I sincerely doubt it's going to work like that. Yes, you can get your code signing cert from Verisign. But is MS planning on signing your cert or are they planning on signing each build of your drivers after testing them for stability in their labs?
If MS is going to just sign your cert, some questions follow. How much is it going to cost to get MS to sign your cert? Why should MS trust your company to sign your own drivers? How do they know your company doesn't have malicious motives? Can you seriously see MS signing the Alcohol Soft or Daemon Tools code signing certificate so they can get their drivers running in 64-bit Vista, enabling kids to play the DRM'd video games they downloaded off a torrent somewhere? Would they sign the SlySoft certificate that makes it easier to duplicate commercial DVDs? All three of these applications do have legitimite uses, but in each case, they can be abused. What standards are they holding the developers to?
In the latter case, you have a scenario much like the current, except that users have no choice but to install certified drivers. That's all well and good in a perfect world, but nowadays most developers will advise you to install their un-certified driver, replacing the certified one that came with Windows. Why? Because it's going to cost them another couple/tens of thousands of dollars to get MS to certify the new build. Consider the negatives here... One: hardware manufacturers release drivers less often. New features and capabilities of existing hardware get delayed until they've been QC'd to death. End users suffer as a result.
I like the idea that you get a code signing cert, MS signs it, and you can sign whatever kernel-mode drivers you build... In my opinion, it should be free... and it's only purpose should be to attach legal accountability to code installed in kernel mode. You should write your code, agree to a license when you download the DDK that stipulates that you can't conduct any of the following x, y, and z things (i.e., adware, spyware, secretive data collection, keylogging, etc.). If you sign your driver & release it in the wild and it turns out that you violated the license, you get sued. In my opinion, this is the only decision they could make that doesn't squash fair competition between the big players. Why shouldn't my tiny software shop have the same rights to develop and antivirus solution as Symantec, Trend, McAfee? Because we don't have millions of dollars yet? Bullshit.
Do I think this will **ever** happen? Ha. No. This is Microsoft.
Strange. AIM 5.2's big new feature is encrypted instant messaging. I wonder how long it will be before someone writes a program to UUEncode/Decode files for xfer with encrypted IM...
Slashdot Mirror
I sincerely doubt it's going to work like that. Yes, you can get your code signing cert from Verisign. But is MS planning on signing your cert or are they planning on signing each build of your drivers after testing them for stability in their labs?
If MS is going to just sign your cert, some questions follow. How much is it going to cost to get MS to sign your cert? Why should MS trust your company to sign your own drivers? How do they know your company doesn't have malicious motives? Can you seriously see MS signing the Alcohol Soft or Daemon Tools code signing certificate so they can get their drivers running in 64-bit Vista, enabling kids to play the DRM'd video games they downloaded off a torrent somewhere? Would they sign the SlySoft certificate that makes it easier to duplicate commercial DVDs? All three of these applications do have legitimite uses, but in each case, they can be abused. What standards are they holding the developers to?
In the latter case, you have a scenario much like the current, except that users have no choice but to install certified drivers. That's all well and good in a perfect world, but nowadays most developers will advise you to install their un-certified driver, replacing the certified one that came with Windows. Why? Because it's going to cost them another couple/tens of thousands of dollars to get MS to certify the new build. Consider the negatives here... One: hardware manufacturers release drivers less often. New features and capabilities of existing hardware get delayed until they've been QC'd to death. End users suffer as a result.
I like the idea that you get a code signing cert, MS signs it, and you can sign whatever kernel-mode drivers you build... In my opinion, it should be free... and it's only purpose should be to attach legal accountability to code installed in kernel mode. You should write your code, agree to a license when you download the DDK that stipulates that you can't conduct any of the following x, y, and z things (i.e., adware, spyware, secretive data collection, keylogging, etc.). If you sign your driver & release it in the wild and it turns out that you violated the license, you get sued. In my opinion, this is the only decision they could make that doesn't squash fair competition between the big players. Why shouldn't my tiny software shop have the same rights to develop and antivirus solution as Symantec, Trend, McAfee? Because we don't have millions of dollars yet? Bullshit.
Do I think this will **ever** happen? Ha. No. This is Microsoft.
Strange. AIM 5.2's big new feature is encrypted instant messaging. I wonder how long it will be before someone writes a program to UUEncode/Decode files for xfer with encrypted IM...