Everything you've read about Vista DRM is wrong (Part 1)

Everything you've read about Vista DRM is wrong (Part 1)

Summary: Self-described "professional paranoid" Peter Gutmann of the University of Auckland has become the most widely quoted source of information on DRM and content protection in Windows Vista. The trouble is, Gutmann's work is riddled with factual errors, distortions, contradictions, and outright untruths, and his conclusions are equally wrong. In this three-part series, I'll show you why Gutmann's outrageous and inflamatory arguments don't stand up to close scrutiny.

SHARE:
372

Last month, I wrote about the FUD surrounding Windows Vista and DRM. The FUDmaster is Peter Gutmann, a New Zealand researcher who wrote a paper last December that made a series of outrageous and inflammatory claims about Windows Vista. Since then, Gutmann has expanded the paper to more than four times its original size. The current version available on Gutmann's website clocks in at more than 26,000 words, making it longer than some recent works of fiction.

And length isn't the only thing Gutmann's paper has in common with the average pulp novel. Gutmann's work is riddled with factual errors, mistaken assumptions and unproven assertions, distortions, contradictions, misquotes, and outright untruths. In short, it's a work of fiction all on its own.

Gutmann is a clever writer, and he's able to string together nouns, verbs, technical terms, and acronyms in ways that sound persuasive. In this three-part series (look for Part 2 and Part 3 later this week), I'm going to dig deep into Gutmann's work and show you just where he got it wrong.

I've been working on this story for months. Part of the problem is that Gutmann's paper is a rambling, sloppy, disorganized mess, and nine months of additions have made it even more difficult to pick out the serious arguments from the scare stories and snark. Gutmann's favorite technique is to string together anecdotes he's plucked from magazines and websites, juxtapose those stories with sentences from presentations by Microsoft engineers and developers, and then speculate on the implications, often with wildly incorrect results. And worst of all, Gutmann appears to believe everything he reads—as long as he can fit it into his anti-Microsoft world view.

The other part of the problem is Gutmann's lack of hands-on experience with modern consumer electronics gear and with Windows Vista itself, which shows in nearly every sentence he writes. I've done extensive hands-on testing and have personally seen Vista do things that Gutmann says are impossible. Rather than write 26,000 words of my own, I'm going to pick out more than a dozen substantive errors in Gutmann's piece and explain why they're wrong.

With that introduction out of the way, let's get started.

Next -->

ERROR #1: ARE SAMSUNG'S HD MONITORS WINDOWS VISTA-COMPATIBLE? YES.

In his role as self-appointed consumer advocate, Gutmann seems determined to tell you and me about products we shouldn't buy. Like Samsung's big LCD monitors:

One of the big news items at the 2007 Consumer Electronics Show (CES 2007), the world's premier event for consumer high-tech, was Samsung's 1920×1200 HD-capable 27" LCD monitor, the Syncmaster 275T [...] The only problem with this amazing HD monitor is that Vista won't display HD content on it because it doesn't consider any of its many input connectors (DVI-D, 15-pin D-Sub, S-Video, and component video, but no HDMI with HDCP) secure enough. So you can do almost anything with this HD monitor except view HD content on it. [emphasis added]

Wrong! Because Gutmann has no hands-on experience with this technology, he doesn't realize that DVI-D is indeed a fully compatible HDCP output. You can use a DVI-to-HDMI cable or a simple DVI-to-HDMI adapter. This monitor meets all the Windows Vista logo requirements for full playback of all high-definition digital media, protected and unprotected. Here's the information on this exact monitor, taken directly from Samsung's Australia site, right in PG's backyard:

samsung_275t_hdcp_support.jpg

In addition, as Gutmann would know if he actually understood how HD hardware works, Vista will indeed display HD content on this monitor over the D-Sub and component video outputs, which are capable of outputting 1080p and 1080i signals, respectively. In the future, a content provider might choose to constrict the output to these devices, but that decision would apply only to a specific piece of media, and it would have to be disclosed on the package, giving the buyer the opportunity to choose not to purchase it.

