XP driver signing isn't (really) a security thing - not yet anyway. As only the administrator can add/remove drivers, the extra protection provided by having the drivers "signed" before installation is low. I'd also imagine that the sigs are not checked prior to loading, just prior to installation. So you could "install" a signed one, and then switch/modify binaries (I guess?). If MS wanted this to be security they would require all executable components be signed before use, and that, combined with "immutible" file access for such signed objects would effectively kill the trojan/virus business.... Dom |-----Original Message----- |From: Kayne Ian (Softlab) [mailto:Ian.Kayneat_private] |Sent: Wednesday, April 17, 2002 2:35 PM |To: Vuln-Dev |Subject: Cisco VPN client | | |Hey all, | When installing the Cisco Systems VPN Client on Windows |XP, it warns you that XP driver signing will cause some |"error messages" to pop up during the installation. To |prevent this, instead of telling you just to OK them, it |actually tells you to go and disable XP driver signing |completely. It makes no mention of re-enabling it afterwards. |Anyone else find that a bit of stupid advice? | |Just FYI, in case your users are doing this themselves. | |Ian Kayne |Technical Specialist - IT Solutions |Softlab Ltd - A BMW Company | | |** Softlab customer, Provident Financial Management Services (PFMS) |has been short-listed in the category of Best Customer Contact Centre |Led Project at the CRM Industry Awards, which are being held on 18th |April.** | |** Softlab presented with the exclusive EMEA Partner award for their |continued success in the implementation of Genesys' |most complex and demanding solutions in Europe. ** | |For further information please see the Softlab website www.softlab.co.uk ******************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use of the information contained within this email or attachments is strictly prohibited. Internet communications are not secure and Softlab does not accept any legal responsibility for the content of this message. Any opinions expressed in the email are those of the individual and not necessarily those of the Company. If you have received this email in error, or if you are concerned with the content of this email please notify the IT helpdesk by telephone on +44 (0)121 788 5480. ********************************************************************
This archive was generated by hypermail 2b30 : Thu Apr 18 2002 - 09:21:19 PDT