Microsoft no longer signs Windows drivers for Process Hacker

[German]Brief  information, which is already here with me since August 2021, but which I have not yet addressed in the blog. David Xanatos has pointed out to me that Microsoft is refusing to sign drivers for the new Process Hacker without giving any further reason. The whole thing is addressed on GitHub in this thread. This means that newer versions of this tool (and tools like ProcessExplorer) can no longer be used. 


Advertising

Process Hacker is a powerful and versatile tool that can be used to monitor system resources, debug software, and detect malware for free. David Xanatos had already posted a comment in the discussion area about it – on my hint – a long time ago. I'm dragging his text here into the blog post, since I clean up the discussion area from time to time.

I'm sure many are familiar with the ProcessHacker tool, a very advanced task manager with a UI that takes a lot of getting used to.

It looks like the developer of the tool has massive problems getting a new driver signed by MSFT, as he reports on a github discussion

The signing process fails each time without any error messages and Microsoft claimed "this surpasses our support"… They've just fucked me around endlessly until the certificates expire.

[…]

The exact same issue happened when submitting to Microsoft Winget:

I tired emailing him but never got a response about this behavior. You can also see how many times the package failed for unexplained reasons and that exact same problem happens when submitting the driver: microsoft/winget-pkgs#373

Microsoft Process Explorer has the same functionality so they don't have standing to block competitors then go and include the exact same features in their own software.

Microsoft has been secretly adding more powerful features than Process Hacker via their SAC product – SAC has no security whatsoever by design – they're clearly targeting the project not because of any actual technical issues but rather because we're more popular than their products, so they're using the same (illegal and anti-competitive) tactics they used against Netscape Navigator to eliminate competition but also labeling the project malicious in an attempt to mislead the competition regulators.

[…]

The large majority of changes by Microsoft are limited to restricting the Windows API with signature checks that block competitors software (e.g. CreateWindowInBand, NtQuerySystemInformation, NtQueryInformationProcess to name a few) rather than directly targeting the drivers themselves.

The signature checks added to those functions and classes only block third-parties and this includes signed binaries. We won't be able to implement the same functionality as Task Manager and Process Explorer because of those Microsoft-only signature checks even after we sort out the submission issue.

Always-on-top, Auto-elevation, DPS statistics, Default taskmgr application preferences (Microsoft hardcoded taskmgr.exe blocking competitors), GPU statistics (deliberately broken on Win10 and Win11 recently) and the DirectUI framework are some examples of features that I want to implement and are currently implemented by Task Manager but are Microsoft-only signature restricted while newer more advanced security like PPL that we desperately need are also Microsoft-only signature restricted.

The only certificate allowed to use these and other functionality is now limited to Microsoft Windows certificates – the same certificates used with Task Manager and Process Explorer – while SAC has even more powerful functionality than anything else (including Process Hacker) with absolutely no security whatsoever.

I've been complaining to Microsoft employees for years about this stuff but the attacks keep getting worse and I've since started demanding our competition regulator prosecute the company after they labeled the project malicious last year… Microsoft claims to love open source and be more transparent these days but the bullshit they're doing with SAC, taskmgr and procxp while attacking competitors and trying to limit competition and kill off the project is insane.

[…]

I was around during the 90's and they killed Netscape with this exact same behavior by changing APIs and blocking Netscape from those same APIs.

Windows owns the market for the simple reason it's not some locked down garbage controlled system so they need to start communicating these changes if they intend to kill off third party task managers or instead doing something about the numerous complaints and issues that I have complained about or they'll end up getting prosecuted and charged by regulators again just like last time when they did this exact same bullshit with Netscape.


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Windows and tagged , . Bookmark the permalink.

5 Responses to Microsoft no longer signs Windows drivers for Process Hacker

  1. A tasteful Sunday says:

    That seems like an annoying issue.

  2. Dave-o says:

    Notice how it's now virtually impossible to disable Windows Defender nowadays? Libvirt is also having trouble getting Microsoft to cert their drivers. Etc, etc etc. Who gave them the right to limit our freedom to run what we want on our computers?

    Reviews about Windows 11 at formerly-credible websites like http://www.arstechnica.com & http://www.thevirge.com, etc are so pathetic, "oh the new toolbar! But mah techichial anayasis is that there are some old dialogs still in control panel! I wants mah new eye-candys!". And their sycophantic commenters are vastly worse.

    Truth is, Microsoft's strategy may have been FUD in the past but now it's evolved to 'slowly tighten the noose'. The reason I liked Windows was my ability to audit it. At least someone should be able to. Now with hardware-enabled DRM secure envelopes & encrypted memory regions, that is becoming impossible. Which is exactly their plan.

    Because, you see, Microsoft wants to become like Apple: "We respect your privacy; your secrets are between just you and us." Do you trust there's no and will be no future Microsoft-only back-doors in the Windows Firewall? Really?

    Who actually owns your machine? Can you actually stop your iPhone from updating? Nope. In the past I tried and their upgrade permanently broke some CAD apps I heavily relied on. And there's no way back, baby. The content I created? *poof*

    It used to be more a Facebook / Google thing. Post on social, they have a permanent free license to use your content and treat it however they like. All corporations are liable to their shareholders if they don't maximize profits. Why are these guys so insanely profitable? What do they actually create? They're all just leaches on our data.

    SO, either get used to the 'brave' new world: mega-corporation$ & the government own your most intimate personal information and control the devices you rely on. Or switch to linux and at least have a prayer of someone keeping the software you rely on honest by auditing it. Just someone having the ability to see what's going on inside that secure-enclave hiding in your computer is enough of a threat to keep them honest.

    These days, most folks live in their browser. Maybe play some games. Install Kubuntu and run firefox and most Windows users will barely be able to tell the difference. Getting Windows running inside a QEMU virtual machine isn't really that difficult. At least that way you have a way of firewalling Windows that's outside of Microsoft's control. It's a bit more tricky for mom but is becoming more turn-key & productized all the time.

    Linux Wine is coming along nicely. The day is fast approaching when Windows games will run great directly on Linux. Steam Deck will push this over the curve and it's all down-hill from there. Why prioritize targeting Windows when Linux becomes a large market? Multi-platform is kinda ugly but it's a thing. All other things being equal (usability, compatibility, etc) consumers will always opt for more privacy and control. And this is the way out of this privacy & control mess.

    With IPFS and distributed platform tech so close, the new future will be the public ridding themselves of these menaces both for social and their personal devices. At least I hope so.

    /rant

    • guenni says:

      I agree with you, time to move to Linux …

    • William Kane says:

      On Server 2019 I can just uninstall, yes, COMPLETELY uninstall Windows Defender.

      All I had to do was open PowerShell as administrator and enter:

      Uninstall-WindowsFeature Windows-Defender

      I then disabled SmartScreen for Explorer and Microsoft Edge using their respective system-wide group policies which can be found in the group policy editor, which you can open by opening the Start menu and pasting the string GPEdit.msc, then right click and choose to runit as Administrator:

      Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender SmartScreen.

      Another benefit of doing this on an enterprise Windows installation is that disabling both policies will actually prevent the SmartScreen binary from launching at all, and phoning home occasionally.

  3. Dave-o says:

    Moving to Linux isn't the right answer to this. Not solving the problem but only hiding it …

Leave a Reply to William Kane Cancel reply

Your email address will not be published. Required fields are marked *