| Date: | January 3, 2006 / year-entry #2 |
| Tags: | other |
| Orig Link: | https://blogs.msdn.microsoft.com/oldnewthing/20060103-00/?p=32843 |
| Comments: | 13 |
| Summary: | In the discussion of driver signing, commenter ATZ Man suggested: Further, Microsoft should allow orgs that are peers of WHQL [to] certify drivers and allow drivers to obtain certs from any such org or set of such orgs as they choose. Over time users would know which orgs were on the ball and which had... |
In the discussion of driver signing, commenter ATZ Man suggested:
Would they? Let's take a real-world case where there are multiple certifying authorities, to see whether what this commenter predicts actually has come to pass. The United States has several bicycle helmet standards which a manufacturer can choose to meet. At a minimum, it must meet the requirements of the Consumer Product Safety Commission; this is the standard required by law. Beyond that, however, it's at the discretion of the manufacturer. I don't know about you, but I don't know my ASTM from a hole in the ground. Who's going to sit down and research the differences between CPSC, ASTM, SEI, Snell B-1990S, Snell B-1995, and ANSI? Did you know that there are four different certifying organizations for bicycle helmets? Did you even care? When I buy a bicycle helmet, I read the tag that says "Meets XYZ standards" and say, "Okay, cool, this helmet meets some standard that some committee established. It must be a safe helmet." End of story. I'm not a bicycle helmet expert. I don't want to be a bicycle helmet expert. I want somebody else to be the bicycle helmet expert and just tell me whether this helmet is okay or not. "Over time, users would know which helmet certifications were on the ball and which had agendas." Do you believe this has actually happened? [While Raymond was on vacation, the autopilot stopped working due to a power outage. This entry has been backdated.] |
Comments (13)
Comments are closed. |
I’m not sure if that is an apples to oranges comparison. It’s kind of hard to know if your bicycle helmet is REALLY safe or not. It isn’t like you’re going to have an accident, get a concussion, look at the sticker on the helmet, then say, "Wow, I guess I this certification stinks." However, it is possible that after a driver fails x times, that you would be able to read (on the internet most likely) that although driver Q was certified by Xyz, it still causes problems. Of course, I suppose that you could do the same type of research with bicycle helmets. It just seems that with computer technology you’re more likely to be able to find more information in the computer universe.
Except that 99% of the users don’t know which driver failed, or even that a driver failed. They don’t even really know what a driver is. Probably even more than that. Even people who know computers really well, people who have studied CS or something similar, will rarely keep a database of driver failures, recording the name of the failed file on each BSOD, matching it to a driver.
It’s not about simply allowing anyone to certify drivers. It’s about blessing SOME organizations to certify drivers. Such organizations get their certificates signed by WHQL, and they in turn sign drivers. The user is asked whether he wants to trust organization XYZ which signed the driver, but the user can clearly see that WHQL has signed XYZ’s certificate. The user has the right to choose, but if he’s incapable or unwilling to make the choice, then he can just trust WHQL.
To add to that, CornedBee (if that is your real name!), since drivers share the same memory space, they can stomp all over itself and even savvy users would have no clue which one failed. If your video card driver suddenly started writing garbage into your network card driver, you’d see the network card driver on the BSOD… but that doesn’t make it guilty.
I’ve stopped trusting WHQL…
The recent nVidia drivers (80.xx and 81.xx) all pretty much refuse to run under 32-bit Win2003 unless I reduce memory to below 4GB. If I enable my full memory range, I can barely log on… (dialogs disappearing all over the place)
The old nVidia drivers (78.xx and 79.xx) were all good, so I’m stuck with 79.11 until I figure out a way of contacting nVidia. (no, contacting the board manufacturer won’t work — Gainward simply refuses to answer any emails)
My point is this: nVidia seems to have labelled this a XP driver. I fear that MS’ WHQL lab as a result isn’t testing the driver in a 4GB+ environment. If they were, things would break pretty fast. (unless there’s a weird interaction with the nForce drivers I’m using) Heck, even nVidia’s 64-bit driver (again 80.xx) seems to have stability problems when faced with "much" memory…
—
Rune
In ATZ Man’s defense, there are reasons one might want to have a driver signed by the company who actually produced it. Or to trust other root certs for an in-house deployment of drivers within corporation X. Etc.
Our trust model is a little wobbly IMO. And it doesn’t offer the granularity that it should. I could ramble about this for days, but I’m the code signing tester so it’s something I think about a lot (too much?).
– Drew
Raymond,
If governments can’t make people take enough time on such important choices as skid lids, sure, why would, why SHOULD an OS vendor be able to make them choose good device drivers?
All MSFT is doing with its driver signing policy is tipping the playing field in favor of driver vendors who are willing to pay the fees for MSFT-approved testing. The evidence suggests that it is cheaper to pay a software engineer to circumvent the signature popup than it is to get the WHQL cert.
If one cert is good, a different one could be even better. The status quo did nothing to prevent the recently-revealed corporate malware and corporate rootkit infestation.
WHQL certification costs only $250.
http://www.microsoft.com/whdc/whql/policies/testing.mspx
I find it hard to believe that a software engineer costs less than $250.
The required Verisign class 3 signing cert is another $500, but that doesn’t counter your argument, Raymond. You’d still need to find an an engineer for under $750.
Yes – in case anyone is paying attention, Verisign makes a bigger chunk of quick money on this than we do. I’m sure the numbers eventually work out in our favor with widespread adoption of the OS, though.
– Drew
Wednesday, January 04, 2006 10:17 PM by Drew
> You’d still need to find an an engineer for
> under $750.
Half the engineers in the world would work a month for that.
Ironically, <a href="http://mdahmus.thebaba.com/blog/archives/000043.html">bicycle helmets don’t work</a>, so you picked a pretty bad example.