Gutmann has more snark for another Samsung product:

If you have even more money to burn, you can go for the largest (conventional) computer monitor made, the Samsung's stupidly large (for a computer monitor) 46? SyncMaster 460PN. Again though, Vista won't display HD content on it, turning your $4,000 purchase into a still-image picture frame... [emphasis added]

The link he provides is dead, but through the magic of Google I found the 460PN specs at Samsung's Australian website. Hmmm. Wonder what's in the downloadable brochure? Ah. It says this monitor is:

"...suitable in any area where information needs to be delivered quickly and efficiently. For example, airports, hotels, shopping malls, executive offices, corporate lobbies, network control rooms, video conferencing..."

It even includes a picture of a suggested application:

Samsung large screen monitor in operation

So, this is "stupidly large (for a computer monitor)"? Not if you're planning to install it in an airport or an office lobby, which is its intended use. In fact, when you dig into the specs you see that the biggest selling point of this monitor is its compatibility with large networks (such as those used in airports), where it's necessary to display up-to-date information on many screens that can be seen from a distance by crowds. And yes, Windows Vista will display HD content on it.

Next -->

ERROR #2: THE MYTH OF MICROSOFT CODE SIGNING

One of Gutmann's more inflammatory assertions is that Microsoft has assumed complete control over all drivers used in 64-bit versions of Windows Vista, and they can use this power to crush companies that don't play ball with them. Here's how he puts it:

...64-bit versions of Vista (which will be displacing the 32-bit versions within the next few years as everyone moves to 64-bit platforms) will only load drivers signed by Microsoft [...] This means that no drivers that potentially threaten premium content can be loaded. A downside of this is that an enormous mass of third-party drivers that haven't passed through Microsoft's approval process can't be used under 64-bit Vista, and because of the time and money involved in the approval process may never end up running under Vista.

That sounds awful, doesn't it? If you own a hardware company you are completely at Microsoft's mercy, and if they decide not to approve your drivers, or just delay their approval, you'll starve to death.

Too bad Gutmann is completely wrong. He is confusing digital signatures with the Windows Logo process administered by Microsoft's Windows Hardware Quality Labs (WHQL). Yes, if you want to attach the Microsoft logo to your product and its drivers, and have the option of delivering those drivers via Windows Update, then you have to send your code to WHQL and have it tested and approved. [Update: As a commenter points out below, Microsoft doesn't actually perform the tests. The device maker/driver developer does that task and sends the results to Microsoft for approval under the logo program. Correction noted.] But if you just want your driver to load under Windows Vista x64, you can take care of business in a matter of seconds, by using your own certificate to digitally sign it, a process called Kernel Mode Code Signing (KMCS). You can do so without ever talking to anyone at Microsoft, and you can distribute your driver anyway you want, again, with no Microsoft approval required. Anyone can get a software publishing certificate from the independent certification companies listed here, none of which is owned or controlled by Microsoft. I found a suitable certificate for $229.

In fact, Gutmann is either being lazy or disingenuous, because the facts are in the same document he linked to in the statement above, entitled "Digital Signatures for Kernel Modules on Systems Running Windows Vista":

For any kernel-mode component that is not already signed, publishers must obtain a software publishing certificate (SPC) and use the SPC to sign all 64-bit kernel-mode software that runs on x64-based computer systems running Windows Vista. This includes kernel-mode services software [...] KMCS that uses an SPC provides identifiability of the publisher of a kernel module loading into Windows Vista. KMCS does not provide any level of certification of functionality or reliability of the kernel module. If drivers do not qualify for the Windows logo or the logo is not one of the product requirements, the publisher can create a catalog file for the driver package and sign it with the publisher’s SPC. [emphasis added]

From "Code Signing for Protected Media Components in Windows Vista":

[T]he following signing methods are accepted for kernel-mode modules:

  • Signed through the WHQL testing program as part of a driver package submission. For further information, see the WHQL Web site, which is listed in "Resources" at the end of this paper.
  • Signed by the vendor, by using the KMCS process. This process uses the vendor’s code-signing certificate together with the cross certificate. [emphasis added]

Bottom line: Gutmann is wrong.

