| By Scott Dunn |
To back up its claims that Windows Vista is “the safest version of Windows ever,” Microsoft requires developers to use digital signatures on all 64-bit drivers for Vista.
This requirement, far from making the new operating system safer, actually does little to stop hackers but may be partially responsible for a shortage of drivers that are needed by Vista users.
Why digital signing matters to you
To create a driver for the 64-bit version of Vista, a software developer first obtains a Class 3 software-publishing certificate from an approved Microsoft certificate authority (such as VeriSign). That certificate is then used to digitally “sign” (apply identifying code) to the product. The certifying authority is supposed to require identification and do the necessary research to make sure the driver comes from a legitimate applicant.
Drivers often need to operate at what is called the kernel level — the very core of the operating system. The privileged nature of the kernel means that it needs special protection. Any compromise to the kernel can potentially bring down the entire system. Consequently, Microsoft is anxious to protect the kernel, especially since “rootkits” can use drivers and kernel-level software to hide from the operating system.
There’s another reason Microsoft is anxious to secure this key part of Vista, however. The company is promoting Digital Rights Management (DRM), which is used by copyright holders to restrict the use of content. Because Microsoft wants Vista positioned as a platform that is safe for protected content, it needs its operating system to stop hacker code from intercepting media streams. Software could, for example, redirect music from a PC’s sound card and send it to the hard disk instead.
How driver signing works
Digital signing seeks to make visible the source of kernel-mode software. If the 64-bit version of Vista determines that a 64-bit driver doesn’t have a signature from an accepted authority, the operating system will prevent it from loading.
But, of course, once a certificate is issued, it’s somewhat out of the hands of the trusted certificate authority. A vendor with a valid certificate could still produce buggy or malicious code using the certificate, or sell it to someone else who could. More likely, a stolen certificate could be published on the Web and used by hackers to produce their own brand of malware.