On Thu, 6 Oct 2022 14:36:36 +1300, I wrote:
Having Microsoft verify third-party drivers with a digital signature, so that Windows will block the loading of unsigned drivers, seemed like a good idea when it came in with Windows Vista. Enforcing quality control would remove a big source of crashes, as well as security loopholes.
But it seems the execution falls somewhat short ...
Another fun way that lowlifes have found to subvert this process <https://arstechnica.com/information-technology/2022/12/microsoft-digital-certificates-have-once-again-been-abused-to-sign-malware/> is to get Microsoft to sign a driver that won’t, on its own, exhibit any malicious behaviour, so it doesn’t trigger any alarm bells. Then you use a separate developer certificate to sign another piece of code that, when it loads and activates the Microsoft-signed driver, will trigger the malicious functionality. This gives you a stepping stone into the full level of trust that a Microsoft-signed driver enjoys. Treating proprietary software as a “black box” just doesn’t work. This would be much less likely to happen with Open Source, because it’s harder to hide things in plain sight.