Next -->

ERROR #3: THE OUTPUT RESTRICTIONS THAT NEVER WERE

With no testing of his own, Gutmann has decided that certain combinations of hardware won't work. For example, he says if you use an HDMI cable to connect your Vista PC's video card to a TV and try to play the audio from an HD DVD or Blu-ray disc over a separate digital audio connection, you'll be shut out:

Vista's content protection mechanism only allows protected content to be sent over interfaces that also have content-protection facilities built in. Currently the most common high-end audio output interface is S/PDIF (Sony/Philips Digital Interface Format). Most newer audio cards, for example, feature TOSlink digital optical output for high-quality sound reproduction, and even the latest crop of motherboards with integrated audio provide at least coax (and often optical) digital output. Since S/PDIF doesn't provide any content protection, Vista requires that it be disabled when playing protected content. In other words if you've sunk a pile of money into a high-end audio setup fed from an S/PDIF digital output, you won't be able to use it with protected content. Instead of hearing premium high-definition audio, you get treated to premium high-definition silence.

This is completely, unequivocally wrong. I've tested multiple systems, using HDMI, DVI, and analog outputs for video and TOSLink and coax connections for digital audio. There's no problem playing back HD video and listening to the accompanying audio over this type of connection. So what is Gutmann talking about?

He continues:

Similarly, component (YPbPr) video will be disabled by Vista's content protection, so the same applies to a high-end video setup fed from component video. In fact even the most basic composite video out (a.k.a. “TV-out” on video cards) is disabled, at least by nVidia's drivers:

“This feature is no longer supported due to the new Protected Video Path Output Content Protection (PVP-OPM) in Windows Vista.”.

A quick Google search leads to numerous online forums containing howls of outrage at this Windows “feature”, and an iTWire review recommends against nVidia-based media center PCs altogether because of it.

Today, any commercially available Blu-ray or HD DVD player will play back just fine over a component connection. Arguably the most popular HD DVD player, Microsoft's Xbox 360 drive, which also works on a Windows PC, has only component connections, in fact. [Update: A reader points out via e-mail that the Xbox 360 drive has only USB connections. When used as originally designed, plugged into an Xbox 360 made before mid-2007, it has to use the component video outputs on the Xbox 360. When plugged into a PC's USB port, it outputs to whatever video port is available.]

As for the supposed disabling of composite outputs, Gutmann is laughably wrong. If you actually follow the links in that piece, you'll discover that they have nothing to do with the point Gutmann is trying to make. The "howls of outrage" were over Nvidia's decision to drop support for a feature called Full Screen Video Mirror, which allows enthusiasts with a dual-display setup to automatically play video on a TV while they continue to work at the Windows desktop on the other monitor. It has nothing to do with disabling the composite out connector.

And despite the fact that Nvidia appears to blame Windows Vista's new output protections for this change, there is no evidence that that's true. In fact, in one of the links that Gutmann so thoughtfully provides, a forum participant points to the equivalent feature in ATI's current product line, called Theater mode, which works just fine under Vista.

Next -->

ERROR #4: THE MYTH OF "TILT BITS"

Gutmann spins a terrifying scenario to suggest that Vista's video driver architecture is outrageously overcomplicated:

In order to prevent active attacks, device drivers are required to poll the underlying hardware every 30ms for digital outputs and every 150 ms for analog ones to ensure that everything appears kosher. This means that even with nothing else happening in the system, a mass of assorted drivers has to wake up thirty times a second just to ensure that… nothing continues to happen ... In addition to this polling, further device-specific polling is also done, for example Vista polls video devices on each video frame displayed in order to check that all of the grenade pins (tilt bits) are still as they should be. We already have multiple reports from Vista reviewers of playback problems with video and audio content, with video frames dropped and audio stuttering even on high-end systems [Note I]. Time will tell whether this problem is due to immature drivers or has been caused by the overhead imposed by Vista's content protection mechanisms interfering with playback.

