64-bit mandatory driver signing -- a huge mistake and a stupid idea

Discussion in 'Windows Vista General Discussion' started by infamous, Jan 3, 2008.

  1. infamous

    infamous Guest

    I don't really know the best place to post this, so I'm going to talk
    about it here:

    Windows Vista 64-bit's enforcement of mandatory driver signing was,
    is, and will always be a bad idea. The only realistic way to disable
    it was through an obscure hack using bcdedit, and now even that has
    been taken away from us.

    I have a computer full of hardware that I cannot use now, unless I
    reboot and make sure I hit the F8 key.

    Things were intolerable enough when using the bcdedit trick
    arbitrarily killed hi-def DRM support -- but whatever, I don't use
    DRMed content and I refuse to let it pollute my computer. But now,
    even the bcdedit trick is gone, and users like myself are left with
    computers full of hardware that, despite the availability of drivers
    that meet *our* requirements, do not meet requirements of the media
    lapdogs at Microsoft who imagined this dreadful system.

    I understand there's an argument for security, but let's face it: the
    real reason Vista64's signing requirement is to appease Hollywood, in
    order to prove that Windows(tm) Vista(tm) is a Safe Platform For
    Protected Media(tm). The evidence is clear, in editorials, current
    events, and even hardware's product manuals.

    This "mandatory driver signature" crap needs to be shown the door.
    Now. I can't afford -- nor do I care to -- update all of my hardware
    to parts that have Microsoft's blessing. The situation is compounded
    even worse when companies like E-MU (aka Creative Professional) are
    withholding Vista64 support because the proper driver signature
    *requires* DRM in products that not only have no use for it. (The
    manual for my shiny new E-MU 0202 USB plainly states that it will
    likely not see Vista x64 support because it can't meet the driver
    signature's DRM requirement.)

    So, long story short: take out the 64-bit driver signature
    enforcement. Take it out now. This is intolerable.

    I hope that this reaches someone sufficiently influential at
    Microsoft.

    Regards,

    Tom

    PS: The following is short list of the various hardware and drivers
    that, arbitrarily, I can not use. Note that all of these things are
    current (the first two are available for purchase at Fry's) and have
    no real reason to be blocked:

    EMU 0202 USB Audio Interface (EMU plainly admits that signing is
    impossible due to DRM requirement)
    Turtle Beach Riviera (CMI8738) PCI Soundcard (no mfr but excellent
    homebrew drivers available)
    XBCD Homebrew USB Xbox controller driver (works a bit better than MS'
    equivalents)

    PPS: Yes, I know I can dual-boot into XP. In fact, that's what I do.
    But I shouldn't have to tie up two seperate windows licenses just to
    get current 64-bit support (vista) and run "legacy" hardware (xp).
     
    infamous, Jan 3, 2008
    #1
    1. Advertisements

  2. Well, if its too much for you, use Vista 32 bit then. Microsoft wanted to
    started a clean slate with proper drivers written for Windows Vista, 64-bit
    Vista gave them opportunity to do that.
     
    Andre Da Costa[ActiveWin], Jan 3, 2008
    #2
    1. Advertisements

  3. infamous

    Peter Lawton Guest

    The non-MS line on this might of course be that MS would have forced it on
    32bit Vista as well if it wasn't for the fact that if they had even the few
    people who have bought it so far would have taken it back for a refund.

    Driver signing enforcement is entirely about DRM enforcement and nothing
    else, otherwise why take away with patches etc the few existing ways to
    disable it if the user wants to.

    MS should have learned from Sony that it's customers don't want DRM and
    definitely don't want an OS that's painfully slow because of it

    Peter Lawton
     
    Peter Lawton, Jan 3, 2008
    #3
  4. Driver signing is specifically meant to guarantee the device driver you
    install is safe and 'will' work, nothing else. You really don't know how
    much the end user benefits from this.
     
    Andre Da Costa[ActiveWin], Jan 3, 2008
    #4
  5. infamous

    Peter Lawton Guest

    Driver signing guarantees the device driver you install is safe and 'will'
    work ?

    <FX: Ducks to avoid flying pig>

    All driver signing actually guarantees is that MS can have the signing
    certificate revoked of any company that's attempting to do anything that MS
    don't like.

