Support NeoGAF

[winjer]

https://www.windowscentral.com/microsoft/windows-11/microsoft-is-raising-the-bar-and-making-major-changes-to-how-drivers-are-built-and-verified-on-windows-11-heres-the-important-details

Microsoft has announced that it's making changes to how Windows drivers are built and signed, extending its new driver resiliency playbook beyond just anti-virus makers in an effort to ensure drivers are safe, secure, and more reliable.

The most important change is that going forward, signed drivers will have to meet a higher security and resiliency bar, passing many new certification tests. Microsoft also says that it expects to see a significant reduction in code that runs in kernel mode over the coming years, including drivers that deal with networking, cameras, USB, printers, storage, and more.

The company also says that Windows is gaining an expanded set of in-box drivers and APIs, which should allow OEM partners to replace their custom or proprietary kernel-level drivers with standardized Windows drivers, which should help stabilize the OS and also has the added benefit of less overall system bloat.

Here's the rundown of the changes being made to Windows drivers:

• Driver signing will require a higher security and resiliency bar with many new certification tests.
• We are expanding Microsoft-provided Windows in-box drivers and APIs so partners can replace many custom kernel drivers with standardized Windows drivers or move logic to user mode.
• Over the coming years, we expect a significant reduction in code that runs in kernel mode across driver classes such as networking, cameras, USB, printers, batteries, storage and audio.

Microsoft says that Windows will continue to support third-party kernel mode drivers, and that it will not limit partners from innovating where Windows doesn't have in-box drivers. Graphics drivers will continue to operate in kernel mode, for example.

"For kernel-mode drivers, we're adding practical guardrails that improve quality and contain faults before they become outages. These include new mandatory compiler safeguards to constrain driver behavior, driver isolation to limit blast radius, and DMA-remapping to prevent accidental driver access to kernel memory."

For the most part, seems like a good improvement for how drivers are implemented in Windows, making it safer and more stable.
But, I bet that the kernel driver mode will eventually be removed and older devices, which no longer have new driver support, will just stop working.

 

[LordCBH]

Can't wait to see how this absolutely breaks Windows.

 

[Wolzard]

Can't wait to see how this absolutely breaks Windows.

It's going to break, every time they mess with it, something breaks. Usually, a lot of devices stop working.

 

[Punished Miku]

Xbox will be able to send screenshots to your office printer. Calling it now.

 

[adamsapple]

and also has the added benefit of less overall system bloat.

 

[RCX]

"and also has the added benefit of less overall system bloat."

 

[DenchDeckard]

There is a shift happening. I honestly feel MS are going to have to step up and invest to make windows great, or we will just all move on. A change could be just what we all need.

It's up to them to retain us. Hopefully Linux distos get more and more support and delivers what we want.

 

[Jinzo Prime]

https://www.windowscentral.com/microsoft/windows-11/microsoft-is-raising-the-bar-and-making-major-changes-to-how-drivers-are-built-and-verified-on-windows-11-heres-the-important-details

For the most part, seems like a good improvement for how drivers are implemented in Windows, making it safer and more stable.
But, I bet that the kernel driver mode will eventually be removed and older devices, which no longer have new driver support, will just stop working.

This might have a knock-on effect making anti-cheat reliant games work better on Linux, as Windows specefic kernel-level anti-cheat would be gone. Also, getting rid of kernel level anything is overall good for security in general.

 

[thicc_girls_are_teh_best]

10 MB less RAM usage.

Very cool.

 

[StereoVsn]

https://www.windowscentral.com/microsoft/windows-11/microsoft-is-raising-the-bar-and-making-major-changes-to-how-drivers-are-built-and-verified-on-windows-11-heres-the-important-details

For the most part, seems like a good improvement for how drivers are implemented in Windows, making it safer and more stable.
But, I bet that the kernel driver mode will eventually be removed and older devices, which no longer have new driver support, will just stop working.

Yeah, long term they are removing even AV apps out of the kernel after the Crowdstrike fiasco.

But can MS prevent all the shit anti-cheat crap from running in the kernel while at this effort?

 

[thicc_girls_are_teh_best]

This might ironically benefit certain game support (Fortnite, COD etc.) on Linux and derivatives going forward, if Microsoft's shifting driver & program code from kernel space to user space is true. We all know kernel-level anti-cheats create big security vulnerabilities just waiting to be exploited, and MS have already expressed a dislike for them.

