you have encountered unsigned drivers recently. The reason is probably that it costs too much to go through the hoopla of getting a driver for budget hardware certified. There are conspiracy theorists who propose that it isn't the cost, but simply that driver writers are always including malware in their drivers - especially if they are from China.
Be warned, if you need to do a fresh install of Windows 10 in the future you might find that your existing drivers are rejected.
What about testing?
If you have a system that can turn Secure Boot off then this allows cross signed drivers to be used. More realistically you can use a self signed certificate if you set up a test machine, which still has to have secure boot off, and install the drivers using a utility.
I think the last word has to go to xkcd:
It seems that now they can't even install drivers with your permission - it's Microsoft's permission that counts.
Fear and Loathing In The App Store
or email your comment to: firstname.lastname@example.org
|Last Updated ( Wednesday, 27 July 2016 )|