[technion]

There's more to it. Signed desktop software can be signed by any CA.

Veracrypt has kernel drivers. Microsoft's ability to control what you can sign is specific to kernel drivers, and Microsoft's trigger finger around bans exists in the world where bad drivers BSOD machines.

In general this isn't your problem.

[raxxorraxor]

Speculation as well and highly unlikely. Microsoft drivers can very well BSOD your machine as well, not a significant or convincing threat scenario and certainly not something that lead to certificate revocation of driver developers. There is zero quality control or review by Microsoft here. Not for their own products and not for third party ones.

[steve1977]

Exhibit A:

https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_ou...

[fluoridation]

That's not entirely true. Certain classes of signing keys require driver developers to put their driver through a test battery and submit the results to Microsoft.

[rkagerer]

I wish Microsoft expanded and built on that model, instead of moves like firing swarthes of their QA staff.

It could have grown into a massive, self-service testing playground where any developer could submit their product and put it through an arsenal of basic, automated evaluations (e. does uninstall leave tidbits behind?), with paid upgrades to more tailored services. They could even publish scores to help consumers coarsely compare workmanship across different vendors, and encourage an emphasis on quality across the whole ecosystem.

Instead they decided to just become overpaid bouncers who take your money, check your ID, and don't even bother about what you bring through the door.