Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista DRM Prevents Kernel Tampering

Posted by ryuzaki0 on from the in-theory-anyway dept.

mjdroner writes "A ZDNet blog reports on a new DRM feature for Vista that 'protects' the kernel from tampering. The blog quotes a Microsoft document: 'Code (CI) protects Windows Vista by verifying that system binaries haven't been tampered with by malicious code and by ensuring that there are no unsigned drivers running in kernel mode on the system.' The blog says that much of the DRM in Vista is simply a port from XP, but that this feature is new to the OS."

10 of 428 comments (clear)

  1. Coercion? by P(0)(!P(k)+P(k+1)) · · Score: 5, Interesting
    From a related article:
    Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft. [] This costs $500 [EUR 412] per year, and as the name implies, is only available to commercial entities.
    Does this amount to indirect coercion? In XP, if I remember, unsigned drivers were allowed to run unhindered with loud information dialogs.
    1. Re:Coercion? by perlchild · · Score: 5, Insightful

      It does contribute to fighting open source, any way you look at it. I'm using a tap driver from the openvpn project, it isn't signed, and I don't know for sure, but I don't remember openvpn being a commercial entity. However, I'm not current enough in vista to know if they couldn't just get out of the kernel, and move to user-space for the required features.

    2. Re:Coercion? by Tackhead · · Score: 5, Interesting
      > By allowing only signed drivers it will make it harder for root kit crackers. I don't think there are many voluntaires that write device drivers for Windows in the first place, so the requirement that only companies can get a Publisher Identity Certificate is not that big a loss. The cost of $500 a year is not much for a company, anyway.

      The cost of $500 a year is also not much for the Russian mob, or any other bunch of fuckweasels that want to sponsor the creation of a rootkit.

    3. Re:Coercion? by Aladrin · · Score: 5, Insightful

      I totally disagree. You are assuming they have a commercial application in mind. What about someone who wants to write drivers for their new hardware they just built by hand? They shouldn't be required to go through this.

      It doesn't matter, though, because if you make it too hard to write software for Windows, people will stop. They'll find another platform that is more enticing to them. It won't happen immediately, of course. But it'll happen.

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    4. Re:Coercion? by x_MeRLiN_x · · Score: 5, Informative

      Oh, but it will. You just have to press F8 during boot and select the appropriate option in order to install unsigned drivers as I found out when installing my Creative 5.1 drivers.

  2. Re:innovative by EvanED · · Score: 5, Insightful

    What makes Sony's legitimate but the ones from Rootkit.com not?

    If anything I would argue that rootkit.com is a more legit distribution mechanism than Sony.

  3. is Vista that fabled 8th generation OS? by 192939495969798999 · · Score: 5, Funny

    "From: (Blair P. Houghton)

    I predict that Eighth Generation computers
    will compile no programs, run no applications,
    and access no data. Instead they will be
    designed and tuned to give a continuously
    variable spectrum of elegant and precise
    error messages describing your failure to
    induce them to do so."

    Yay Vista!

    --
    stuff |
  4. Quis custodiet ipsos custodes by megaditto · · Score: 5, Insightful

    Cracking such a thing is trivial once you answer the question who watches the watchman?

    As Apple just learned with their TPM kernel extension, all that hackers need to do is replace the binary that verifies all other binaries, and the "goodies" are up for grabs.

    --
    Obama likes poor people so much, he wants to make more of them.
  5. Already broken by Blue Pill by TRS-80 · · Score: 5, Informative

    The kernel mode signed driver restriction has already been broken by Blue Pill. Full details are in the black hat presentation, but the basic gist is you force a driver (eg null.sys) to be swapped out to disk, overwrite a function in the copy in swap with your own code, then call that function. And now you're executing unsigned code in kernel space.

  6. Many classes of software are affected by yeremein · · Score: 5, Informative

    This isn't just about supporting hardware. Several types of programs require kernel-mode drivers. Off the top of my head...

    Installable file systems
    Loopback mounts
    Volume encryption
    Rootkit detection
    Packet sniffing
    VPN software

    I'm sure there are others. Vista's code signing requirement will make it difficult for any open-source program to do any of the things listed above. Large OSS projects backed by a company will probably be able to get a certificate from Microsoft and sign official builds, but third parties will be unable to modify and redistribute binaries, which is counter to the spirit of open source. I'm sure this is not an accident. Smaller OSS projects (such as installable file systems for ext3 or reiser) will most likely jsut disappear.