[Lan]

I disagree. I think Microsoft's current driver policies are unreasonable. Most end-users don't want to run their PC in testing mode, and will look for an easier way around it. This has a negative effect on free and open-source software. For example, there is software out there that allows you to use Playstation 3 controllers with your PC. In the past, there were pretty much two software solutions for Windows. One driver was unsigned, and the other was signed. Many people used the latter because it was much easier to get working. The problem is that it also installed alongside Chinese malware. Driver signing didn't save anyone there. If anything, it made the issue worse.

[sievebrain]

Free and open source software can still be signed.

[IshKebab]

Not really if it costs $1000.

[Someone1234]

It doesn't cost $1000 even today, and as EV Code Signing certificates become more popular the price will fall.

A non-Code Signing EV certificate is "only" $100-200 right now from tons of vendors. All we need is for them to flag it for Code Signing which is "free."

[Lan]

Until you convince those CAs to start signing for code, they still cost $400+. And remember, that's per year. The driver will continue to function after that year, but they will either need to cough up another $400 the next year, or cease development. Even at $100-200 per year that's still an unreasonable cost for hobby projects.

[sievebrain]

Open source software of any complexity costs far more than that to develop, assuming you assign non-zero value to opportunity cost. Your time is valuable!

[ksk]

So your complaint as far as I can understand it is - both solutions are imperfect. Well, great ! I do think you're conflating 'reasonable' with 'perfect'.

[Lan]

Actually, my complaint is that if you go through the effort of manually disabling driver verification checks at boot time, Microsoft should respect your decision and allow you to persist that decision for that driver, even if you reboot and turn verification back on. They don't, and instead give you an all or nothing approach, with the nothing approach being a hassle and leaving a permanent watermark in the bottom right corner of your display.

[ksk]

> Microsoft should respect your decision and allow you to persist that decision for that driver, even if you reboot and turn verification back on.

If you have a whitelist, then malware authors would ship a primary driver that is signed and "clean". This clean driver just changes the whitelist so other malware can be executed without signature checks. I would suggest you first model the threat, model your response and analyze the different approaches.