Windows driver compatibility and security issues — how to stay safe | Kaspersky official blog
Credit to Author: Stan Kaminsky| Date: Tue, 03 Oct 2023 14:17:09 +0000
Device drivers are irreplaceable programs written specifically for a particular operating system and a particular device (printer, external drive, mouse, etc.). They allow the OS and running applications to use this device by “translating” commands into the language of the device. Some are written by Microsoft itself; others – by third parties. And when we write that Microsoft is “getting to grips” with drivers, we mean that it’s tending to minimize the latter – those written third-parties.
What’s wrong with third-party drivers
Although drivers are indispensable, there are common problems with using them in practice.
- Compatibility. If the driver installed is incompatible, the device won’t work correctly. And it’s not always possible to keep track of device/driver compatibility using automatic tools.
- Stability. Since drivers work with devices directly, they have high privileges and often run in kernel mode. Many protection and isolation measures that apply to conventional applications are impracticable with drivers. And that means they’re capable of disrupting the entire system. Poorly written drivers are a common cause of freezes, the Blue Screen of Death, and other problems.
- Security. Their high privileges make drivers of interest to attackers. If they find a poorly written, vulnerable driver, they can embed functions in it to perform various actions that are usually off-limits to malware, such as disabling your computer’s security or hiding malicious files from detection. Popular among hackers is the Bring Your Own Vulnerable Driver (BYOVD) technique, in which malware gets installed in the system along with a driver containing exploitable security holes. Drivers used in this way range from video card to gaming anti-cheat drivers.
- Rare updates. All the above issues are compounded by the fact that device manufacturers release driver updates in their own time. Some do so once a month, some once a year, some never.
This complicates life for OS developers, tech support, and users themselves. The only ones who benefit are cybercriminals. To bypass security tools, they could look for vulnerabilities in the operating system itself, but this is quite tricky, and such vulnerabilities, once discovered, get quickly patched. But a vulnerable driver is often never patched, allowing it to run unnoticed — and be exploited — for a long time.
How Microsoft and standardization can solve the driver problem
Put simply, Microsoft wants there to be fewer drivers, and for only the most trusted of coders to be writing them.
Installing Windows used to be a lengthy procedure: after the operating system itself, you had to install three, five… even 10 drivers for your monitor, sound card, printer, scanner, and mouse. Two trends have consigned that to history.
First, Microsoft ships a whole host of drivers with Windows, and many popular devices start working right out of the box. This reduces the chances of downloading corrupted, outdated, or incompatible drivers. However, most drivers are still written by third-party vendors.
Second, the standardization of devices and interfaces has led to entire classes of devices (such as USB drives or mice) communicating with the computer over a common protocol, so that a single driver works with hundreds of devices from different manufacturers.
Microsoft recently announced its next step: the phasing out third-party printer drivers. Going forward, Windows support for any new printer will be through Microsoft’s own IPP Class Driver, and customizations and additions from vendors will be done through Print Support Apps published in the Windows Store. Starting 2025, new printer drivers will no longer be publishable in a Windows Update, and from 2027 this will extend to older drivers as well. True, there’ll be nothing to stop vendors from publishing drivers the old-fashioned way — on their own website, and these drivers will continue to function. However, this will become a niche solution since users are accustomed to convenience.
How to avoid driver threats and problems
- Try to use standard drivers supplied with Windows. Unless absolutely necessary, do not install proprietary utilities and add-ons from the device manufacturer. Practice shows that an 80 MB mouse driver and a 300 MB printer driver are superfluous to requirements, and the equipment works just fine without them.
- If you manually install a driver for a device, check for updates regularly. If a driver has been updated, install the latest version right away. Out-of-date drivers create security risks.
- Before buying a new device, check whether it works with standard drivers. You can do this by reading user reviews or contacting the manufacturer’s technical support. All else being roughly equal, it’s better to choose a device that uses standard drivers.
- The situation is more complicated if you own outdated equipment in need of exotic drivers that likely haven’t been updated for years. If you can, replace such devices with newer ones equipped with automatically updated standard drivers. If that’s not possible, compensate for this security gap with more stringent security settings: don’t use administrator accounts for regular work; uninstall unused applications.
- Protect your computer with a full-fledged security solution that prevents the exploitation of vulnerabilities in drivers and other software. Kaspersky products have dedicated components for this: System Watcher and Intrusion Prevention. System monitoring for suspicious activities is activated by default, but you can fine-tune it in the settings.