Submission + - Vista Work-Around Highlights Security Flaws (pcworld.com)
eldavojohn writes: "A simple trick has netted some developers the ability to load unsigned drivers by simply registering a tool that loads its own unsigned driver and allows any unsigned code to be placed as a driver in the kernel. And the tool is freely available. Probably more damaging that releasing this tool into the wild is what one of the developers had to say. He anonymously commented about this particular security feature of Vista and that it "doesn't prevent malware, it just prohibits freedom to choose. A signed file uniquely identifies the company that developed that file, but when companies can be created and registered in jurisdictions known for protecting the privacy of company founders and directors you have to ask what does driver signing actually represent? While driver signing certificates can be revoked, new certificates, with enough money, can be created faster than it takes to change a file's signature. If this is indeed the case, then it is the hobbyists and home user that end up paying the cost.""