Slashdot Mirror
All Windows 10 Kernel Mode Drivers Must Be Digitally Signed By Microsoft (i-programmer.info)
"Last year, we announced that beginning with the release of Windows 10, all new Windows 10 kernel mode drivers must be submitted to the Windows Hardware Developer Center Dashboard portal to be digitally signed by Microsoft," reads a MSDN blog post. "However, due to technical and ecosystem readiness issues, this was not enforced by Windows Code Integrity and remained only a policy statement. Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal."
Slashdot reader mikejuk quotes a report from i-programmer.info which argues "the control of what software users can run on their machines is becoming ever tighter," and compares Microsoft's proposal to an XKCD cartoon: Before you start to panic about backward compatibility with existing drivers the lockdown is only going to be enforced on new installations of Windows 10. If you simply upgrade an existing system then the OS will take over the drivers that are already installed... Only new installations, i.e. installing all drivers from scratch, will enforce the new rules from Windows 10 version 1607... Be warned, if you need to do a fresh install of Windows 10 in the future you might find that your existing drivers are rejected.
Slashdot reader mikejuk quotes a report from i-programmer.info which argues "the control of what software users can run on their machines is becoming ever tighter," and compares Microsoft's proposal to an XKCD cartoon: Before you start to panic about backward compatibility with existing drivers the lockdown is only going to be enforced on new installations of Windows 10. If you simply upgrade an existing system then the OS will take over the drivers that are already installed... Only new installations, i.e. installing all drivers from scratch, will enforce the new rules from Windows 10 version 1607... Be warned, if you need to do a fresh install of Windows 10 in the future you might find that your existing drivers are rejected.
Is Microsoft in cahoots with Intel and AMD, forcing us to junk otherwise useful PC's (or switch to other OS's)?
Well, somebody has to learn that they can't be trusted with their own keys.
Nadella has altered the bargain, every couple of weeks for the past two years. What the fuck makes you think he won't alter it farther?
You cannot imagine how excited I am to be submitting my drivers to the Windows Hardware Developer Center Dashboard portal. Talk about boner killer.
Old being defined as "built before 2014" -- smooth move, Microsoft. My Huion drawing tablet has the most shady unsigned drivers of all time.
This is the case of WWBN, again. The security and maintenance section of the control panel should show a warning about all the affected drivers at the device driver subsection.
For 97% of Windows 10 users (yes, I made that figure up) this is a total non-issue. It may even be a benefit to protect them from themselves. Many can't distinguish between safe and not so safe web sites from which to download programs and such. These folks may not even know how to uninstall drivers that don't uninstall automatically when a related piece of software is uninstalled. If you are a registered developer, this isn't an issue either as MS gives you a way around it.
For the rest of us, well, there aren't enough who haven't already migrated to iOS or Linux so MS doesn't give a shit.
Microsoft answer!
134340: I am not a number. I am a free planet!
How is Microsoft going to be able to securely distinguish between drivers that existed before an upgrade and those that were installed afterward? I imagine that someone will quickly figure out how to get their driver to show up as a previously being installed.
Right now, if secured boot is off, this policy doesn't kick in. That may change of course. For the vast majority of Windows users, this is fine, but for power users, kind of a pain.
To run older drivers:
"(...) In addition, if Secure Boot is set to OFF, then drivers signed with existing cross-signed certificates will continue to be valid."
https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607/
If the submitter is proposing that the xkcd comic about having your admin account be separate from your user account, is ridiculous, then I'm ridiculous. All of my computers are setup with an admin account which very rarely ever gets logged into, and every family member gets their own account. That comic is not ridiculous, it's how your supposed to be setting up your computer (at least since Vista).
I've gotten my extended family to set up their computers like that, and have had some conversations about how it's saved their bacon.
Thanks for not even giving people the choice to run an unsigned driver, since there's lots and lots of hardware out there that will instantly be made 'obsolete' by this policy.
Just cruising through this digital world at 33 1/3 rpm...
I have old music gear from Roland and Yamaha. The stuff is built like a tank. I love it. And you can't ever really get new stuff that sounds exactly the same.
But drivers have been a nightmare even before this. I was lucky they bothered to put out Vista 64-bit drivers because the equipment was old even then.
But I'm worried I'll be completely screwed next time I need to do a Windows reinstall.