Wow, polling the underlying hardware every 30 ms? What a taxing demand on a modern PC! That's more than 30 separate instructions operations that have to be processed every single second! That will impose a tremendous drag on performance, won't it?

Oh. Wait. I just looked it up. An entry-level dual-core CPU running at 2.0 GHz or higher (the target for most video playback applications) can typically process a minimum of 14 billion instructions per second. A quad-core Intel Core 2 Extreme CPU (which is expensive today but will be an entry-level part in two years) can deal with nearly 60 billion instructions per second. Even a four-year-old Pentium 4 can handle around 10 billion instructions per second. Even an additional 30 million instructions per second (allowing for one million instructions per operation) would only affect a tiny fraction (well under 1%) of the CPU's processing power.

The reality, stripped of Gutmann's inflammatory language, is this: Vista's playback architecture checks the integrity of the video subsystem as part of the process of sending each video frame to the display. If there's a problem with the video subsystem, you'll know about it right away and be able to troubleshoot it. There, that's not nearly as scary, is it?

And Gutmann's examples assume that this polling happens all the time, as soon as you turn on a Windows PC. That's ridiculous. The only time this activity occurs is if you're playing back premium content using a software player that exercises this feature. If you choose not to play back premium content, you'll never be affected.

By the way, Gutmann's Note I reads, in full:

Some insider comments indicate that it'll be mid-2007 at least before Vista's non-Microsoft graphics and sound drivers are finished enough to be stable and reliable. Vendors were still frantically rushing to get drivers ready in time for Vista's release (they didn't even make it onto the RTM media and will have to be downloaded after the install), but even those have been described as 'beta-quality at best'. Now that Vista is publicly available, you can use Google to find all the problem reports arising from not-quite-ready-yet drivers.

Well, we're way past mid-2007, and the consensus is indeed that those early reports of dropped frames and video stuttering had everything to do with half-baked drivers and nothing to do with content protection. (I can testify to that firsthand.) Gutmann has added nearly 14,000 words to his report since writing the original paper but strangely hasn't updated this part.

Coming up in Part 2: What Peter Gutmann doesn't know about the PC hardware market.

Topics: Hardware, Microsoft, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

372 comments
Log in or register to join the discussion
  • Some questions and comments

    [B]But if you just want your driver to load under Windows Vista x64, you can take care of business in a matter of seconds, by using your own certificate to digitally sign it, a process called Kernel Mode Code Signing (KMCS).
    ...
    Anyone can get a software publishing certificate from the independent certification companies listed here, none of which is owned or controlled by Microsoft. I found a suitable certificate for $229.
    [/B]

    Not that I still do, but back in Uni, I created my own drivers for various equipment, not the least of which was a serial port controller for a solar hot water system. In Vista, would I have to pay for a certificate to load a driver I created? (i.e. I just want to load my unsigned, unofficial, completely hacked up XYZ controller)

    For all of his arguments about degraded output and hardware (non HDCP over DVI), or poor early implementations of HDMI (i.e. customers don't know their HDCP is not compliant), you are right, as you have found out, few of the content companies are using the controls they have built in. As you have said, there is the ICT flag, and other controls the content companies COULD use. Your testing showed that the HD disk played through PowerDVD was not using the optional Vista functions (but they could, will they?)

    One of Peter's biggest flaws was simply that he assumed the content companies WOULD use them, they won't yet, I have said, about all this new HD DRM, etc, the content companies will fall all over themselves to play nice until critical mass. They don't want to disenfranchise the new market, but once mature, they will probably (my prediction), activate once the amount affected are in the minority.

    We will see the relative merit of the analysis down the road, when (if?) the content companies activate. They may not, as much as they wish DRM is effective, they may be forced to give up the pipe dream to sell content, or they may miscalculate the backlash.

    From the Blu-Ray FAQ, one of the more contentious of my issues is the potential to mandate internet connectivity for monitoring.

    [B]No, you will not need an Internet connection for basic playback of Blu-ray movies. [/B]

    Maybe you can get an answer. Blu-Ray, for this and other reasons, is a non option because they will not answer this question.

