L
Lano DeMentar
New tool enables loading of unsigned drivers in Vista
new software tool has been released by Linchpin Labs that allows the
loading of unsigned and legacy drivers on Windows XP, 2003, and most
importantly Vista.
One of the system management and control methods that Microsoft implemented
with Windows Vista is requiring system drivers to be digitally signed before
they will load properly within the system. If a user or administrator wishes
to load an unsigned or legacy driver, they will either need to reboot into a
limited functionality mode or just do without the functions that the driver
would have provided.
As others have pointed out, this step will do nothing to prevent malware
authors from being able to load their drivers into the system. Either they
will exploit the lax jurisdiction and corporate oversight of various
countries to establish a corporate shell and gain legitimate digitally
signed driver certification, or they will just exploit weaknesses in
already-signed drivers.
The process of digitally signing drivers risks becoming like that used to
issue SSL certificates - only providing a moderate distraction for those
with malicious intent on their way to obtaining accreditation, but a
significant obstacle for the amateur developers without the necessary
resources.
Into this environment, the developers at Linchpin Labs have released their
Atsiv command line tool that allows for the loading of unsigned and legacy
drivers into 32 and 64 bit versions of Windows XP, 2003, and Vista.
As the developers have acknowledged, this isn't the first tool to allow for
the loading of unsigned drivers, but it is one of the first (if not the
first) to use a signed system component to load an unsigned component.
To gain access to the full features of Atsiv, the user operating the tool is
required to have Administrator privileges before starting the tool.
While Atsiv appears to be a top quality tool for the loading of unsigned
drivers, it won't add the newly loaded driver to the standard drivers list,
nor is it completely loaded into memory (for example, the DOS header is not
loaded). This isn't necessary a drawback, depending on the intent of the
person who is using it to load a driver.
Atsiv also ignores any dependencies that a driver might have, so it is
necessary to ensure any dependencies are preloaded before attempting to load
a driver that requires them. It also allows the same driver to be loaded
multiple times in memory, potentially leading to interesting cases where
multiple instances of a driver are fighting over the same information.
As with any other system modification and administration tool, system
instability, failure or unresponsiveness may be encountered when using
Atsiv - so use is at the user's own risk.
This article originally appeared at Sûnnet Beskerming
new software tool has been released by Linchpin Labs that allows the
loading of unsigned and legacy drivers on Windows XP, 2003, and most
importantly Vista.
One of the system management and control methods that Microsoft implemented
with Windows Vista is requiring system drivers to be digitally signed before
they will load properly within the system. If a user or administrator wishes
to load an unsigned or legacy driver, they will either need to reboot into a
limited functionality mode or just do without the functions that the driver
would have provided.
As others have pointed out, this step will do nothing to prevent malware
authors from being able to load their drivers into the system. Either they
will exploit the lax jurisdiction and corporate oversight of various
countries to establish a corporate shell and gain legitimate digitally
signed driver certification, or they will just exploit weaknesses in
already-signed drivers.
The process of digitally signing drivers risks becoming like that used to
issue SSL certificates - only providing a moderate distraction for those
with malicious intent on their way to obtaining accreditation, but a
significant obstacle for the amateur developers without the necessary
resources.
Into this environment, the developers at Linchpin Labs have released their
Atsiv command line tool that allows for the loading of unsigned and legacy
drivers into 32 and 64 bit versions of Windows XP, 2003, and Vista.
As the developers have acknowledged, this isn't the first tool to allow for
the loading of unsigned drivers, but it is one of the first (if not the
first) to use a signed system component to load an unsigned component.
To gain access to the full features of Atsiv, the user operating the tool is
required to have Administrator privileges before starting the tool.
While Atsiv appears to be a top quality tool for the loading of unsigned
drivers, it won't add the newly loaded driver to the standard drivers list,
nor is it completely loaded into memory (for example, the DOS header is not
loaded). This isn't necessary a drawback, depending on the intent of the
person who is using it to load a driver.
Atsiv also ignores any dependencies that a driver might have, so it is
necessary to ensure any dependencies are preloaded before attempting to load
a driver that requires them. It also allows the same driver to be loaded
multiple times in memory, potentially leading to interesting cases where
multiple instances of a driver are fighting over the same information.
As with any other system modification and administration tool, system
instability, failure or unresponsiveness may be encountered when using
Atsiv - so use is at the user's own risk.
This article originally appeared at Sûnnet Beskerming