Hardware Installation: What You Need to Know
with drivers signed by Microsoft, any changes to a device driver signed by a manufac-
turer invalidate the digital signature, giving you a clear indication that a device driver
has been tampered with.
Because unsigned drivers have been neither validated nor authenticated, they are
much more likely than any other device driver or program you’ve installed to cause
the operating system to freeze or your computer to crash. This is why Windows Vista
warns you by default when you try to install a device with an unsigned device driver.
You can also configure Windows to eliminate this warning or to prevent unsigned
drivers from being installed.
Unlike Windows XP, you can only manage device driver settings through Group Pol-
icy. In Group Policy, you can configure device-driver-signing settings using the
“Code signing for device drivers” policy (see Figure 5-4). This policy is located in
User Configuration\Administrative Templates\System\Driver Installation. When you
enable this policy, you can specify the action to take as Ignore, Warn, or Block.
These settings are used as follows:
Allows you to install any unsigned driver without having to see and respond to a
warning prompt
Prompts you each time to continue with the installation of an unsigned driver or
to stop the installation
Prevents you from accidentally or purposefully installing unsigned driver software
You’ll learn more about Group Policy in Chapter 26.
How Does the Operating System Obtain Driver Updates?
As you’ll learn in Chapter 20, Windows Vista uses a feature called Windows Update
to keep the operating system, its components and services, and related Microsoft
software up to date. You can configure Windows Update to obtain updates for
device drivers. If you do this, Windows Vista checks for driver updates as part of the
normal update process.
Because Windows Update only updates device drivers included with the operating
system, any devices you’ve installed that have their own device drivers are not neces-
sarily updated in this way. Still, driver information files do contain information
about particular classes of devices or related sets of devices, so it is possible that as
manufacturers introduce new models of hardware devices, support for these newer
devices will be added through the update process. This is one of the reasons why
when you connect a new device, Windows Vista checks for a matching driver auto-
matically using Windows Update.
Chapter 5: Customizing Your Computer’s Hardware Devices
As long as your computer is connected to the Internet when you install a new device,
this check is automatic and transparent. If you don’t want Windows Vista to check
for drivers automatically, or you want Windows Vista to notify you before checking
for drivers, you can change the default Windows Update Driver settings by complet-
ing the following steps:
1. Click Start and then click Control Panel.
2. In the Control Panel, click System and Maintenance and then click System.
3. On the System page, click Change Settings under Computer Name, Domain,
and Workgroup Settings. Or click Advanced System Settings in the left pane.
4. In the System Properties dialog box, click the Hardware tab and then click the
Windows Update Driver Settings button.
5. As shown in Figure 5-5, select the desired update setting. The options available
Check for drivers automatically (recommended)
Ask me each time I connect a new device before checking for drivers
Never check for drivers when I connect a device
6. Click OK to save your settings.
Figure 5-4. Setting the desired code signing option

Get Windows Vista Security: Praxisorientierte Sicherheit für Profis now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.