Microsoft’s new driver signing policy – What it means and should you be concerned?
The Windows 10 anniversary update brought a number of changes to Microsoft’s newest operating system. Under the hood, Microsoft have introduced a small but potentially significant change to how drivers are installed. We’ll cut through the jargon and explain why this change has upset some people.
Firstly, what are drivers? Drivers are software components (programs you load and install onto your computer, or that are pre-installed with Windows) that allow Windows to communicate with any hardware you buy. If you buy a printer, for instance, the driver is the software that lets your PC talk to the printer, in order to send it pages to print.
Secondly, what is a “signing policy?” Digital signatures are a way of proving, or at least giving some assurances that the software you are installing on your PC comes from a trusted source. Just like when you sign a legal document with your signature, digital signatures are designed to be tamper proof and by using complex mathematics, difficult to forge.
Since driver software needs to communicate with the lowest levels of the operating system, installing drivers carries something of a risk. A fraudster could make a driver that purports to improve the performance of your scanner or printer, while actually using the opportunity to install malicious spyware instead. Given that driver software is installed at such a low level, this means it can potentially do serious damage to the PC and evade detection by antivirus software.
Starting with Windows XP, Microsoft began to get stricter about which drivers could be installed. At first, any driver that wasn’t digitally signed would pop up a warning. Then, Windows Vista started blocking unsigned drivers in some versions of the operating system. This got progressively more prohibitive in Windows 7, 8 and 10.
Now, Microsoft announced a new change to the policy to take affect in Windows 10 since the anniversary update.
“Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal.”
This decision immediately upset some users, most notably Tim Sweeney from Epic software, a popular games development company, who went to Twitter to say “And, Microsoft just gave itself a monopoly on driver signing, ending 31 years of open Windows hardware support.”
Is this accurate though? To some degree perhaps, but Microsoft’s changes only apply to systems that have secure boot capabilities. Secure Boot is a mechanism that prevents malware installing itself as your PC starts up. This capability is on most new PCs that you can buy off the shelf. It can, however, be disabled. Enthusiasts and power users often disable it as it conflicts with encryption software like VeraCrypt.
The change also only applies to Kernel mode drivers. These are drivers which work at the very lowest level of the operating system (and can therefore cause the most damage). Drivers for something like a USB gamepad do not need to run in Kernel mode.
Why is Microsoft making this change at all? Well if you’d not already guessed, it’s because of malware. Serious malware, such as that designed to intercept logon details while using online banking, or the infamous “cryptolocker” style attacks that hold a users data to ransom, will try to install and embed themselves as deep in the system as possible to avoid the user detecting and removing them. By making this change, Microsoft has unquestionably hardened Windows security.
On the flip-side though, it can be seen as another step to locking down Windows and discouraging open software development. While it’s true malware writers used these mechanisms for their own nefarious ends, there are other hardware and software projects that may legitimately require low-level drivers. One example is the ZFS File System. This software is a special way of recording data to a disc that has extra safeguards against file corruption. It’s useful for archiving and backup because of these extra safeguards. Since this open source software requires low-level drivers to be written, new, strict policies that make it difficult or expensive to develop such drivers may mean that Windows never gets support for this project.
Overall, while clearly this change has upset some, it’s unlikely to affect the majority of Windows users and will in fact make the operating system even more secure for most of us.
That concludes our newsletter for August. On behalf of the team here at TWT, I’d like to say thank you to all our readers, new and old for your continued support. The TWT Newsletter will return on the 10th September 2016 for more tips, tricks and techniques to help you get the best out of your PC, be it Windows Vista, Windows 7, Windows 8 or Windows 10. We hope that you found this newsletter informative and useful. If you did not then please let us know why, you can contact us by visiting this page. If you have enjoyed this newsletter, feel free to pass it on to all your friends and family, or better still encourage them to sign up for their own copy. Until next month, keep checking Top-Windows-Tutorials.com and enjoy happy, safe and stress-free computing!