Is the horizon looking more secure?
Microsoft is going to require drivers designed for Windows Vista 64-bit to be digitally signed, according to reports
Signing is different from WHQL certification. Under the WHQL programme, drivers must be submitted to Microsoft for testing, to make sure there are no compatibility bugs or security holes. Signing is simply a process by which the creator of a driver can be identified. A digital signature is attached to the driver, and any problems the driver causes can then be traced back to the guilty programming party.
In theory, this sounds like a great idea. In practice, there are a few interesting issues with this. Firstly, the signing requirement won't actually stop driver quality issues or security problems, since there is no Microsoft intervention unless the driver is WHQL certified. So, problems caused by drivers such as the Sony Rootkit wouldn't actually be stopped, but they would be more easily traceable. This is not an ideal situation.
Secondly, the requirement to have signed drivers only applies to the 64-bit version of Vista, not the 32-bit. If we assume that most consumers will be running the
32-bit version, rather than the more advanced 64-bit version, wouldn't it be sensible to enable the extra functionality on those systems too? After all, it's normal consumers who usually bear the brunt of bad drivers because they install and uninstall so much stuff. Users with the 64-bit version are more tech-savvy, and less likely to install drivers that are widely known to be shoddy.
Perhaps the ideal situation would be for all versions of Vista to require WHQL certified drivers. That would really solve the problem that Microsoft is trying to address with this half-attempt.
What do you make of driver signing? Are you even planning to upgrade to Vista? Will you go for the 64-bit version? Let us know what you think over in the forum.