Microsoft Takes Another Anti-Rootkit Step
Opinion: Writing kernel-mode Windows programs was never easy, but as of 64-bit Windows Vista, Microsoft won't even let just anyone do it. It will help stop some rootkits, but it's not a complete answer.I remember sometime around 1996 or 1997 I was in a meeting with Bill Gates talking about the future of Windows. I dont recall the exact context, but he said that he thought eventually they would have to require device drivers to be digitally signed. They must take "eventually" seriously at Microsoft, even when the chief software architect believes in something. The company has been nudging device driver developers to sign their code for years, but it recently announced the first toehold of actual requirement: The 64-bit edition of Windows Vista and future versions of Windows will require that all kernel-mode drivers be digitally signed. There are other new requirements, but this is the important one. So why would Microsoft require this? Code operating at kernel level is especially privileged. Other code operates in the privilege context of the user and its potential for damage can be limited by best practices. Device drivers are necessarily trusted because they necessarily have direct access to the hardware in the system.
A digital signature doesnt make a program safe and bug-free, but it creates accountability. You can know with a very, very, very high degree of certainty who is responsible for the program. At bottom, all security involves some element of trust, and security decisions are decisions about who you do and do not trust. Signatures facilitate the quality of these decisions.