(no title)
Lan
|
9 years ago
Actually, my complaint is that if you go through the effort of manually disabling driver verification checks at boot time, Microsoft should respect your decision and allow you to persist that decision for that driver, even if you reboot and turn verification back on. They don't, and instead give you an all or nothing approach, with the nothing approach being a hassle and leaving a permanent watermark in the bottom right corner of your display.
ksk|9 years ago
If you have a whitelist, then malware authors would ship a primary driver that is signed and "clean". This clean driver just changes the whitelist so other malware can be executed without signature checks. I would suggest you first model the threat, model your response and analyze the different approaches.