Microsoft Updates Guideline on Windows Driver Security

An anonymous reader shares a report: Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws. The new guide -- also available as a one-document PDF -- is authored by Microsoft's Don Marshall and comes to replace an older help page. [...] While the driver security checklist is a must-read for any software developer and not just driver authors, the guide on assessing "threat modeling for drivers" is also something that software engineers should take a peek at.

Windows driver security?

[DontBeAMoran]

Just drive your own damn car!

Re:Windows driver security?

So can I summarize your position as follows?
1- I am smarter than everyone
2- I hate immigrants

Thanks for your contribution today.

Re:Windows driver security?

[bondsbw]

Assuming the authors all have proper university degrees it is very hard to write crap code

I know plenty of CS grads who could barely comprehend basic CS 101 level concepts.

"must-read for any software developer"

U...hu. I think I'll pass this boring document. The boring texts never end.

VMs

Just run Windows in a VM. That way it can't access any files it shouldn't, and can't harm your critical files and hardware.

It's cheap insurance.

Want to game? Just buy an X-Bone or PS4, since those are stripped down custom PCs anyway.

Re:VMs

[omnichad]

Why run Windows in a VM at all if you're not going to give it access to let you work on your critical files?

Re:VMs

I don't want my critical files damaged by Windows Malware, and I don't want Microsoft to see what it should not see. Microsoft software only has access to what it needs at that moment, and the VM is reset to ensure no proprietary data is sent to Microsoft.

Microsoft Malware includes:

Windows "Genuine Advantage"
Telemetry
Windows Error reporting

Everyone has had a machine damaged by Windows malware. It's important to protect valuable IP so the Microsoft malware doesn't compromise it.

If I need to edit a document, WIndows only sees THAT document, no other documents.

A spreadsheet, or only the essential files I need to edit at that time, nothing more.

It beats having your critical files damaged by Malware, Microsoft or otherwise.

Re:VMs

[eaglesrule]

Windows in a VM allows for some very convenient 'undo' positions. Also virtual networking. The more the host machine is like a hypervisor the easier it is to secure it and maintain.

Re:VMs

Exactly!

Can allow or disallow network access with just a click, and capture any packets sent out for analysis without using a custom router.

It's also easy to revert back to a known good state after a failed update, and you can lock it down so it doesn't phone home.

Running Windows native on the hardware is just asking for trouble. Imagine, MSFT applying BIOS fixes, like the untested Spectre and Meltdown patches. Microsoft would have actually damaged the hardware, and could have caused data loss.

The actual guidelines

Here's the actual guidelines document: https://docs.microsoft.com/en-us/windows-hardware/drivers/driversecurity/

Windows security?

[OneHundredAndTen]

See definition of oxymoron.

Re:Windows security?

Mean while Linux keeps adding hundreds of security bugs each year. 2017 was a bumper year with 450 vulnerabilities. Anyone got fired yet? And that's just the kernel, with all the junk they ship with a distribution we're looking at several thousand bugs.. hahaha

https://www.cvedetails.com/pro...

a "one-document PDF"

[optikos]

Hmmm. You mean all these decades I could have had the entire multi-volume encyclopedia set in a multi-document PDF? Who knew? (It seems OP just learned what a PDF is: a single-document file-format; or is speaking to an audience 35 years ago who don't know what a PDF is.)

Is this my Logitch G510 drivers cause experimental

I swear I didn't install the Overlord API or whatever the hell it's called.