Software


Examining Windows 10 Anniversary Update's Driver Signing Enforcement Policy

Examining Windows 10 Anniversary Update’s Driver Signing Enforcement Policy

Windows 10 Anniversary Update came out at the beginning of August, with plenty of new user-facing features. There were also plenty of changes under the hood as well, including a change in policy regarding how Windows 10 handles device drivers.

When the 64-bit versions of Windows launched over a decade ago, as a security measure Microsoft decided to require that all kernel mode drivers must be signed to be loaded. Under the aptly named cross-signing requirement, hardware vendors would need to get a certificate from one of the major certificate authorities, and use that to sign their drivers. The idea being that by enforcing signing restrictions, it would be much harder for malware to masquerade as legitimate drivers.

This however didn’t go quite as well as planned. In particular, malware authors begun stealing driver signing certificates from hardware vendors, allowing them to distribute malware that was for all practical purposes authentic as far as the operating system was concerned. As a result, when Windows 10 initially launched, Microsoft decided to take things one step further and require that not only would kernel mode drivers need to be signed, but that they would need to be WHQL signed by Microsoft.

With that said however, Microsoft’s plans hit a snag. There were technical complications to this decision, as well as a problem with the ecosystem being ready for this change. So for Windows 10, WHQL signing was a policy statement and not something that was enforced.

Now with the rollout of the Windows 10 Anniversary Update (version 1607) this policy is no longer just policy, but an enforced requirement: in a fully secure x64 system, all kernel mode drivers must be signed by Microsoft. But, as with all rules, there are exceptions. The new requirement does not affect anyone who has upgraded from a previous build of Windows 10, and therefore it only affects new clean installs of Windows 10 1607. Furthermore the policy is only enforced if Secure Boot is enabled, so for those that require the ability to run traditionally (non-Microsoft) signed kernel mode drivers, one possible work around is to disable Secure Boot. As a backwards compatibility measure, Microsoft is also allowing the installation of drivers signed with end-entity certificates issued before July 29, 2015 which are signed by a supported CA. Finally, to prevent boot issues, boot drivers will not be blocked at this time, but the will be blocked in future versions of Windows.


An example of a warning notice for a driver now blocked under Windows 10 Anniversary Update

Getting to heart of matters then, the additional signing requirements for Windows 10 piqued our curiosity on driver compatibility, and as a result we’ve gone and taken a quick look at how this change impacts the average user. In practice, it shouldn’t impact very many people at all, as many hardware vendors only ship WHQL (Microsoft signed) drivers to begin with. But there is one particular segment of hardware manufacturers that still semi-regularly release non-WHQL drivers, and that’s the GPU vendors. Both AMD and to a lesser extent NVIDIA periodically release beta, hotfix, and other types of drivers that aren’t WHQL signed. The obvious question then is raised: will users still be able to run these non-WHQL driver releases under Windows 10 Anniversary Update?

To answer that question, we reached out to both companies for comment, and while only NVIDIA got back to us, they are not too concerned:

“All of our Game-Ready driver releases are fully WHQL certified, so this shouldn’t significantly impact GeForce users at all.” – NVIDIA Spokesperson

As NVIDIA only releases the occasional non-WHQL hotfix driver, they are less likely to be impacted to begin with. And indeed, they haven’t had a hotfix release since before the release of Windows 10 Anniversary Update. AMD on the other hand has had a couple such releases, so we decided to simply see what would happen if you installed a non-WHQL driver release on a Secure Boot enabled system.

As it turns out, even AMD driver releases marked as non-WHQL are still sent to Microsoft for signing. And as a result they install on Windows 10 Anniversary Update just fine. Now to be technically accurate, AMD could always ship an unsigned driver if they deem it necessary. But as we can see, some thought has been put into this, and the company isn’t releasing any drivers that won’t install under Windows 10 Anniversary Update. Nor, do I expect that NVIDIA would ship unsigned hotfix drivers either.

The net impact to the average user then is essentially zero. Having drivers that are signed by Microsoft but not fully WHQL does blur the line between what is and isn’t really WHQL. But because all drivers are being signed regardless of WHQL status, it means that non-WHQL drivers are just as usable under Windows 10 Anniversary Update as they were before with the original release of Windows 10. This, ultimately, was the conclusion we expected to find. But it’s nice to be able to confirm what we’ve already suspected.