    What is basic playback, and will it always include full 1080p without an internet connection? I will require it in black and white, written down for all to see, that forever, a Blu-Ray device will NOT require an internet connection for 1080p without other penalties (like 14 minute FBI warning, or I have to watch 48 previews unless the player can connect to the "opt-out" preview server, etc). IMO, they won't answer this because internet revocation and update is critical to BD plus.

    The Blu-Ray part is a tangent, but is relevant to how they could change the rules in the future.

    I will be interested in how you counter one chapter that is, starkly true, namely Increased hardware costs.

    http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html#hardware

    HDCP, certification, driver development, it all costs money, and we know who pays for it in the end.

    TripleII
    TripleII-21189418044173169409978279405827
  • Large screen Samsug question

    The issue to be answered is not if Vista can drive a huge Samsung monitor with HD content but if it can drive it with DRM protected HD content. Showing a computer generated airline times board is not showing the latest movie with DRM crippling it.

    I get the feeling you're as misleading and evasive on your defense as the originating article is.
    shoktai
    • Two Samsung monitors

      The first fully supports HDCP and thus will play back any content fed to it by Windows Vista.

      The second was not designed as an entertainment system. It was specifically designed for use in public places, with content generated by a business or organization. So complaining that it doesn't support HDCP is sort of beside the point. Do you expect to watch a Blu-ray movie in an airport waiting room or the lobby of a business?

      (And anyway, that screen could play back a copy-protected disk. Just use the analog inputs.)
      Ed Bott
      • Monitor upgrades: just another cost of Vista

        Come on, this is just silly. You're telling people that they should (a) buy a new, special-purpose monitor that's DRM-compliant, or (b) just use a non HDCP-compliant monitor in analog mode? I don't find either of those "solutions" to be remotely acceptable (anyone who has an LCD with both analog and digital inputs can see the difference in clarity at a given resolution, all else being equal). Not to mention, there is still the looming potential that Microsoft will throw those bits that will prevent the analog outputs on a video card from even working when DRM-crippled content is being played. That would leave only the first option, which is to continue the Vista equipment upgrade binge.

        Perhaps you don't seem to understand exactly what HDCP does-- it's not that you're just going to get the slightly fuzzier, less-vivid image when going analog...the quality is down-sampled 50% to non-HD levels for non-HDCP-compliant devices. Completely unacceptable if the content is legal, but it's just that the user hasn't forked over more money to buy a brand-new display and HDCP-compliant media pipeline!

        The reality of the situation is that most LCD displays manufactured over the past 5 years, even if they support HD resolution and digital inputs, are not HDCP DRM-compliant. If the resolution, size, and other basic specifications are equivalent between two displays, the extra costs associated with these "entertainment system" displays' decoder circuitry and such (or the otherwise unnecessary purchase of a brand-new display) are a cost of DRM. And since Microsoft champions DRM with Windows Vista, that's just another cost of Vista if you want to use your Vista media center to its fullest potential.
        pyrr
        • (addendum)

          Oh, and your statement about HDCP being "fully compatible" with DVI-D, that's not entirely accurate.

          Devices with only DVI-D connectors [b]can be made[/b] in compliance with HDCP, such that they will work through the DVI-D port with an HDMI adapter (an extra consumer cost), but simply having a DVI-D connector doesn't mean that a device is compatible with HDCP. Attempting to connect a non-HDCP-certified device to a HDCP-protected stream with an adapter will result in an output failure. I find that a rather interesting definition of "fully compatible". The long and short of it is, unless the whole media pipeline, from the optical pickup in the DVD drive to the pixels on the display, is 100% locked-down HDCP compliant, users will be lucky to get even half-resolution playback on their devices. The point is completely moot if content is unprotected and the media pipeline, whether a computer OS or a Blu-Ray DVD player, doesn't treat it as such. But the second media is treated as protected, that's when things cease to be truly "fully-compatible", and all the HDMI to DVI-D adapters in the world are useless.
          pyrr
          • Look at the picture

            You need to read what I wrote in context. I wasn't making a statement about all monitors, I was talking about this specific example. That's why I posted the picture that shows the specs of this particular monitor, which has a DVI-D output with HDCP support.