Does this break TrueCrypt? If so, all is lost.
I'm using windows 10 and I cannot figure out how to change a user's password. If I were on linux or mac, I'd just type passwd username. But there seems to be no way for an admin to change a users password in Win 10. Am I missing something?
Some drink at the fountain of knowledge. Others just gargle.
My guess is that this is an attempt by Microsoft to "encourage" hardware manufacturers to make drivers for older versions of Windows outright obsolete and to only produce drivers for Windows 10 from this point forward.
Unfortunately, it just might work.
Regardless of OS, flaky kernel space drivers will at best crash the system. Even a quick review by Microsoft can save many users the headache of dealing with some crash happy drivers. With kernel drivers now requiring vetting, I can see vendors finding ways to work in user space (obviously video cards and the like will continue using a split kernel/userland model).
Oh wait! I forgot this is /.
OMG!! M$ is putting in measures that will prevent my decade old CueCat drivers from working!!!12 Thank Gord my LFS system running BTRFS and Linux head is super stable. I've only had to rebuild it twice this--
that I'm sure Microsoft would love to sign /sarc. But hey...who cares about such things with hobbyist OS's like Microsoft anyway?
Also, Submitting drivers to the Dev center now requires EV CODE SIGNING CERTIFICATE.
Even though Microsoft will sign the final result, you have to have an EV CERT from a small list of approved CAs to
sign your code before their portal will sign it per the new policy.
In case you have not noticed, the cheapest of the EV Certs is $1000 a Year; Only organizations can obtain these certificates, not individual developers.
Also, all EV Code signing certs require Smartcard/Token-Based Storage of your certificate's private key to ensure credentials cannot be shared, and you cannot automate the digital signing process.
Thus is a move to make sure Open Source software developers and individuals cannot produce Kernel mode drivers.
Give it a year or two, and there won't be any way to install OpenOffice, GIMP or any other free Software .. just like GPLed Software isn't allowed in Banana AppStore (read Apple)
Important question 1: will this improve the quality of drivers on MS Windows?
Important question 2: will this provide any additional benefits for the "average user", e.g. keeping them from borking their systems?
It is a shame for there to be less user control over the OS, less hacking possibilities. It seems to me we are heading to a future where there will be very locked down systems for general use, and open systems that will allow user hacking (such as Linux). Perhaps that is not so bad.
1. Upgrade: MS wasted tens of millions of manhours worldwide with their all-but-forced upgrade
2. Telemetry: They listen to you using your computer
3. Ads: They push ads at you via the OS, taking over what remains of your attention span
4. Kernel Mode Drivers: No more can your programs manipulate Windows 10 internals (bye bye www.colinux.org)
5. UEFI Secure Boot: No more can you boot another OS on a Windows 10 tablet or mobile device. For now, you can do so on a desktop, but manufacturers now have the 'option' (wink) to remove this 'security risk' (nudge).
Well, that way they are effectively going to control who gets to or stays on the market. This should be prohibited by law as Microsoft is also a hardware manufacturer, so it has reasons to hinder other companies' efforts to get their drivers working on Win 10. Doesn't it violate US antitrust law or some other anti-monopoly regulations? It would be nice to see some lawsuits against that.
KERNEL MODE drivers? What the #### is a PRINTER driver doing in KERNEL mode?! If you think about it, there's no reason for that. (Kernel mode is the base 'part' of the operating system, where performance really matters and part of the base structure of the OS. Printing, on the other hand, is nowhere near as performance critical as, say, video card rendering or memory management, so most operating systems push printing out of the kernel into user-space. Linux kernel, for example, has nothing to do with printing other than supporting USB or parallel port communications.)
Anyway, printer drivers won't be affected as the programmers at Microsoft have blocked kernel mode printer drivers by default since Windows Server 2003 (and Windows 7) and completely removed all ability to load them since Vista. (They've added print driver isolation, where print drivers are forced into their own process rather than being a DLL loaded into each program; that's sadly an opt-in per system feature as far as I know.)
So, yeah, people have been warned about this for literally thirteen years (since 2003), and have not been able to load kernel mode print drivers since the end of 2006 when Vista was released, nearly ten years ago. Any printer that works (at all) on Vista or above will not be affected by this.
> Any good WINE tutorials out there?
I'm sure there are; yet over 17 years on Linux I've used WINE roughly twice. Normally, its not the best solution.
