MSFT tightens the Trusted Computing screws in Vista

Vista, the new version of Windows, has tightened the Trusted Computing screws, putting hardware companies on notice that they will have to get their drivers approved by Microsoft before shipping them. Microsoft had previously designed Vista to simply warn users if their drivers were "unsigned" -- that is, not approved by Microsoft -- but in a new announcement, the company pledged to make it impossible to load any unapproved drivers under Vista.

This has been positioned as an anti-spyware measure, but it will also have the effect of making copy- and use-restriction systems more restrictive. You won't, for example, be able to install alternative drivers for a video-capture card that lets you ignore anti-copying watermarks in your videos, effectively taking control away from you, the owner of the computer, and indiscriminately giving it over to anyone who can insert a watermark (no-copying watermarks have already been illegally inserted into many Fox programs, resulting in their not being stored by TiVo video recorders).

Another effect of this will be to raise the cost of developing drivers, since developers will be required by Microsoft to buy a VeriSign Class 3 Commercial Software Publisher Certificate, at an unknown cost.

Still, what is this going to stop? SONY screwed up majorly, but nothing bad has really happened to them. Do you think that a $500 fee is going to deter spyware companies?

Spyware/adware authors aren't some teenagers... they're million-dollar businesses (or larger). Do you think they care if they have to get a new $500 certificate every few months? They probably spend twice as much on lunch during that time.

Do you think Verisign is going to selectively refuse to grant certificates to paying customers just because they're suspicious? They'd be sued immediately by the first rich "victim" company, and would probably settle quickly to avoid the bad press.

It's not like Verisign will magically prevent the bad guys from doing harm. Remember, this is Verisign we're talking about - not exactly a model for ethics.

Link (Thanks, Tom!)