            Please compare to what Gutmann wrote, where he says NO DVI input will support Vista HD output:

            "Vista won?t display HD content on it because it doesn?t consider any of its many input connectors (DVI-D, 15-pin D-Sub, S-Video, and component video, but no HDMI with HDCP) secure enough..."

            That is complete crap. He believes that only HDMI can support HDCP. If he actually understood what he was talking about he could never have written that.
            Ed Bott
          • The bigger picture...

            So this is really just a nitpick? Gutmann may be guilty of not researching the specific examples he uses for his position thoroughly-enough, and while that makes him look a bit foolish, it doesn't invalidate the point he was trying to make, which is that the lack of HDCP-compliance in otherwise perfectly good displays shouldn't be the only factor that forces end users to upgrade to more expensive displays for the sake of the DRM lockdown. We (tech folks with half a brain) KNOW he's a bit over the top on some of his points, but we can also see that he raises valid concerns. By attacking him on the accuracy of minutiae, you might "win" the battle, but "win" too many of them, and you just lose credibility because they're just not the sorts of things that gut his main arguments.

            Side-stepping around Gutmann's valid concerns (in this case, good monitors being force-obsoleted) doesn't do anything to address what we really want to know. And what we want to know (I speak for myself anyway) is if Vista is such a locked-down mess that it's hopeless for someone who doesn't have bottomless pockets, or if the FUD is going to be as unwarranted and unfounded in the Real World (tm) as the FUD that was creeping-up in regards to the Linux pedigree for the past two years. As of Part 2, I really am not seeing your rebuttals as anything that makes me feel *better* about the DRM burdens Vista totes around. This is the forest to which I refer.
            pyrr
          • Nothing is "force-obsoleted"

            HDCP support is a requirement of the content. Vista doesn't change that. If you buy a non-HDCP monitor and upgrade to Windows Vista, you will be able to do everything you can do today, with no exceptions. You will not be able to play back media such as a Blu-ray or HD DVD disk that requires HDCP hardware on digital outputs. But you wouldn't have been able to play that back on XP or on a Mac or on a Linux box or with your Toshiba HD DVD player or your Sony Blu-ray drive either. All that Vista adds is platform support that gives you the choice to install a third-party app that uses this platform to play back that content. It's an addition, not a subtraction. And it's completely optional on your part.
            Ed Bott
          • While Peter was wrong about the DVI HDCP support...

            He may have gotten the idea from the output protection doc
            since it list DVI with VGA and TV-out (2 of 3 are known not to allow protected content to display @ full Resolution).

            "2 PVP-OPM: Protected Video Path ? Output Protection Management
            This section examines PVP-OPM and related output content protection initiatives.
            PVP-OPM is an important part of what is needed to make the PC safer for premium content, by trying to ensure that the various outputs from the PC?such as DVI, VGA, TV-out, and so on?are properly controlled or protected (or both controlled and protected) in accordance with the content?s policy. PVP-OPM is designed to meet the requirements of HD-DVDs and Blu-Ray DVDs and of 5C DTCP. "
            mrOSX
          • Sorry Ed

            You did write "Everything" do you wish to back off on your ambiguous "Everything you?ve ever read....." I read what you wrote below. by your own definition that is also wrong!? T.A.C.S. Ed. It is, just to paraphrase you, "sloppy, disorganized messy"
            "You need to read what I wrote in context. I wasn't making a statement about all monitors; I was talking about this specific example. That's why I posted the picture that shows the specs of this particular monitor, which has a DVI-D output with HDCP support.

            NB semi colon after monitors


            Please compare to what Gutmann wrote, where he says NO DVI input will support Vista HD output:"
            On Site PC
          • Huh?

            I have absolutely no idea what you're talking about.
            Ed Bott
    • Irrelevant

      You missed the point. Most people don't need it spelled out, but since you do, I'll make it plain.