Do you typically use emulation to run the Linux versions of most programs on Windows, or do you run the Windows version on Windows? Running the Windows version on Linux doesn't normally make sense - on Linux, run the Linux software.
A lot of daily use software brands are compiled for Linux, often developed for Linux FIRST, then ported to Windows. Firefox, Chrome, OpenOffice/LibreOffice, etc are all available native for Linux.
If the specific brand of softeware you used to use is Windows-only (and therefore probably proprietary), there is probably other open, free software that does the same job on Linux. Unlike the Windows software, the software designed for Linux doesn't include telemetry, onerous licensing, etc. For example, rather than MS Outlook, there are dozens of other email qnd groupware programs for Linux. Sylpheed Claws / Claws Mail is one.
The single software package most often mentioned as a counter-example is Photoshop. If you're a professional graphic artist, you'll probably be happiest with a Mac. If you want to adjust brightness and color curves of your snapshots, or do any simple to moderate photo editing, you can use one of the tools used by Dreamworks and ILM - Gimp. True, Gimp not exactly the same as Photoshop. However, Gimp is powerful enough to be used by major Hollywood effects studios.
Yeah - my real concern is that the Windows Quality checks could be pretty superficial and won't achieve any real protection (all it'll do is restrict things to firms that can afford to sign their drivers - they could still be pretty damn crap.) You run a test log with specialised tools and ... yes, well, hopefully that does all the checking.
I do agree though - I hope more drivers get kicked out to user-space, where mostly they belong. Or, even better, simply cease to exist as the hardware will switch to standards -- for example, I'd rather Realtek's sound cards simply implemented a normal AC97 system so they didn't need proprietory drivers with whatever drivel they want to 'value add'. )
If you believe this is about buggy drivers, you probably still believe in the Easter Bunny and Santa Claus.
Parallel port printer maybe. You'd have to pry my Epson FX-100 from my cold dead hands.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
MS has mighty powerful crowbars, you know...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So if you are still running XP and happy why is this change an issue? After all you have not been able to load print drivers in the Windows KErnel since prior to Vista.
While the posters here are correct (at large) please don't forget that at the same time, MS has always been urged to close malware attack vectors. So, as Master Yoda would put it: Do or do not. There is no "/. won't complain".
bickerdyke
Thanks to this, windows 7 will be my last windows OS.
Most problems come fro.m poor drivers. We'rr sold expensive hardware with shitty support. Now they'll perhaps hopefully have to at least past some tests to get signed...although I fear it's just going to go through signing and no testing thus helping scamming hardware vendors push more unsupported hardware on us.
Have you ever worked in enterprise IT? There's no time for this purist bullshit. Most of us are given what we are to work with. The vendor made a kernel driver. I need to install it. I want to get paid so I will install it.
I thought you need signed drivers at least since windows 7 and this is one of the reasons why for example andlinux isn't available anymore?
Windows 10, the only winning move is not to play.
How do you think PC component and systems manufacturers are going to react to Microsoft attempting to turn them into an effectively captive market?
There's an unholy alliance brewing around Linux, and one that Microsoft isn't going to be able to do anything about, and with the proper support and app-as-a-vm style infrastructure, it's something they are going to be hard pressed to do anything about.
Microsoft is walling themselves in.
Let them.
Seriously. Windows is now an utter pile of shite. Other than running old programs there is zero reason for anyone with a clue to run it.
Bring on ReactOS version 1.0 then we can put Windows where it deserves to be. In the dustbin of history.
Stop using Windows, plenty of alternatives out there, fully adaptable to your every needs and will never be mothballed for you, will remain free forever in the sense of freedom, I mention no names but the smart IT Pro's have figured this out, perhaps mainstream IT Pro's should stary thinking for a change rather than buying into the propaganda machine
So the next time Kaspersky finds a properly signed rogue driver we would know that the hardware vendor was cooperating. Would it create a liability?
They HAVE to take security seriously. Countless enterprises all over the world depend on it. They can't just say Ooops ! So if they want to keep some control over this "intimate" layer (drivers) everyone here is shouting "It's a crime !". If something bad would happen, on the other hand, everyone here would be shouting "It's a POS !" Make up your mind, people ! If Windows crashes (it did not happen to me in years !), in 99% of the cases the BSOD appears because of faulty drivers ! Especially video-card related.