So yeah, that is ultimately one good thing with these changes. Of course, that'll benefit Windows as well.

 

[StereoVsn]

The will add a few GB worth of copilot crap though.

 

[Zacfoldor]

https://www.windowscentral.com/microsoft/windows-11/microsoft-is-raising-the-bar-and-making-major-changes-to-how-drivers-are-built-and-verified-on-windows-11-heres-the-important-details

For the most part, seems like a good improvement for how drivers are implemented in Windows, making it safer and more stable.
But, I bet that the kernel driver mode will eventually be removed and older devices, which no longer have new driver support, will just stop working.

 

[memoryman3]

This might ironically benefit certain game support (Fortnite, COD etc.) on Linux and derivatives going forward, if Microsoft's shifting driver & program code from kernel space to user space is true. We all know kernel-level anti-cheats create big security vulnerabilities just waiting to be exploited, and MS have already expressed a dislike for them.

So yeah, that is ultimately one good thing with these changes. Of course, that'll benefit Windows as well.

It's not going to benefit Linux as the kernels there are open sourced. Microsoft can not only ban anti-cheat programs from running in the kernel, but also any cheat program in general. This could lead to a situation where games will refuse to run unless Windows/Mac is detected.

 

[ZehDon]

Linux got 'em shook. Good. Microsoft quite literally cannot afford to lose their OS dominance in any way. Competition here means better a operating system period; better performance, better stability, better security. Objective wins.

Now, let's all wait and see how they manage to drop the ball...

 

[falconhoof]

Can't wait to see how this absolutely breaks Windows.

Don't worry, all those Windows 11 beta testers users will help find the issues so they can be fixed. In time. A long time.

p.s. Sorry for bricking the SSD, -- MS.

 

[Unknown Soldier]

MS needs to ban kernel-level anti-cheat in games. It's ridiculous that every single game you play is allowed to effectively rootkit your Windows installation

 

[winjer]

https://www.techspot.com/news/110319-microsoft-baking-sysmon-directly-windows-11-windows-server.html

Mark Russinovich developed Sysmon and other utilities in the Sysinternals suite to provide advanced monitoring and troubleshooting tools for system administrators. Russinovich now serves as CTO at Microsoft Azure, as Sysinternals is set to become an integral part of the Windows power-user experience.

Russinovich recently announced that Sysmon will be available as a native Windows feature starting next year. The tool is part of the renowned Sysinternals suite of troubleshooting and system utilities, and has long been a critical resource for security professionals and analysts seeking a deeper understanding of system activity on Windows.
System Monitor includes a system service and device driver that remain resident even during an OS reboot, Russinovich explains. Working in conjunction with the Windows Event Log component, the tool can monitor and log a wide range of system activity, including process creation, network connections, file changes, and more.
In simple terms, Sysmon provides detailed diagnostic data that can be leveraged to detect suspicious activity on a Windows system. However, the standalone utility currently must be manually downloaded and installed on each PC. Russinovich notes that this can create significant maintenance overhead for enterprise organizations managing thousands of computers, as Microsoft does not yet provide official support or automatic updates.

 

[DeepEnigma]

"and also has the added benefit of less overall system bloat."

If there's one thing as true as the sunrise and setting, is they MS loves, loves, loves their bloated processes attached to literally everything that's signed.

 

[xrnzaaas]

Meanwhile the same company will keep pushing system-breaking updates treating their customers as beta testers.

 

[Hudo]

MS needs to ban kernel-level anti-cheat in games. It's ridiculous that every single game you play is allowed to effectively rootkit your Windows installation

100%.

If an engineer suggested to me to make a kernel-level anti-cheat solution, I'd fire them on the spot. I don't understand why, especially with the resources that Microsoft have, they don't train neural networks on play session data taken from the servers that are hosted by Microsoft for their games or any game that uses their infrastructure, and to detect irregular player behavior. And then either ban/warn them based on that or forward that to a human-based investigation. I would not bother with putting an anti-cheat solution on the client because that can and will be hacked/circumvented anyway; never trust the client. I mean, if you offer a server/cloud infrastructure that people are paying for (Xbox Live, Windows Azure, etc.) then you can and should roll out a server-based solution as well.