The best comment on the whole driver signing discussion


From Will Dean:


"The real tragedy of driver-related BSODs is that in many applications people should never have needed to write KM code at all, let alone the ghastly 50 lines of application code surrounded by 5000 lines of impossible PnP/Power boilerplate.

Hopefully WDF is going someway towards fixing this..."



I see a lot of poor opinions of Microsoft and a lot of anger in the discussion around driver signing.  I see a lot of accusations that Microsoft doesn't care or understand the issues for 3rd party vendors.  I wish you could be a fly on the wall in building 40.  I am part of regular discussions around how to make driver signing easier, how to make WHQL less onerous, how to make working with driver signing easier when developing drivers and how to provide good options for customers who need to use unsigned drivers.  I don't hear anyone who doesn't "get" the issues faced by 3rd parties or want to imporve the situation.  The work currently being done to move drivers out of kernel mode is the best hope for a huge improvement in this area.


 


 

Comments (4)

  1. matt says:

    Amen!

    I’m glad to hear that Microsoft is working hard to change the driver development landscape. I had a brief encounter with driver development about a year ago (wrote a simple filter driver) and I was absolutely horrified. Quite frankly, I’m surprised that Windows runs at all given what it takes to write a driver. And it’s a bad sign when the DDK contains samples that are constantly being tweaked and contain comments such as "even though there is still a possiblity of failure here, this is the best we can do" (not the exact wording but you get the point).

    Keep up the good work!

  2. Hopefully UMDF helps even more. I wonder how many hundreds of NDIS IM drivers there are in the world that are basically just the PassThru sample plus some basic filtering code. Perf questions aside, UMDF could be a huge boon here.

    The thing that has me the most concerned is the inevitable progress of anything that smells like DRM. I don’t like the idea of Microsoft telling me (a computer administrator) that I simply am not allowed to run software. It smells monopolistic.

    I have seen the WinQual guys present at DevCon, and I certainly sympathize with the desire to have signed code in the kernel, but it does seem like an overly invasive measure to remove any administrative control over the question.

    Regardless, it won’t be long before it is bypassed by the bad guys. Look at the PatchGuard paper if you doubt it. Then, only the good guys will suffer – the bad guys will go merrily on their way using whatever hackjob workaround is easiest.

  3. Norman Diamond says:

    > I wish you could be a fly on the wall in

    > building 40.

    Fine, not bad for a wish. But meanwhile, we only get to see what Microsoft publishes. (And we get to see how the operation of Microsoft’s self-signed drivers compare with the operation of third-party drivers, signed and not.)

    Some blogs remind us that Microsoft’s employees internally do not unanimously agree with Microsoft’s corporate policy. Yes that is excellent news. Meanwhile we still suffer from Microsoft’s corporate policy.

  4. I hate Microsoft, probably as much as anyone. But their "driver signing" project is an abject failure. As useless as tits on a bull. Not only is it nearly impossible to write drivers for windows so that they will be…

Skip to main content