Windows 10 Anniversary Update Launching August 2nd

Windows 10 Anniversary Update Launching August 2nd

While certainly not as big of an update as the original launch of Windows 10, the next major update now has a release date. August 2nd will be the date where all of the latest additions and features will be coming to Windows 10. The insider preview ha…

Windows 10 Anniversary Update Launching August 2nd

Windows 10 Anniversary Update Launching August 2nd

While certainly not as big of an update as the original launch of Windows 10, the next major update now has a release date. August 2nd will be the date where all of the latest additions and features will be coming to Windows 10. The insider preview ha…

Microsoft Announces Q3 FY 2016 Results: Lower Revenue But Strong Cloud Growth

Microsoft Announces Q3 FY 2016 Results: Lower Revenue But Strong Cloud Growth

Today Microsoft also announced their earnings for the third quarter of their 2016 fiscal year. Revenue, income and earnings were all down compared to Q3 2015, with revenue for the quarter of $20.5 billion, which is down 6%. Operating income was $5.3 billion, down 20%, and net income was $3.8 billion, which is down 25%. Earnings per share were $0.47, down 23% compared to a year ago.

Microsoft Q3 2016 Financial Results (GAAP)
  Q3’2016 Q2’2016 Q3’2015
Revenue (in Billions USD) $20.531 $23.796 $21.729
Operating Income (in Billions USD) $5.283 $6.026 $6.594
Gross Margin (in Billions USD) $12.809 $13.924 $14.568
Margins 62.4% 58.5% 67.0%
Net Income (in Billions USD) $3.759 $4.998 $4.985
Basic Earnings per Share (in USD) $0.48 $0.63 $0.61

Microsoft also reported non-GAAP earnings, which exclude revenue deferrals and the impact of restructuring charges. On a non-GAAP basis, revenue was $22.1 billion, which is up 2% year-over-year. Operating income was $6.8 billion, up 1%, and net income was $5.0 billion, down 3%. Earnings per share were $0.62, which was flat year over year. In addition to non-GAAP metrics, Microsoft also added constant currency results due to the high US dollar, and based on constant currency (CC), revenue was up 5%, operating income was up 10%, net income was up 6%, and earnings per share were up 10%.

Productivity and Business Processes, which includes Office commercial and consumer, and Office 365 commercial and consumer, as well as Dynamics products, had revenue for the quarter of $6.52 billion, which was up 1% year-over-year, or 6% based on CC. However, the gross margin for this segment fell 4%, and operating income came in at $2.99 billion, which was down 7%. Microsoft attributes the lower margins due to higher numbers of people using cloud services, which means, at least for the moment, the cloud offerings from Microsoft are making them less money than the non-subscription model, which is pretty interesting. I would guess that a lot of that is due to the large spending that is taking place to constantly expand infrastructure to handle new clients, but that is only a guess.

Looking at the numbers of Office though are very interesting. The consumer version of Office 365 increased from 12.4 million a year ago to 22.2 million this year. That is an increase in seats of 79% year-over-year, which is extremely good. A few years ago, I don’t think a subscription version of Office would have worked, but clearly Microsoft has found a solid hook for consumers with the packages. Even more impressive is the commercial seats for Office 365 business. Microsoft doesn’t often announce their user base for this, but on the earnings call, CEO Satya Nadella announced that they have over 70 million monthly active users for Office 365 commercial, and that is an increase in seats of 57% year-over-year. Also good news for Microsoft is that they have seen a 35% quarter-over-quarter growth in their premium protection services offered as part of the higher tiers of Office 365, and a key driver is the new premium tier, Office 365 Suite E5. Not to be outdone by Office, Dynamics CRM Online has seen its seats more than double year-over-year, and 80% of new CRM customers are choosing the cloud version.

Next up is the Intelligent Cloud segment, which includes server and server products, as well as cloud infrastructure such as Azure. Revenue for the quarter was $6.10 billion, which is up 3% year-over-year, or 8% in CC. Gross margin declined 2% (up 3% CC) year-over-year, and once again due to a higher mix of cloud services. The infrastructure expenditure here is a lot, and operating expenses grew 13% with investments in cloud infrastructure. With the lower margins and higher expenses, operating income fell 14% to $2.19 billion. Server products and cloud services had revenue growth of 5% CC, which is pretty stable, but it is Azure that is the big growth here. Azure revenue grew 120% CC this quarter, compared to the same time last year. Azure compute usage and Azure SQL usage more than doubled, and the Enterprise Mobility customer install base grew almost four times.

