Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista DRM Prevents Kernel Tampering

Posted by ryuzaki0 on from the in-theory-anyway dept.

mjdroner writes "A ZDNet blog reports on a new DRM feature for Vista that 'protects' the kernel from tampering. The blog quotes a Microsoft document: 'Code (CI) protects Windows Vista by verifying that system binaries haven't been tampered with by malicious code and by ensuring that there are no unsigned drivers running in kernel mode on the system.' The blog says that much of the DRM in Vista is simply a port from XP, but that this feature is new to the OS."

8 of 428 comments (clear)

  1. Coercion? by P(0)(!P(k)+P(k+1)) · · Score: 5, Interesting
    From a related article:
    Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. [] This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities.
    Does this amount to indirect coercion? In XP, if I remember, unsigned drivers were allowed to run unhindered with loud information dialogs.
    1. Re:Coercion? by Tackhead · · Score: 5, Interesting
      > By allowing only signed drivers it will make it harder for root kit crackers. I don't think there are many voluntaires that write device drivers for Windows in the first place, so the requirement that only companies can get a Publisher Identity Certificate is not that big a loss. The cost of $500 a year is not much for a company, anyway.

      The cost of $500 a year is also not much for the Russian mob, or any other bunch of fuckweasels that want to sponsor the creation of a rootkit.

    2. Re:Coercion? by Keith+Russell · · Score: 4, Interesting

      Nothing has changed for user-mode drivers. You'll still get the same old nagging wave-through dialog for unsigned drivers, now with added UAC screen flickering.

      Signatures are only required for kernel-mode drivers. In 64-bit Vista, it's a hard limit: No signature, no load, period. In 32-bit, you'll get the same UAC/nag dialog as user-mode drivers. The only time you'll be affected by the lack of signatures in 32-bit Vista is when you try to play back all those awesome Blu-Ray and HD-DVD movies you've been clamoring for on your shiny new HDCP-compliant flat panel monitor. </sarcasm>

      Reminder: Video drivers are user-mode in Vista.

      --
      This sig intentionally left blank.
    3. Re:Coercion? by Jugalator · · Score: 3, Interesting

      If the OpenVPN drivers aren't signed, they may not install whatsoever on Windows Vista 64-bit. Vista 64 will simply not accept unsigned kernel-mode drivers at all anymore. I believe XP did, just after having displayed a dialog box with a lot of bolded text in it. I'm not sure what will happen as for Vista 32-bit.

      The information here also tell that drivers that load at boot time must contain a digital signature (I'm talking regardless of 32/64-bit platform now). There's also other cases where a signature is required, and in all these cases it has to be from an authority "Windows trusts" (read: Microsoft).

      While this "combats open source", it's really just the certification authority where "money = trustworthiness" stupidity applied all over. They made VeriSign et al. grow big, and now Microsoft will try to grow big(ger) using the same idea. Microsoft will defend themselves with that they can't let just about any authority without insight in how Windows works and lacking Microsoft's guidance to sign because then they could sign code that did harm to Windows. I guess both are kind of right.

      --
      Beware: In C++, your friends can see your privates!
  2. Not all drivers by Tony+Hoyle · · Score: 4, Interesting

    Minifilter drivers don't have to be signed (at least in RC1 which is the last version I tried). That of course means you can get into ring 0 with a loadable driver - all that's needed is admin rights.

    Modfying the kernel after that is just a matter of working out which bits (kill the code that checksums the binaries first, etc.)

    1. Re:Not all drivers by Viraptor · · Score: 3, Interesting

      *COUGH*pagefile attack*COUGH*
      No info about rc2 yet, but if they didn't want to correct it in rc1, then... who knows...

  3. Re:Many classes of software are affected by shmlco · · Score: 4, Interesting

    So? Half the things you mention are also things viruses and trojans do for a living, and unfortunately users tend to approve any message generated by the system, "Are you sure you want to install the game you just downloaded?"

    It's easy to shit on an idea, but the core components of a system need to be protected somehow, and while I hear a lot of whinning what I DON'T hear is anyone offering a better solution to the problem.

    If someone really wants to build one of the things you mention then they'll pay the frieght. And Vista isn't open source.

    --
    Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
  4. Re:Quis custodiet ipsos custodes by dreamlax · · Score: 3, Interesting

    At some time during execution of the validation process, the CPU computates a yes or no answer based on a number of bytes of input. Whether or not there is a validator for the validator is not known, but you can simply disassemble both of them, NOP out the entire validating sub-routine (or figure out which result is 'yes'), and voila. Well, it won't be this simple, the validation will probably be deliberately complicated, but the result os always the same, "no, not valid", or "yes, run it in kernel mode".

    Disassembling binaries isn't the nicest thing to do. I've done it once or twice to bypass software registration, it took me a long while (days). There are professionals out there, though, that do this sort of stuff as a hobby. For them, it may not be so difficult.