Reply to post: Driver signing by Microsoft is just a way to know who is responsbile

Microsoft approved a Windows driver booby-trapped with rootkit malware

sl149q

Driver signing by Microsoft is just a way to know who is responsbile

Microsoft does not do much in the way of checking drivers before signing.

The primary requirement is that you have an EV Code Signing certificate so that they (Microsoft) have some confidence that they can track down anyone submitting a problematic driver.

One of the requirements for the EV cert is that it is stored on a security key. So if you plan to say someone stole your EV cert you need to say how they got the dongle and how they got the password for it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021