Or just realize how often shitty drivers fuck up Windows installations. The reason Windows have bettered its reputation of being unstable isn't so much that MS code quality have improved, it is because MS have tightened up the driver situation. The vast majority of bugs causing crashes are in 3rd party device drivers.
So instead of making things up in your mind how about following logic and accept that too many lusers install unsigned* crappy as shit drivers and then blame MS when their system becomes as stable as a M1 tank balanced on the Eiffel tower?
(* unsigned isn't of course necessarily crap but often is)
I am not a fan of the fact that you need to spend big money on an expensive certificate, more money on setting up a legal entity that will satisfy those organizations who can issue the right EV code signing certificate that Microsoft will accept and even more money on all the required hardware to actually test your driver or what it means for open source software but this move DOES have some benefits.
It reduces the amount of crappy drivers out there (both because of the testing and because entities who are making crappy drivers tend to be the ones who dont want to spend the money on certificating and signing).
It also makes it harder for anyone wanting to create kernel level malware since either Microsoft will refuse to sign it in the first place or Microsoft will revoke the signature (and blacklist the creator of those drivers).
The increased requirements in terms of the code signing certificate you need to submit drivers to Microsoft also eliminates problems with rogue code signing certificates (i.e. all the times when a code signing certificate was stolen from a major hardware vendor and used to sign malware or other bad things)
I do wonder what this means for government/law enforcement/intelligence agencies though. We know from various leaks and other things that governments and their agencies have used kernel drivers (or things that can only be done with kernel drivers even if its not actually explicit that kernel drivers are being used) as part of their spying/hacking/law enforcement efforts. Will the NSA be given the ability to sign a kernel driver that can run on a standard Windows 10 install? What about the Chinese Government (the censor-ware they wanted to force PC manufacturers to install on new PCs almost certainly requires kernel-level code to do the things it does). Or the German Bundespolizei? (the spyware they have reportedly used to spy on things like Skype may well need kernel code in order to do its job)
What now if you can't?
This is still optional - i.e. only applies if Secure Boot is on, and no power user keeps that on. Conspiracy theorists will be all, "But what if they require Secure Boot????" which would 1) enrage pretty much every power user; 2) be a typical what-if that could apply to any company's action. What if Apple did the same? What if Google started sending all your e-mails to the NSA? What if an asteroid is about to hit the Earth? Microsoft ONCE tried to enforce doing stuff via Microsoft - the Store - and has reversed that decision, so sideloading is now easy.
There's a lot of horrible privacy shit in Win10 that needs dealing with. Pretending that everything contrary to precisely what's wanted is a sign of the End Times makes you sound like political fanatics.
You can run sigverif from CLI to check to see what drivers are currently being used on your system not signed by Microsoft.
I welcome any legitimate reason for this behavior requiring Microsoft cross signing when secure boot is enabled. Currently I'm at a loss to come up with one.
It seems when secure boot is not enabled all signature validation can be bypassed by malicious code one way or another if you have admin rights by changing boot settings using bcdedit and rebooting or a million other approaches given admin level access. Signature checks don't have much bite in the real world with secure boot disabled.
With secure boot enabled any effective bypass of driver signature validation is a security bug. Since only kernels trusted databases are used for driver signature validation (regardless of secure boot setting) cross signing to MS is redundant. This is especially true given the blessings seem to be superficial at best and probably nearly fully automated given cross signing does not currently cost money.
Most likely reason for MS to do this I've been able to come up with is that without MS control anyone who develops a kernel driver and gets it signed by one of the supported CAs can break out of a Microsoft walled garden on systems where secure boot is being enforced against the user.
Even if you believe any and all measures to lock down kernel access improves security and therefore unconditionally good regardless of any other considerations... I still fail to see how any actual locking downing is being accomplished here as the MS blessing is superficial and adds nothing. Any malicious actor able to develop a kernel driver and obtain an EV cert is almost certain to also obtain blessing of Microsoft.
The only "benefit" seems to be MS getting a vote to stop execution of drivers paving way for restricting usermode execution against users. (See Windows RT and Windows Phone)
From Microsoft's FAQ: "Enforcement only happens on fresh installations, with Secure Boot on, and only applies to new kernel mode drivers"
In other words, disable secure boot and it's business as usual.