    Peter Lawton
     
    Peter Lawton, Jan 3, 2008
    #5
  6. infamous

    Paul Smith Guest

    Not practical with the amount of old drivers which do work, but that
    wouldn't be updated for Windows Vista. If they were going to do that, they
    might as well of scrapped the 32-bit versions and just released 64-bit, the
    impact on compatibility would be similar.
    I don't believe DRM was the primary driving force behind this, but
    reliability and security. If you install a malicious driver that claims to
    be for your webcam yet isn't. You've effectively given control of your
    machine over to somebody else, that driver can disable your firewall, create
    a service listening for outside connections, record all your keystrokes you
    name it, there's probably a way to do it.
    How does a driver being signed (no different than from how a website is
    signed if you're using SSL) slow the machine down?

    The state of drivers needed to be cleaned up, this is one step in the right
    direction.

    --
    Paul Smith,
    Yeovil, UK.
    Microsoft MVP Windows Shell/User.
    http://www.dasmirnov.net/blog/
    http://www.windowsresource.net/

    *Remove nospam. to reply by e-mail*
     
    Paul Smith, Jan 3, 2008
    #6
  7. infamous

    infamous Guest

    Yes, driver signing is wonderful for reliability. BUT! _It should not
    be so mandatory that perfectly good hardware doesn't work because of
    signing issues._ Power users need to have a permanent option of
    switching it off, or certificates need to become far more widely
    available. The current solution of locking users out of their own
    hardware is hardly acceptable.
     
    infamous, Jan 3, 2008
    #7
  8. infamous

    Paul Smith Guest

    It guarantees the driver is from who ever signed it.
    Wrong.

    --
    Paul Smith,
    Yeovil, UK.
    Microsoft MVP Windows Shell/User.
    http://www.dasmirnov.net/blog/
    http://www.windowsresource.net/

    *Remove nospam. to reply by e-mail*
     
    Paul Smith, Jan 3, 2008
    #8
  9. infamous

    infamous Guest

    XP doesn't properly recognize the total amount of RAM in my system,
    hence the move to 64. I own licenses for XP Pro RTL and Vista RTL. Is
    my only other option purchasing a copy of XP x64?
     
    infamous, Jan 3, 2008
    #9
  10. infamous

    Tom Lake Guest

    Using the free software VistaBootPro, you can turn off driver signing.

    http://www.vistabootpro.org/

    Tom Lake
     
    Tom Lake, Jan 3, 2008
    #10
  11. infamous

    infamous Guest

    That trick no longer works, as it was disabled by a recent update. All
    vistabootpro did to fix that was enable DDISABLE_INTEGRITY_CHECKS(sp?)
    for you.
     
    infamous, Jan 3, 2008
    #11
  12. infamous

    Peter Lawton Guest

    Personal views inline

    If MS didn't plan to enforce signing on 32bit versions as well as soon as
    they can get away with it I doubt they'd have bothered doing it on 64bit
    versions, they already enforce signing on 32bit vista where DRM is involved
    I think
    I would have agreed with you if signing was enforced on ALL drivers, however
    it looks to me, although I'm not an expert, as if driver signing is only
    enforced on the subset of drivers that could bypass DRM. Boot start, kernel
    and Protected Media Path.
    But if DRM wasn't the primary driving force then why remove the users
    ability to disable driver signing enforcement if they chose to by editing
    the boot config
    No, the signing doesn't affect speed in any way, it's the DRM infestation
    that's affecting speed with all the check that are being continually done.
     
    Peter Lawton, Jan 4, 2008
    #12
  13. infamous

    Tom Lake Guest

    Curses! Foiled again! 8^(

    Tom Lake
     
    Tom Lake, Jan 4, 2008
    #13
  14. infamous

    infamous Guest

    My thoughts exactly. Users need to be allowed override control on
    *their* computers. I don't mind the 64-bit driver signing, and its
    implementation makes sense -- but if I can't turn it off, then the
    whole point of *personal* computers is lost.

    I understand some users want security and stability. That's fine. But
    many of us here are smarter than that, and do not appreciate the
    software-enforced nanny-state hand-holding.
     
    infamous, Jan 8, 2008
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.