What does it mean when software/drivers are "signed"?

[Ken90630]

I've never really understood that term. Does it mean the manufacturer has put some sort of digital signature (code, I presume?) in the software that marks it as official & legitimate (as opposed to malware)?

And if so, does "signed" also mean that the mfgr has provided Microsoft and other software companies with a copy of said 'signature' to validate its use with their software (again, to legitimize it)?

 

[gsaldivar]

A digital signature is a small piece of unique code that is used by software (typically an operating system) to determine if 3rd party software is approved for use.

A 3rd party software company submits a sample of its product to an OS maker like Apple, Microsoft, Nintendo etc., and the maker determines if the software is suitable for their platform. This may mean passing compatibility tests, legal review, patent review, etc. - the exact criteria varies from one company to another. The software company decides either to "sign" the software or not. If the signature is granted, the maker provides the signature to the 3rd party software company, who then embeds the signature in their product and ships the "signed" product to consumers.

Sometimes the maker's OS is programmed to run only "signed" software. Other OSs might allow both "signed" and "unsigned" software to run, but they are treated differently, or a warning is shown that indicates that the user is attempting to run 3rd party software that hasn't been vetted by the maker of the OS.

Digital signatures are nearly impossible to forge because they are based on cryptography (mathematical problems that are hard to solve). But, as with any software, there are occasionally implementation flaws that people discover that may allow a savvy developer the ability to fool an OS into running unsigned software or software containing a forged signature.

http://en.wikipedia.org/wiki/Unsigned_code

http://technet.microsoft.com/en-us/library/cc962053.aspx

http://en.wikipedia.org/wiki/WHQL_Testing

http://www.gdgsoft.com/pb/pbhelp/digitalsign.html

 

[Mide]

+1 to gsaldivar

 

[abaez]

Good response would read again A+++++

 

[WildHorse]

``

 

[gsaldivar]

lol

 

[Ken90630]

Thanks, gsalidivar, for the thorough explanation. :thumbsup:

One more question: I've heard that 64-bit versions of Windows won't run unsigned drivers. Is that your understanding as well?

 

[lxskllr]

One more question: I've heard that 64-bit versions of Windows won't run unsigned drivers. Is that your understanding as well?

Correct. There used to be some workarounds, but I seem to remember them getting the shaft after a service pack. There was one left that worked, but it sounded like a PITA, so I never tried it.

 

[gitano]

Correct. There used to be some workarounds, but I seem to remember them getting the shaft after a service pack. There was one left that worked, but it sounded like a PITA, so I never tried it.

its that the way Ati Tray Tools for example used to work creating a entry for launch it in the Windows Task Scheduler ? or i am confused ? 🙂

 

[lxskllr]

its that the way Ati Tray Tools for example used to work creating a entry for launch it in the Windows Task Scheduler ? or i am confused ? 🙂

I'm not sure tbh. Google would probably be more helpful than me. I quit running custom drivers and stuff when it stopped being effortless, and honestly, I haven't missed them. I guess it helps that I don't really play much in the way of the latest/greatest games anymore, so tweaking for maximum performance isn't as necessary as it was. Also, running unsigned drivers defeats some of Windows security, and the way I see it, if the program isn't useful enough to come up with the cash for a signed driver(through user donations), it isn't useful enough.

To somewhat answer your question, it started by being able to disable signature check through Windows itself, but that was disabled after SP1(?). I /think/ you can still do it just before Windows loads by selecting the boot menu, but I'm not sure. There was also a 3rd party program that would insert the appropriate commands at boot, but I only read about it at the time, and never tried it.