February 19th, 2010
When you install a device driver in Windows, you might have seen a warning that the driver is not signed. In that case you need to manually authorize the installation and use of that device driver.
In Vista for example you would see the message below indicating that Windows can’t verify the publisher of this driver software.
But what is the difference between signed and unsigned drivers?
A signed driver is basically a digitally signed driver, which means that the driver software is associated with a digital certificate that allows identification of the publisher of the driver. It also ensures that the driver has never been modified by anyone else, as that would corrupt the signed status and make it unsigned.
So using a signed driver will ensure that Windows can automatically install the driver and prevents malicious software to be installed along with the driver. Considering that drivers operate at a very high security level in the operating system, it is very important to use safe drivers.
Windows Vista, Windows 2008 server and Windows 7 already enforce unsigned drivers to be installed using administrator level access, but how can you know for sure that an unsigned driver is safe?
Well, you cannot really. So always make sure that your security software is up to date and active, and make a backup or create a system restore point before you make any changes to your system, especially when installing device drivers.
Verify unsigned drivers in Windows XP
In Windows XP, the enforcement of signed drivers is not present, so the risk of installing unsigned drivers with all associated risks is much higher.
One thing you can do in Windows XP is to find the unsigned drivers in Windows XP and, if possible, replace them by newer, signed drivers.
Microsoft has detailed instructions on how to use the Windows XP Signature Verification Tool to check the unsigned driver files. This also describes the common problem with power management in unsigned drivers, so you can try to update or replace the unsigned drivers by signed drivers, or disable the unsigned drivers if they do cause such problems.
Disable Unsigned Driver Warnings
It is not something we recommend, but as a user you can actually disable the warnings regarding unsigned drivers in Windows XP. Right-click the My Computer icon, and select Properties in the popup menu. Now select the Hardware tab, and click the Driver Signing button. Next, select the Ignore option and click OK.
If you are using Windows XP Professional, you can also change the security policies to do the same.
Type “secpol.msc” at the Run option in the Start menu and press Enter. Then browse to Local Policies -> Security Options. Now find and change the option “Devices: Unsigned driver installation behavior” to “Silently succeed”. This requires a reboot of the computer.
Use unsigned drivers in Windows 7
Windows 7 will not allow you to install unsigned drivers as well. Although it is good to protect an operating system from installing potentially unreliable drivers, in some cases there simply are no signed drivers available, and the unsigned drivers are the only way to make a device work.
In Windows 7 you can disable driver signing from the Start menu (F8), but that will need to be done during each boot.
Other options are to use the Group Policy editor, which will work for the Ultimate (and I also believe the Pro versions):
- start the Group Policy Editor using the gpedit.msc command on the start menu.
- select User Config -> Admin Templ. -> System -> Driver installation
- select IGNORE in the dropdown box
If the Group Policy Editor option is not available, you can use this method:
- start a command prompt with admin rights (right click and select Run as Administrator)
- type bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS and press Enter
- type bcdedit.exe -set TESTSIGNING ON and press Enter
After this you should be able to install unsigned drivers in Windows 7.
In case you want to revert the changes, use DENABLE_INTEGRITY_CHECKS as the last option in the first command and OFF instead of ON in the second command.
If all this does not work for you, you can try signing the driver yourself. Windows supports a test mode which allows signed (but not digitally verified) drivers to be loaded. A utility called Driver Signature Enforcement Overrider can be used for this purpose.
To update your drivers in a few simple steps, you can use a driver update tool.
Entry Filed under: Device Drivers