Microsoft are doubling down on their efforts to make Windows 10 more secure by announcing that all drivers for fresh installs of the operating system will now have to be digitally signed by the Redmond based business.
Admittedly Microsoft have made this statement before, last year in fact, when it said that all kernel mode drivers would have to be verified via the Windows Hardware Dev Centre Portal in order to signed off digitally by Microsoft.
However, Microsoft never quite got around to enforcing the move as a rule due to technical feasibility issues, and instead opted for it as a best practice guide for developers.
“Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal. OS signing enforcement is only for new OS installations; systems upgraded from an earlier OS to Windows 10, version 1607 will not be affected by this change.”
But from now on, and starting with Windows 10 version 1607 fresh installations, all new Windows 10 drivers will have to be signed off or Windows 10 wont install them on users’ systems by default.
Fortunately, and in a move governed by common sense, the new policy does not apply to old drivers, just new ones going forward, and also only to new, fresh installations of the operating system.
Systems that already have Windows 10 installed and are just upgrading to the latest version of Windows shouldn’t be affected.
“We’re making these changes to help make Windows more secure. These changes limit the risk of an end-user system being compromised by malicious driver software.”
Not of course that any of the above will guarantee that malware won’t make it onto users systems via drivers, but it does make sure that driver publishers are authenticated more robustly, and it helps keep Windows 10 more secure at a base level.