1. Driver installation methods
Drivers can be
added to a Windows system in a number of ways. The most common method
is through the installation of Windows 8. During installation, drivers
are installed for all the devices that are present.
-
Windows Update In
some cases, new drivers are installed or updated through regular
Windows updates. As new drivers become available—particularly from
Microsoft—they are delivered through the Windows Update process.
-
Hardware installation disc
Many devices ship with a hardware installation CD that includes all the
drivers and software necessary to enable the device to operate. Just
place the installation media into the CD-ROM drive of the computer and
follow the installation instructions that came with the device.
In some cases, device installation instructions require you to run
the installation CD before you install the hardware so that the drivers
are ready when the device is ultimately installed.
-
Internet download
As the age of the optical drive comes to an end, most companies also
make driver and software downloads, which replace the antiquated CD,
available on their websites. However, downloads are just new media for
a new century. Otherwise, the installation process is the same as it is
when using an installation disc.
-
Pre-staging drivers
In many
organizations, administrators pre-stage drivers by installing all the
drivers that someone might need before deploying a new computer.
Two kinds of drivers are available: signed and unsigned. A signed driver carries with it a digital
signature that verifies the publisher of the driver and ensures that
the driver file has not undergone unauthorized modification, so it is
less likely that someone has added malicious code to the driver file
that could compromise the security of the system.
Important
DRIVER SIGNING IS NOT A CURE-ALL
Although driver signing improves the overall security of the system,
it’s important to remember that driver signing alone will not fix every
security issue. It’s still possible for bad code to be introduced in a
driver before the signing process or for an unauthorized entity to
attain access to driver signing. Either way, use caution, even with signed drivers.
An unsigned driver does not carry any guarantee that the company
that issued it is legitimate, and there is no guarantee that the driver
file has not been tampered with. Unsigned drivers are more likely to carry a driver file containing malware or be untrustworthy.
Remember that user-mode device drivers operate at a high level in
the operating system with user rights. Kernel-mode drivers can create a
major security issue.
You can use the Sigverif.exe utility to determine whether the files and drivers on a computer have been signed. To use Sigverif.exe, type sigverif.exe
at a command prompt to open the Signature Verifier utility. Click Start
to begin the scanning process. The utility displays the scanning
progress, as shown in Figure 1.
