Surely that also applies to device drivers? And even FOSS not a complete answer, if no eyes are looking.
Pretty sure WHQL limits the scope of what they can do, like add-on apps or poking at kernel internals in some of the worst ways.
-
-
Not perfect but walled gardens do help against this kind of thing, & for very-high-priv code it's important.
-
There are very strict restrictions for what a driver can do to get signed in Windows, and they keep getting stricter.
End of conversation
New conversation -
-
-
FYI, I've just dug into it. MSFT Update Catalog shipped versions of Conexant driver kit that included MicTray.exe with debug keylogger.
-
That was non malicious and just terrible code, though.
-
Sure, but people seem to assume MSFT's WHQL would prevent such things from getting through MSFT distribution channels vs. vendor driver kits
-
FYI, compared with 20y ago, I credit MSFT with a remarkably robust emphasis on security. Not sure I can say same about today's Linux distros
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.