Slashdot Mirror


Windows XP To Block Use Of "Troublesome" Drivers

Johnno74 writes "According to this story on The Register, Windows XP rc2 now includes the ability for Microsoft to prevent users from installing certain device drivers. Sounds like a good idea? Well, apparently among the casualties are ZoneAlarm and BlackIce... Two popular free personal firewall products for windows. Guess What? XP includes its own firewall ... So you don't really need then anyway, right? The full details on how this works are in this 1mb word document on Microsoft's site.

The document details how XP will automatically download the latest drivers for your hardware from the windows update site, and more worringly, XP will reguarly update the list of blocked drivers from the site. Quote from the document:

&nbsp&nbsp&nbsp"On a related note, Windows XP provides the ability for Microsoft to receive crash dump data on specific drivers (i.e. when a user receives a blue screen, we upload that information for further analysis). When Microsoft reporting systems indicate crashes have exceeded a certain threshold, Microsoft will notify the Vendor that the device is being considered for the blocked driver list. If reports pass an even greater threshold, we will then flag that specific version of the driver as needing to be blocked."

Boy, The site that uploads that crash dump data (and whatever else it snags...) better have a lot of bandwidth... ;-) As The Register points out, this brings back memories of how Microsoft killed Caldera DR-DOS by deliberately crashing Windows 3.1 if you were running on DR-DOS -- for no reason other than forcing you to use MS-DOS."

Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.

12 of 562 comments (clear)

  1. Oh, god, no! by tulare · · Score: 3, Interesting

    After about the umpteenth million time that I've successfully used ZoneAlarm to block out some adware, or some s'kiddie trying to r00t my winbox, I'm what you'd call satisfied. Sure, That program causes some instability, but that's nothing compared to what would happen if my computer were a zombie. Presumably Microsoft expects me to trust their firewall to block out adware? Or to actually be secure? No thanks. XP is one "upgrade" this user won't be wasting time/money on.

    --
    political_news.c: warning: comparison is always true due to limited range of data type
    1. Re:Oh, god, no! by coolgeek · · Score: 4, Interesting
      Bottom line is that they are saying that vendors will need to upgrade their wares to be compliant with the new platform.

      Almost, but not quite. Yes, an app vendor needs to recompile/port/totally rewrite their 9x/NT application to get it running reliably under XP. That's not the issue. The issue is that M$ is now requiring that you certify your software under the XP logo program. This is cost-prohibitive for many companies, almost certainly excludes any GPL programs from running under windows, and it seems that an individual will be unable to author, compile and run a program on their own system!

      The only way to get your program into that list is to get the logo. This implies that the database will have to be refreshed on individual user's computers from time-to-time, so a new app when published, will fail to install on any computer that has not been refreshed recently. The user will not blame Microsoft for this, and will likely return the product to the store and buy the competing solution. Also, if you read the entire Register article, it mentions that ill behaved software will have their XP credentials yanked, if too much BSOD events are logged. If you've ever developed any Windows software, you know that Microsoft breaks plenty of API calls during rev-level releases, potentially causing a vendor's application to get blacklisted. Or from the conspiracy theory perspective, this becomes a new tool Microsoft can employ during the "extinguish" phase.

      --

      cat /dev/null >sig
  2. Re:The real reason for this: by JoeShmoe · · Score: 3, Interesting

    From the document:

    One of the valuable prevention features that have been added to Windows XP is the ability to block users from installing a particular version of a driver. Since the release of Windows 2000, Windows has had the ability to block installation of a driver through a Setupapi.dll check of known problem drivers. Windows XP adds the capability to update the list of problem drivers from Windows Update. Windows Update, independent of the access mechanism described above, automatically downloads this information.

    Read that...the list of drivers is controlled by a DLL that is updated by Microsoft. The information is automatically updated.

    If a user with administrative privileges has the device installed (or plugs an external peripheral into the PC), they will receive a balloon popup in the taskbar indicating that the driver has known problems and will not be loaded. When a user clicks on the balloon or notification icon, Help and Support Services will provide information on where to get an updated driver if information is available. Driver blocking is independent of whether the device is signed or not (i.e. Microsoft will block signed drivers that are known to have problems).

    So yes you are correct...it will be possible for 3rd parties to add in their own drivers...the catch being that Microsoft still retains control over them...even if they are signed (which most unofficial drivers aren't). All MS has to do is add the driver (probably DLL information?) to their list of "problem drivers" and they will be blocked.

    I don't know bout you...but that sounds like a perfect setup for MS to break practically any application they want at will on millions of PCs in a heartbeat. Brrrr.

    - JoeShmoe

    --
    -- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
  3. Re:zone alarm and xp rc 2 by cmat · · Score: 5, Interesting

    I another thing I dunno is how to turn off this "feature" in windows....

    Well, the thing is you can't turn this feature on or off... it's automatically running all the time in the back ground. And actually, it looks like it's geard to reducing the number of "unstable" drivers on your system. This may or may not be a good thing(tm), however, they did not mention in their reference document exactly how they are going to validate these "crash dumps" that will be sent back to them. They will need to validate these dumps somehow, or else you'll get a new kinda of DoS attack... one where a bunch of computers are crashed purposefully to generate dumps that seem to indicate that a particular driver is faulty. Then MicroSoft blocks this driver from ALL the installed XP user base and Wammo! Driver DoS :)

    BTW, I copyright that idea.... erm, yeah, whatever. ;) Cheers!

    --
    -- Humans, because the hardware IS the software.
  4. Re:Now make up your mind folks by shokk · · Score: 3, Interesting

    This is not about making things more stable. This is about squashing the competition by claiming that the product was defective. This is just a more brazen way of being anti-competition.