      His argument is invalid because his example uses hardware he has never used, and attempts to apply it to an application it isn't designed for. It is a display monitor, just like planar medical displays (which are HD, and grayscale), it's meant for commercial use in applications like airports, bars, restaraunts, hotels, etc for displaying data. It is NOT a home theatre.
      Spiritusindomit
  • It's a one time signing certificate for unlimited code signing

    It's a onetime signing certificate that allows you to produce unlimited amount of code for distribution under Windows Vista x64. Anyone distributing software for an OS kernel should have one of these certificates just so that we know where the driver is coming from. It beats the hell out of forcing the consumer to manually check MD5 checksums and that?s not something normal people will tolerate anyways.

    The certificate is just a way of certifying the software producer and while I may not agree with how PKI is done in general, code signing is THAT important because you?re modifying people?s kernels.
    georgeou
    • Certificates are a very bad idea

      You say a mere $200-300 certificate for developing drivers is no big deal, but what about modified drivers, or other independent projects? This basically kills open-source drivers for Vista, not that Microsoft would ever want such a thing to begin with.

      Well, at least due to the insignificant marketshare of Vista x64, it doesn't really matter yet. But if this is going to be Microsoft's future policy, it's another one of many reasons why it is time to start looking for alternatives.
      shoktai
      • Certificates are a good idea

        First, the $200 dollar figure is off, with a little shopping one can find a cert for $99 bucks (ok you may have to wait for a "special offer" but these happen often). Second, there is a boot up option that allows the user to ignore the cert requirment, yes it has to be done everytime at startup but it offers an approach for those who want to use drivers that the developer cannot afford the $99. Remember the cert can sign many drivers, so there is nothing stopping a group of developers chipping in for the cert.

        What cert's do is provide a way to track the software back to the developer. Everyone complains about Windows security, but no matter what Microsoft or any other OS supplier (such as the Linux's) do OS'es in the hands of a typical user will be exposed to malware. Personally, being able to track down who is shipping the software, and for the cert to be invalidated so malware is not loaded seems like a very good idea.

        There is one thing incorrect in Ed's article, Microsoft does not test the drivers, the developer does and send the results to Microsoft.
        oldsysprog
        • Correction noted, post updated

          Thanks.

          And yes, an open source consortium could pool the cost of a cert and provide a central way to certify open-source kernel mode drivers. There is nothing to stop them doing so.
          Ed Bott
        • Certificates can be extremely BAD

          as APC can testify. Their Powerchute software was written in Java and had a signed certifivate. Unfortunately, when the certificate expired, on a server reboot, servers were unable to load the software and took 3 hours to get to the logon prompt in order for the amdinistrator to find out what was wrong.

          Making everything signed is good in principle, but think about the problem you will have reinstalling in a few years time if the certificate has expired and the vendor is no longer around. A good piece of hardware becomes useless.
          tony85
          • Time Stamping the Signature Solves the Issue

            APC did not read the full PKI spec when it signed the files. If a signature is time stamped (using the only public time stamp servere in the world from Verisign), the certificate would never have expired.

            Time stamps ensure that the the signature is trusted and need not expire at the end of "expiration date" in that is shows the signature was applied at a time when the certificate was deemed to be valid.

            There are valid reasons to not timestamp files, but to not do so without cause is almost criminal.

            It never ceases to amaze me how an open spec like PKI is so often messed up and misunderstood.

            Personally - I want to know who is messing with my kernel, so signing is fantastic. Remember that the sword is two edged - it shpws when MS is at fault as well.
            jrussel21
        • Yes they are...

          he would bitch about allowing up certs and the security issues...cake and eat situation.
          ItsTheBottomLine
        • WHQL tests are done by OEMs, but they are hard to fake and OEMs get audited

          The tests results and logs are produced by OEM running their devices and driveers through the Hardware Compatibility Testkit (HCTs), and the resulting logs are returned to MS. The logs are signed and difficult to fake. Also, as part of the process to receive a logo, an OEM agrees to provide MS a copy of the device for MS to audit through the test, on demand.
          Duncan_Bloome