[janci]

What I do not understand is why the print spooler runs as the highest-privileged SYSTEM account. Any vulnerability in the print stack is basically game over. It seems to me that changing this long due and should be possible without dropping support to all old drivers (and printers).

[phkamp]

It goes all the way back to Windows 3.11, where printer drivers often directly fiddled the Centronics parallel port themselves.

The Centronics port is nominally one-way, but it didn't take long for people to realize you could use it for bidirectional communication, thanks to a self-test feature IBM built into the original PC's parallel port adapter, which everybody copied faithfully.

The most famous use was probably "LapLink" which enabled fast file transfer via a special cable.

Printers and their matching drivers used the bidirectional communication to provide mode detailed status information than the single "Paper Out" signal.

And the rest as they say, is a parade of horribles

[Someone]

> And the rest as they say, is a parade of horribles

The most ‘fun’ of these was when Microsoft marketing came up with the “Plug and Play” (https://en.wikipedia.org/wiki/Legacy_Plug_and_Play), and the engineers had to implement it for this port.

So, you have a port designed so that writing anything to it prints a character, but you somehow have to figure out what (if anything) is attached to it without making a printer attached to it print anything, a CD Writer to write, a hard disk to lock up, etc, with each device possibly having its own devious way of doing two-way communication over that port (by the time Windows 95 came out, how to do that was more or less settled, but users still had tons of old hardware and/or older parallel ports that behaved slightly differently)

If not for the time pressure to ship something, I think it must have been fun to work in the Microsoft department developing that feature with hundreds of obscure parallel port devices.

And of course, it never worked perfectly. How could it? I know people who had a device that erroneously got detected as a tape drive, making ¿Windows NT 4? pop up some dialog for attaching it.

[FirmwareBurner]

>It goes all the way back to Windows 3.11, where printer drivers often directly fiddled the Centronics parallel port themselves.

I know a large bank who had a well paid dev on the payroll who's job was exclusively reverse engineering, patching and writing windows printer drivers so their old specialized institutional printers could keep working on modern Windows because the printer manufacturer would not publish newer drivers.

Printing is still a very important part of many wealthy legacy industries which explains why there's so much fuss around it.

[Dalewyn]

Worth noting that in true Microsoft fashion, Windows Protected Print Mode will still co-exist with the printer driver subsystem it's supposedly replacing:

>Q: Will Windows prevent installation of new printer drivers?

>A: Windows will continue to allow vendor-supplied printer drivers to be installed via separate installation packages.

My sincere kudos to them, Apple/Google/FOSS would have thrown out the old with no regard.

[anaisbetts]

Windows has tried to "fix" printing several times now, the architecture is so deeply cursed that every time they do, it breaks the ecosystem completely. I assure you that Windows engineers in 2023 are very much aware of how terrible printing in Windows is

[tonyedgecombe]

It's hard to underestimate how poor the software coming out of printer manufacturers is.