    My guess is with this kind of press, Microsoft is going to make the decision to punish them a lot easier for the government. It's transparent and no one is going to be fooled by it. This cannot be helping their case.

    --
    "Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
  5. Re:Microsoft Using OpenSource? by Zeinfeld · · Score: 3, Interesting
    My question is how much is microsoft actually comming up with themselves and how much are they hacking away from the opensource community? I heard that Active Directory is just bind with a microsoft twist to it. Is IIS just apache tweeked to hell and back?

    Active Directory is an LDAP interface, BIND is a DNS interface. Active Directory also provides DNS support but the underlying data model is LDAP and the probability that any BIND code would be useful is zero.

    At the time IIS first appeared Apache did not exist, it was still the NCSA Web server with a bunch of third party patches. Thau was still doing major surgery on the first release of Apache while I was running IIS in the office across the hall from him. IIS could conceivably contain some of the CERN Libwww code, but that was put in the public domain, it is not open source restricted. The Microsoft lawyers called up to ask what the status of the CERN code was before MSFT downloaded it.

    But still it is easier to make completely unsubstantiated allegations, admitting that you have no evidence apart from your belief that Microsoft >= absolute evil => If it is evil Microsoft must be doing it.

    Since you appear to be a Newbie Microsoft-basher I will help you with some hints:

    The Register article itself states that the blocking of the old incompatible application versions is taking place with the knowledge and co-operation of the companies themselves who are not complaining. Therefore Microsoft must bave blackmailed the companies into not complaining

    The mechanism is a blacklist that lists bad programs that cannot be run. Therefore Microsoft csn stop you running your own software by not including it on the blacklist.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  6. What's the difference? by Keeper · · Score: 3, Interesting

    When Mozilla receives n crash reports from a specific page, they don't block you from looking at the URL that crashed the browser. When Microsoft gets n crash reports from a certain program, they won't allow it to run. Of course, with Microsoft's dubious history, I'm *sure* that a perfectly good 3rd party application that works just fine won't be blocked ... rriiiiggghhttt....

  7. Re:Good! Finally we get rid of stupid "personal fw by svirre · · Score: 3, Interesting

    Are you opposed to traditional firewalls as well? While a personal firewall can't compete with a dedicated firewall it will still provide far better protection than a bare connection.

    While you can likely keep a machine free from trojans by beeing cautious of who you source your software from, there is still loads of spyware out there, some contained in quite useful apps.

    While you can say (/shout) "SHOULD NOT RUN PROGRAMS THEY DO NOT KNOW". In practice noone can know all the software they run, as this entails reading and understanding all source, as well as building from the ground up all software you use. Some trust must be applied, and when you trust you may be mistaken.

    A firewall app provedes an extra layer of security against your own erronous judgements (after all noone is perfect) as well an enable you to use and identify some spyware without sacrificing privacy (By blocking the spyware's channel to home)

  8. Re:Improve "reliability" by Dr.+Evil · · Score: 4, Interesting

    Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.

    Linux doesn't have this problem because there aren't too many vendors writing kernel modules.

    IMHO, it is a harsh solution for a bad problem. But I can't fault them -- I can't think of any other way of doing it... except maybe a "I forfeit support from MS, and accept the risks of running this driver" button.

    Remember too that MS has been responding to industry requests for privacy and control over updates. I imagine this will be among those tools with an option to point towards a privately run server. If not, corporate customers would have a fit. Just imagine being an IT manager finding out that Windows XP purged the video drivers from half your users in North America.

    On the other hand, the worse MS gets, the more sense Linux makes.

  9. The implications by Mihg · · Score: 3, Interesting

    I've seen lots of comments about how Microsoft is evil and is trying to eliminate all their competitors in the personal firewal market and how they are going to spy on what the users have installed and how they will block web sites a programs too, along with the drivers, but nobody seems to have realized the true implications of this modification to Windows, instead of all the paranoid stupidity.

    First of all, this provides another revenue stream for Microsoft. In order to get their the drivers marked as Windows XP Compatible (and the digital signature that goes along with this), hardware vendors will undoubtedly have to pay Microsoft some fee, whether it be for the signature itself or perhaps something slightly more useful (and less greedy), like paying Microsoft to do some testing on the drivers and then providing the certification.

    This isn't particularly bad (although, Microsoft is once again abusing its monopoly power to gain money, who else are the hardware companies going to make hardware for?).

    What does worry me is the fact that this provides an easy way for Microsoft to infulence hardware manufacturers. If they don'y follow Microsoft's "suggestions", the testing and certification could be "accidently" delayed, while all the hardware company's competitors deliver their products to market before them.

    What will those suggestions be?

    Probably something like "Hey, you know those weird communist hippy freaks who work on that evil anti-American OS called Linux? We want you to stop providing them with technical specifications and hardware drivers. Thanks, and have a nice day!"

  10. Re:Improve "reliability" by IvyMike · · Score: 3, Interesting

    Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.

    Here's a fix for this problem: MS requires all vendors (except for itself, of course) to open-source their drivers. THAT would be ironic.

  11. Re:A whole new Bred of Hacks! by Tackhead · · Score: 3, Interesting
    > First one to make Windows XP NOT ALLOW OFFICE XP TO RUN --->!!WINS!!

    1) Virus/worm.
    2) ...that randomly corrupts one or two bytes in a pointer table in a .DLL installed by Orifice XP...
    3) ...that modifies itself to change which bytes its children will corrupt before attempting to propagate...
    4) ...that securely deletes itself after propagating, leaving only the corrupted .DLL files or other internals.
    5) Bonus points for doing some RTM-Worm-like cross-platform magic and using r00t exploits to leave a reservoir of Linux boxen from which it can re-emerge after the publicity dies down.

    Good thing I'm not running XP. And never will.