Full Text

In the April 2002 article "Ensure driver reliability with Driver Verifier," we showed you how to protect your computer's kernel from being damaged by the effects of a faulty driver by using Driver Verifier to monitor new drivers you've added to your system. In this article, we'll build on what you learned in the April article. We'll show you how to further guard your computer from system instability by identifying unsigned drivers (drivers that aren't digitally signed and, therefore, not tested by Microsoft) and then removing the software programs to which they correspond with the File Signature Verification tool (Sigverif). Implementing this simple process when your system first begins to become unstable, especially if you've recently installed new software, can be a useful step in determining your system problems and can provide you with the troubleshooting data you need to get your PC back up and running in no time.

The path to protection

Sigverif, as shown in Figure A, is similar to Windows 98's Signature Verification Tool and can help you to quickly and easily address potential sources of system instability. We'll begin by introducing you to some fundamental background information on digital signatures and driver signing, and then we'll jump right into showing you how to use Sigverif to identify unsigned drivers on our sample system. We'll teach you how to customize scan criteria, set logging options, and run a scan to determine which files do not possess digital signatures. Finally, we'll show you how to control unsigned driver installation on your Windows 2000 machine by blocking the installation of unsigned files.

In search of signature security

Each time you install new software on your computer, there is potential for the software installation process to overwrite system files with incompatible versions. Windows 2000's system files have a Microsoft digital signature, which is a means for originators of a message, file, or other digitally encoded information (in this case, Microsoft) to bind their identity to the information. These signatures ensure that a particular file has met a certain level of testing by Windows Hardware Quality Labs (WHQL), and that the file hasn't been altered or overwritten by another program's installation process.

This process is called driver signing...