|
|
On Mon, 15 Nov 2004, Stefan `Sec` Zehl wrote: > On Wed, Nov 10, 2004 at 01:38 -0700, Blaine Fleming wrote: > > > > >...but then, I suppose that if you wanted to be evil, you could just > > >find the registry key that GUI setting twiddles, temporarily modify it > > >during the install process and put it back afterwards. > > > > MS made sure it wasn't quite that easy... > > http://support.microsoft.com/?kbid=298503 > > I felt challenged by the wording in that KB article. > > I present you with the attached Proof of concept C Code which can turn > the "Driver Signing" Setting on or off at will. The usual caveats apply > (it works on my machine: XP with SP2). Perhaps someone wants to include > it in the TAP installer :-) That's quite a subverse piece of code :) If you feel like it, the thing to do would be to make an NSIS module which gets or sets the parameter. Get is important because we want to be a good citizen and set it back to its original value. Having said that, in general I'm not terribly eager to remove unsigned driver warnings, and I can understand that some companies may consider it to actually be a benefit to have the warning dialog come up. It's a disclaimer, after all, and it allows the end-user to be aware that something is trying to install a driver on their box. Drivers are dangerous things and driver bugs can crash a system or render it unbootable. When it comes to driver installation, full disclosure can be a good thing. And in this age of liability concerns, I would think that MS is actually providing an incentive for commercial driver developers not to sign, as a strong disclaimer agreed to by the customer can can help to blunt future liability claims. What I would advocate is having the warning apply to all drivers, not only unsigned drivers. Even signed drivers can have bugs. And well-written unsigned drivers can pass the same test suite that signed drivers have to pass. The fact remains that the TAP-Win32 driver is unsigned mostly for political and monetary reasons. The code passes all of the NDISTest suite, which is the same test that qualifies a driver for MS WHQL certification. The driver is also being actively used in the real world, and I would argue that that fact merits more credibility than any stress-test suite. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |