General discussion

Locked

Insanity Check.

By normhaga ·
While trying to learn Beethoven's 5th on a guitar and browsing my email I ran into a Microsoft Security Newsletter update that made me think twice.

Microsoft asserts that the 64 bit variants of Vista are more secure because they require device signing for kernel mode drivers. No kernel signing, no loading. We all know about the boot override that has to be executed on a per boot basis.

What if there was a method in which a boot device could be loaded with a self-signed certificate? Think of the security problems that could be incurred for the installation of malware. Would this be a serious issue?

Microsoft in two whitepapers goes into great detail on how to create a test certificate that, if we read the papers correctly, is designed to be built on one machine and used on one or more machines; in other words, the test certificate is not machine specific. The test certificate also would not have an expiration date.

These two whitepapers address the issue of creating test certificates:
http://www.microsoft.com/whdc/winlogo/drvsign/kmsigning.mspx
http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx

I see this as real security risk for any number of reasons. A software house may see it as a blessing to avoid the WHQL certificates and costs to install new hardware. A malware coder might see it as a way to install whatever to take control of a Vista X64 or X32 box, including Server 2008.

I would like to see a discussion on these whitepapers and their implications; to see what the community in general thinks. Did MS gaff yet again by providing a means to override one of the main security features of the 64 bit OS?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Related Discussions

Related Forums