From my point of view, this increases security for the vast majority of users who just buy a computer in a store and need to be protected from themselves. If you don't know enough to disable secure boot, you probably have no business installing unsigned kernel mode drivers anyway. But if you do, you can.
win8 had a mode you had to boot to get unsigned drivers.
does this mean win10 anniversary edition doesnt have that option?
and think back to what bullshit ftdi pulled.
also, some way must remain unless they make you get a special windows version for driver development or to be developing with a connection live to ms. chip devs would crap their pants about that.
Will this disable OpenVPN (and maybe other VPN software)? Last I checked, they relied on an unsigned virtual network driver.
Why not let the user decide if they want to run a driver that is not signed?
Because a most users have absolutely no idea what a signed driver means and don't really want to care. There is no possibility of my non-tech savvy parents making an informed decision on the matter and users like them are far more typical than ones like you or me. Frankly I'm only surprised that it has taken Microsoft this long to get around to doing something like this.
It's not like the user is going to be asked every day. If you get a new device, you install the (presumably signed) driver from the CD or manufacturers website or MS website. If you want to run that super old piece of hardware, you can install the unsigned driver. Win-win.
You're conveniently leaving out numerous possibilities. 1) Malware, 2) naive users not knowing anything about signed drivers vs unsigned ones, 3) poorly made drivers by unscrupulous or incompetent vendors, etc. It's considerably more nuanced a problem than you are making it out to be. I wouldn't have a problem with having a (non-trivial) way to bypass the issue for the rare people who might need to use unsigned drivers.
There are legitimate concerns about the free (as in speech) software implications here but frankly for the technologically illiterate as well as for the security conscious there is an upside to forcing signed drivers. Frankly if it causes problems I would expect those affected to move to linux and I consider that to be an upside as well.
super micro and other will not give in and go MS only. At least if only on server / workstation boards.
Microsoft is getting closer and closer to the walled garden.
but since this is Slashdot:
M$ = bad
Apple = good
You're right, of course. They won't. But what about the consumer laptops and PCs? All those people who just get something from PC World made by HP or IBM or Asus?
How many people here first learned linux by installing it on a hand-me-down machine? How many repurpose old PCs as media centers, routers or home servers?
It's quite possible that in ten years, if you want to run linux, you'll have to pay extra for parts intended for a real business server.
https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607
Trust me, as a driver developer, this has been causing me an immense amount of headaches, and Windows 10 is only part of the story.
But the blog entry has a key detail which nobody here seems to understand. Existing Drivers signed by a certificate that was issued prior to July 2015 will still be accepted by the kernel. What this means is that the new rollout is not going to cause the entire ecosystem of Windows legacy drivers to implode. If they were signed correctly for 64-bit Windows before, they will continue to work on Windows 10. Really, truly, I've tested this myself on preview editions of the Windows 10 AE
Where you get screwed is when a vendor needs to update a driver going forward. Then things get to be hairy. Logistically, signing became much harder, everything from obtaining a certificate to performing the actual signing. Pain. In. The. Ass.
Our company just released an update of our product just under the wire of when our legacy "get's a free pass" certificate expired so that we'd have some runway to incorporate the new driver signing nightmare into our tool chain. So we're good up until the next showstopper bug comes along, which fortunately is rare. You'll be able to use our latest release just fine on AE, even though it didn't get signed by Microsoft.
I remember using windows 8 and having issues with unsigned hardware drivers. There were some work arounds but they weren't pretty. In my case the drivers were for an internally produced dev board with restricted distribution.
This is sooo Microsoft-ish. Like the left foot not agreeing with the right which way to go.
After all the pain we had to put up cause MS was trying to stick us with Win10 thru every orifice they could find or dream up, another of their divisions comes up with this signing crap to stick us some more and make all the old or the very newest hardware unusable unless in default driver mode. Older, cause they a now deemed unsupported. Newest cause the manufacturers haven't paid their extortion money yet to be certified.
Old maxim rules forever: the more things change the more they stay the same.
As long as I can disable signature enforcement im ok with that. I've been disabling it every now and then to install stuff that i either wrote or someone else wrote without paying the cert fees. Yes it requires a reboot and its a bit annoying but its understandable why its done this way.
