Disable driver signing :
Microsoft has introduced a new kernel security component for the 64-bit editions of Vista. Windows mandatory kernel mode and driver signing implies that all modules or drivers designed to run at kernel level have to feature digital signatures, to attest the software is provided by a legitimate publisher. Still, not all drivers are signed and there are many legitimate reasons for disabling driver signing in Vista.
Many of the virus, adware, security, and crash problems with Windows occu when someone installs a driver of dubious origin. The driver supposedly provides some special feature for Windows but in reality makes Windows unstable and can open doors for people of ill intent who want your system for themselves. Of course, Microsoft’s solution is to lock down Windows so that you can use only signed drivers. A signed driver is one in which the driver creator uses a special digital signature to “sign” the driver software. You can examine this signature (as can Windows) to ensure that the driver is legitimate.
Windows 2008 doesn’t load a driver that the vendor hasn’t signed. Unfortunately, you’ll find more unsigned than signed drivers on the market right now. Vendors haven’t signed their drivers, for the most part, because the process is incredibly expensive and difficult. Many vendors see the new Windows 2008 feature as Microsoft’s method of forcing them to spend money on something that they dispute as having value. Theoretically, someone can forge a signature, which means that the signing process isn’t foolproof and may not actually make Windows more secure or reliable. Of course, the market will eventually decide whether Microsoft or the vendors are correct, but for now you have to worry about having signed drivers to use with Windows.
Sometimes, not having a signed driver can cause your system to boot incorrectly or not at all. The Disable Driver Signature Enforcement option lets you override Microsoft’s decision to use only signed drivers. When you choose this option, Windows boots as it normally does. The only difference is that it doesn’t check the drivers it loads for a signature. You may even notice that Windows starts faster. Of course, you’re giving up a little extra reliability and security to use this feature — at least in theory.
You can’t permanently disable the use of signed drivers in the 64-bit version of Windows Server 2008 — at least, not using any Microsoft-recognized technique. It’s possible to disable the use of signed drivers in the 32-bit version by making a change in the global policy (more on this technique later in the section). A company named Linchpin Labs has a product called Atsiv (http://www.linchpinlabs.com/resources/a … design.htm), which lets you overcome this problem, even on 64-bit systems. Microsoft is fighting a very nasty war to prevent people from using the product. (They recently asked VeriSign to revoke the company’s digital certificate and had the product declared malware; read more about this issue at http://avantgo.computerworld.com.au/ava … 69104626.) doesn’t check the drivers it loads for a signature. You may even notice that Windows starts faster. Of course, you’re giving up a little extra reliability and security to use this feature — at least in theory.
I have several devise drivers that are not digitally signed but otherwise work happily under windows server 2008.
At present, during booting up, I need to go thorugh the loop F8 to manually disable "digital driver enforcement", but this is good for the current session only.
Is there a clever way to permanently disable digital driver enforcement, so that I do not have to use the F8 option manually every time?
Thanks.