Re: Driver Signing
>Hardware vendors can't be trusted to write secure drivers, and can't be relied upon to update them when exploits are discovered.
?
OS vendors (eg. MS) can't be trusted to write secure drivers, and can't be relied upon to update them when exploits are discovered.
Application vendors (eg. Adobe, MS) can't be trusted to write secure drivers, and can't be relied upon to update them when exploits are discovered.
Better stop using these things called computers...
Actually this exploit nicely illustrates another aspect of the security problem - preventing the old insecure stuff out-in-the-wild from executing.
It would seem that code signing, whilst giving confidence in the providence of a driver, isn't particularly useful when you need to revoke that driver's security clearance. Not saying that revoking execution rights isn't going to be a minefield, just that it doesn't seem to be possible to do today at the granularity of a single driver version.