Windows 10 is making considerable efforts to tighten up on the security front, and Microsoft has just announced changes to how it vets drivers for the operating system – all of these must now be digitally signed by Redmond.
As Betanews spotted, it was actually last year that Microsoft announced that all kernel mode drivers would need to be submitted to the Windows Hardware Dev Center portal in order to be digitally signed.
But at the time, Microsoft didn’t enforce this as a rule – due to various ‘technical-readiness’ issues, it was only implemented as policy guidance.
However, from now on, starting with installations of Windows 10, version 1607, this will be fully enforced and any drivers not signed off by the aforementioned Dev portal won’t be loaded by the OS.
Note that this doesn’t apply to old drivers, just to new ones going forward. Also, the new policy only applies to fresh installations of Windows 10, so systems upgraded from previous versions of Windows will still allow the usage of cross-signed drivers.
The idea of the new policy is to make users less vulnerable to rogue drivers potentially laden with malware, as Windows 10 obviously won’t accept any driver that isn’t signed off by Microsoft in the future.
Redmond is also making a number of improvements to security with the incoming Anniversary Update, including enhancements for Windows Hello, and fresh anti-malware measures for Windows Defender. The update starts to roll out tomorrow.