Microsoft ENFORCE all kinds of kernel drivers running under Windows 7 64-bit must be signed by VeriSign. This is a vital feature to keep OS integrity.
However, there remains an only backdoor: If the user presses F8 during the boot process, then the user can choose an option to allow unsigned drivers to be loaded.
I know the backdoor is indispensable for driver development and testing; but for general users, this option is not only useless but also dangerous. For example, a malicious guy can intrude an encrypted system and intercept decrypted data via an unsigned filter driver.
If there is a way for the administrator to disable F8, then the backdoor will be blocked perfectly. To my knowledge, however, currently Microsoft offers no way to do this.
This page ( http://guino.home.insightbb.com/nosafefaq.html ) says their NoSafeMode.exe can do that. I tested NoSafeMode.exe and found it indeed can do that.
I am really very curious how NoSafeMode.exe does that. I am astounded by their declarations as follows:
(1) Does it modify my Operating System Files? NO. This tool was designed to be 100% legal and as such, it does not modify, edit, replace or remove any operating system files.
(2) Does it modify my Operating System Settings? NO. This tool was designed to work independent of Operating System settings and as such, it does not modify, edit, replace or remove any settings or registry data.
(3) How long does the Lock/Unlock process take? The Lock/Unlock process takes merely seconds, and can be automated by using of command line parameters for your convenience.
(4) How long does the Lock protection last? The Lock will remain in place indefinitely until you choose to unlock it or until you completely re-install the Operating System on the machine.
(5) Does it use any memory or hard disk space? NO. This tool simply sets up your computer in a one-time process after which you don’t need to have it running or even saved in the computer for it to continue working. In fact I recommend you do not leave a copy of the software in the machine in order to prevent attempts to remove the Lock from the machine.
I don't intend to advertise the tool. I just want know how to program to disable F8 as NoSafeMode.exe does.
Any help will be highly appreciated. Many thanks in advance.