Its when you wont be able to turn off enforcement that it will *really* sucks.
cd/dvd = some what obsolete and there is some software that is loaded with disk checking DRM.
I suspect quite a few of those people you reffer to do nor actually know how to use Phootoshop either, thei just follow a procedure to "make x look good/cool" or whatever, if they knew what they where doing i suspect a goodle for somthing like for example " colour correction with gimp" would get them sorted out whitout mouch trubble for most cases. Well unless one of those steps (maybe the only one) was use plugin x and ptress auto ( wher the plugin name teally did not give a clue about what the plugin did behind the ceenes) Disclamer: as is probably obvious I'm no a photoshop or a gimp expert so pleace correcte if/when I'm wrong
blocking steam = anti trust and there apps are to locked down to work for most uses.
Now with they can have an app system that can be like steam with all of it's mod's / user content / workshop / etc then it can work.
But what about app's with map editors with there own EXE's they need to have apps that can be linked to an other one / have more then 1 in the same sandbox.
Android has 3rd party app stores and side loading.
apple has lock down and censorship
prevent my decade old CueCat drivers from working
Scared me for a second, but no. It's an HID-compliant standard keyboard - no driver required.
Microsoft once again, making the choice even easier.
Does this mean if the UK eventually bans encryption they affectively making Windows 10 illegal as well? One can only hope i guess.
Most any SDR (Software Defined Radio) uses a modified HDTV dongle requiring a customized driver and blacklisting the one Windows wants to use. This is going to piss off a lot of CQDX fans.
What does this mean for VirtIO drivers? I have tried searching around and don't exactly understand - are there Microsoft signed VirtIO drivers that will allow Windows virtualization under KVM, etc...
hope this will end tons of crapware running in kernel mode.
The user lost his password. SO he can't enter his old password to change it. I want to force a reset password as the admin but I cannot find any GUI path that lets me do this.
What I think is going on is it may be that WIN 10 won't let you change a password if the password is his microsoft account password???
And when the user wants to reset his password on his own it directs him to log onto microsoft account. He has no recollection of ever even setting up a microsoft account so that's a non starter. I can see why this happened in hindsight. when you create a new user the it first directs you to use your microsoft account. THen if you baypass that it asks you questions and creates a microsoft account for you! (there's a little unnoticed link off the end of the window visible on screen that lets you create a strictirly local user).
Some drink at the fountain of knowledge. Others just gargle.
Yeah right, like driver signing or even telemetry will fix their software issues or prevent viruses. Even running as a standard user does not stop you from getting viruses there are plenty of security holes(that's always found but left unpatched for weeks to years) that let hackers elevate privileges.
In the past I was able to install and run Exchange 2007/2010/2013 with little or no problems. But now, for testing, I either get half ass Exchange 2013 installation(2008r2 server missing exchange services and virtual directories) or if installed(on Windows 2012 server) I get no ecp/owa regardless of the certifications or bindings. No problems creating the services and virtual directories from scratch but ecp/owa is a hit or miss. Search for hundreds of online solutions and nothing. Microsoft does not want to admit that their products run illogical or run like being schizophrenic because their software is buggy.
Yes, if you want to upgrade to Windows 10 you should remove all drivers first like the video and install the ones written specifically for windows 10 after the upgrade finishes or else you are going to get some nasty results. But, I installed Windows 10 from scratch with all proper drivers and it acted very dam buggy. From freezing, crashing(no driver issue reported event log), to the start menu freezing, flickering, disappearing, or explorer.exe just crashing. This isn't something new I had issues close to this when xp, vista, 7 were first released. It will probably take MS another year or 2 before Windows 10 becomes stable.
Wait... is this article saying that the trick for loading Microsoft-unsigned drivers under 64-bit Windows since Vista no longer works?
Microsoft's official documentation has definitely given the impression that drivers had to be signed by them in order for 64-bit Windows to allow their installation... but the REALITY (up until now, at least) has been that 64-bit versions of Windows would treat drivers that were signed by SOMEBODY... but not signed by MICROSOFT specifically... the same way 32-bit versions of Windows treated drivers that weren't signed at all -- a sternly-worded dialog warning against proceeding with the installation that could be swatted away and wouldn't bother you again.
In summary form:
1. unsigned drivers: 32-bit allowed after one-time warning, 64-bit refused outright.
2. drivers that were signed, but not by Microsoft: both 32-bit and 64-bit allowed after one-time warning.
