Quote: Originally Posted by sup3rsprt
Microsoft makes tons of cash on things like this. Authenticode and WHQL for example.
As Ive said, Microsoft makes nothing. They cant design and build Authenticode/WHQL or Digital Certificates then charge people for learning/using them. If they did then they would be the gate-builder and gate-keeper and have too much power over the security sector while giving themselves another monopoly, It just wont happen again.
I agree that disabling driver signing requirement is insecure. But so is allowing any hacker off the street to sign his own malware, so it doesn't make much difference in the end.
AS I said before, You can sign your own code on your own machine, nothing will stop you from re-signing a NVidia driver with your own certificate, what will stop you is trying to use that re-signed driver on another machine, If that machine doesnt have your Self-Signed/Created CA then your self-signed certificate is invalid and useless on another machine.
However, it's good news for me the (security conscious) consumer if there really are multiple ways around this whole driver signing requirement.
If its going to be anything like Vista then the RTM version will prevent you from permanently disabling Driver Signing, It will only run for the first reboot, after the second, Driver Signing is re-enabled.
Self-Signing is permanent and the safest solution available