Can anyone tell me why I should trust a downloaded driver that is unsigned and time stamped from a verifyable authority? I just downloaded the latest ROM image for my Axim X50v and when I went to install it, the XP security pop-up appeared, notifiying me that the application I was attempting to run was not trusted and unsigned.
A company the size of Dell should ALWAYS have their drivers signed to prevent "non-Dell" code from being insterted and run on some unsuspecting system, which may contain viruses and other malicious code. In my opinion, this is poor development practices and really bad form.
Someone from their driver development area should be considered expendable, if they routinely cause a bad taste in a customer's mouth, such as this. Now that I've checked other downloads and find that this is a standard practice, I'm not so sure I'd buy from Dell any longer. Now, I'm not saying they write bad drivers, but coming from the security world, I know what can happen if you don't have some kind of "checksum" that tells you the file you are installing has NOT been modified, since written and packaged up for public consumption.
Has anyone else out there in the community run in to this concern? And can Dell explain themselves on this issue?
Since you only get the image from Dell's web site, don't you feel that it should be pretty secure? You would never get the image from any other source. and since viruses are not a problem with the pda, it just doesn't seem like it would be a problem. please feel free to correct me if i am missing something.
Do you have any idea how long it takes to get drivers signed? Neither do I, but I do know that it takes a REALLY long freakin' time. Personally, I'd rather have the latest drivers to improve performance or fix bugs than have to wait another year while goes through the rigorous process of getting their drivers certified by Microsoft.
Of course, no one's forcing you to update. You can always stick with the latest signed versions of your drivers instead of updating to the unsigned version if it truly gives you the Warm Fuzzies™. *shrug*
Oh, and in addition to time, digital signing from MS also costs money. If Dell is in the practice of NOT getting their drivers signed, then that may be why they have some of the more inexpensive hardware in the industry; they could be passing the savings on to us, the consumers. That seems to be a good thing to me =)
It actually doesn't cost anything or take any time does it? Dell would already have the certificate, just didn't use it to sign. Or maybe I'm misunderstanding. Seems kinda sloppy to me.
__________________
Always read stuff that will make you look good if you die in the middle of it.
many times drivers are sloppy.....many big companies such as DLink, Logitech, and others will even say in their manual to just hit continue even if xp says its unsigned
It actually doesn't cost anything or take any time does it? Dell would already have the certificate, just didn't use it to sign. Or maybe I'm misunderstanding. Seems kinda sloppy to me.
The digital signing is done by Microsoft. MS takes the driver, runs it through a series of tests, and then puts their stamp of approval on it (or doesn't, I suppose, if the driver fails testing =). It's a time-consuming and costly process.
If Dell truly is in the habit of not getting their drivers signed, I couldn't speak to why they are. It could be a cost concern, or they may wish to rush things out.
I've even seen drivers be released unsigned, only to be "re-released" (in a manner of speaking) as signed, with no changes to the driver other than the digital signature. If you want the latest and greatest, you sometimes have to accept the lack of signature.
A digital signature isn't a security thing. It's a method of determining whether or not your hardware will play well with other WHQL (Windows Hardware Quality Labs) certified hardware (and the corresponding WHQL certified drivers).
The idea behind it is if you build a system using ONLY certified drivers, then the drivers will never conflict and cause system failure. It doesn't mean that they're bug free, and that the latest video card drivers won't cause a problem with your favorite game or anything.
I think the poster actually means an X.509 certificate to verify that the file (in this case the ROM update) has not been changed by malicious users. He's apparently thinks a ROM update is the same as a driver update. WinXP SP2 has that popup that asks the user whether they want to run a certain EXE when executed, and will display information regarding its digital signature. I don't think Dell needs to go to Microsoft for this; all they have to do is get that own certificate, and sign their files with this cert.
While it is sloppy for a company like Dell not to sign their files routinely, I personally wouldn't take drastic measures like never buying from them again just because they don't sign their files. Sometimes security isn't all about encryption, digital signatures, etc., but also just plain common sense. Like someone else said, if you don't feel safe, don't upgrade. Also, what's the worst thing that can happen? Your Axim crashes and burns? Return it to Dell, saying their ROM update killed it. After all, you *did* back up your files didn't you? :)
And sometimes security is up to the person on the other side of the monitor.
I've been using computers since 1978 (TRS-80) and I have only ever had 1 virus...thanks to some jackass who was actually stupid enough to use Internet Explorer on my machine.
Knowledge, care, and information are far more important to me than some 'razzle dazzle'.
But hey, this is 2005 and those terrorists might sneak into our machines and take over our pr0n!
I think the poster actually means an X.509 certificate to verify that the file (in this case the ROM update) has not been changed by malicious users. He's apparently thinks a ROM update is the same as a driver update. WinXP SP2 has that popup that asks the user whether they want to run a certain EXE when executed, and will display information regarding its digital signature. I don't think Dell needs to go to Microsoft for this; all they have to do is get that own certificate, and sign their files with this cert.
That seems to make a little more sense.
If we assume that Dell has such a certificate, then it doesn't make sense that they don't sign their downloads.
Assuming that they don't, once again it could be a cost issue. =)
Follow Us
RSS Feed
Follow on Twitter
Facebook
YouTube
Addicted Member