3. drivers that were signed by Microsoft: both 32-bit and 64-bit installed without complaint.
Case "2" is the one of interest here. If Microsoft eliminated it with the new release of Windows 10, I'm going right back to Windows 7 if I find so much as a single driver that can't be coaxed into running. It would suck, because I've already spent the past 5 days tweaking Windows 10 to look kind of like Windows 7 (via ClassicShell and Glass8), but I'd definitely put the elimination of case 2 as grounds for abandoning it (and would probably be so disgusted, I'd make another stab at switching to Linux as my primary operating system).
...and all of that is unadulterated bullshit.
You keep believing that if it makes you happy. There are advantages and disadvantages to signed drivers. I pointed out some of each. If you can't wrap your head around this I can't help you.
The underlying operating system is FAR more dangerous because it's a piece of shit engineered to spy on the user.
Completely unrelated issue. Not disagreeing with you but it isn't related to the discussion here.
The fact that the OS is swiss cheese is far more of a problem than "the user making the wrong choice".
And allowing unsigned drivers solves this "swiss cheese" problem how exactly?
If you're gotten to the point of showing such obvious contempt for the end user then you're doing it wrong.
Actually I'm supporting the (typical) user if you bother to actually read what I wrote. There are advantages for *some* users to having Microsoft (or Apple) curate drivers and there are some meaningful disadvantages too. Whether you favor one or the other I leave to you. I can say that for many people, leaving it to the end user is a pointless exercise because they won't understand the difference.
I'm not totally versed in the politics of getting MS to sign your drivers, so apologies if this seems like a dumb question - what if, say, MS didn't want to sign software drivers for OpenVPN TAP/TUN network devices (let's say they just rolled out their shiny new VPN software). Or basically any other driver, hardware or software - Can they just say, "no" to OpenVPN, then OpenVPN team (or whoever else) is SOL? If true, that basically means MS has a complete, Apple-like stronghold over the hardware (and lots of software that utilizes driver framework to function) that runs on Win10+.
It is pitch black. You are likely to be eaten by a grue.
yep. it shows it as an e-mail.
I've tried accessing his local files too, so I can copy them to a new (stricktly local) user account but so far the computer has resisted this. Does it also lock your local files away from the admin?
Good golly this is really diabolical.
Some drink at the fountain of knowledge. Others just gargle.
They do own the computer it's running on, after all.
Of course they will if MS pony up the cash incentives.
support for printers and audio, and still has very seriously stupid user interface and config issues.
Linux fans have been pretending Linux is about to take over the desktop for well over a decade, but it simply will not happen as long as all the volunteers keep coding on the stuff they like and neglecting all the stuff that's far too buggy and annoying for average people. Continual changes to the UI, re-skinning things, re-arranging things, adding "cool" new "features" (and then never finishing them) are the rule more than the exception and this is exactly why open source has been unable to take the desktop from commercial closed source. When people are employees, a boss can say "drop what you're doing and FIX this bug NOW!" with the implication that jobs are on the line. When everybody is a volunteer, the stuff that's annoying and not interesting or fun to work on can be neglected for many years.
Linux has a standard graphics API: OpenGL.
Linux has no standard audio API, no standard API for things like game controllers, printers, etc.
Linux uses CUPS for printers - a complete joke. There's no excuse for making people go through a web browser to mess with a printer and having a maze of priviledge issues so that average users cannot make heads nor tails of how to kill a print job, or deal with cartridge changes, and cannot find a way to config a new printer.
If you want the desktop, the simple test is: put it in front of a 60-year-old non-geek and see if they can use it for basic computing tasks like e-mail, web browsing, word processing, printing, watching a youtube, playing an MP3...
These things have been problematic for many years but are not being fixed because people are too busy fixing things that were not broken, like all the fights over the boot process and systemd.
My iphone suddenly stopped mapping as a drive in Windows 10 recently, but I wasn't sure if it was the latest Windows update or the latest iTunes update. Maybe the iTunes update wasn't signed...
How is this supposed to help users?
You know what im removing now from a windows 10 machine? PUPS. "search protect" fake antivurii, fake popups, warning messages about "YOUR MICROSOFT COMPUTER" etc etc
Not loading signed kernel drivers isn't going to stop that!! Only running linux will!