AWS is still the king of cloud computing, but Microsoft continues to make big gains here. They also are the only major cloud company to offer a hybrid offering, both with the traditional Windows Server elements, as well as the Azure Stack which can be run locally. At Build, they emphasised that are pushing towards more services in Azure as well, rather than having to have companies do the traditional VMs in the cloud. They still have a long way to go to catch AWS, but they continue to show this is a strength going forward.

The final segment of Microsoft is More Personal Computing, and this includes Windows, Surface, Xbox, phone, and search. Phone has certainly been a sore spot for Microsoft, and they took some big write-downs last year to basically write off the entire Nokia acquisition. For this quarter, revenue for this segment was $9.46 billion, which is up 1% year-over-year, or 3% CC. The increase in revenue this quarter was attributed to search and Surface, but lower phone and Windows revenue were a negative impact. Gross margin was 2% higher, once again due to search and Surface, and operating expenses fell 14% with the lower spending on phone. Operating income grew 57% for the quarter, to $1.65 billion. On a revenue basis, this is the largest single segment in Microsoft, but the margins for consumer are a lot lower than the enterprise services.

Windows 10 is now on over 270 million monthly active devices, but Windows OEM Pro declined 11% this quarter, which was worse than the commercial PC market. Revenue for non-Pro though grew 15%, which is quite a bit better than the PC market as a whole did, due to a bigger ratio of higher priced devices being sold. Windows volume licensing grew 6% CC.

On the devices side, revenue for devices fell 9% CC, and this is due to Lumia phone sales dropping off a cliff. Revenue for Lumia fell 46% year-over-year. This negative marred a great performance by the Surface line, and Surface had a 61% CC increase in revenue to $1.111 billion for the quarter, which is the second straight quarter where Surface was over $1 billion in revenue. Sales of the Surface Pro 4 and Surface Book are doing well.

Microsoft no longer breaks out sales numbers for Xbox, but gaming revenue grew 6% CC for the quarter. Microsoft is seeing an increase in Xbox Live transactional revenue, and they have a 26% increase in Xbox Live users compared to a year ago. Video game revenue was up 11% CC, and I would imagine a good chunk of that is still Minecraft. Xbox hardware revenue declined, with less sales of the Xbox 360 which is now officially out of production.

Search revenue, excluding traffic acquisition costs, grew 18% CC. Microsoft is getting more revenue per search, and search volume is also up. As a tidbit, they said that 35% of search revenue in the month of March was on Windows 10 devices.

Microsoft Q3 2016 Financial Results (GAAP)
  Productivity and Business Processes Intelligent Cloud More Personal Computing
Revenue (in Billions USD) $6.52 $6.10 $9.46
Operating Income (in Billions USD) $2.99 $2.19 $1.65
Revenue Change YoY +1%, +6% CC +3%, +8% CC +1%, +3% CC
Operating Income Change YoY -7% -14% +57%

Microsoft paid $6.4 billion back to investors in Q3 2016, with $3.6 billion in share buybacks and $2.8 billion in dividends. Looking ahead to Q4, Microsoft expects revenues to be between $21.7 billion and $22.4 billion.

The company continues to move from a traditional software company to a cloud infrastructure player, and with the results today we can see some big gains there. It was great to get an updated number for Office 365 commercial seats, which are now at over 70 million monthly users, and the growth in Azure is very large. Microsoft missed the boat on mobile, but are making up for it with platform agnostic solutions, and they are looking heavily towards conversations-as-a-service with bot integration in Skype and more. The Surface lineup is now very strong, when only a few years ago it had to endure a massive write-down. Phones, on the other hand, were basically non-existent and the acquisition of Nokia seems to be all for naught.

Source; Microsoft Investor Relations

Microsoft Announces Q3 FY 2016 Results: Lower Revenue But Strong Cloud Growth

Microsoft Announces Q3 FY 2016 Results: Lower Revenue But Strong Cloud Growth

Today Microsoft also announced their earnings for the third quarter of their 2016 fiscal year. Revenue, income and earnings were all down compared to Q3 2015, with revenue for the quarter of $20.5 billion, which is down 6%. Operating income was $5.3 billion, down 20%, and net income was $3.8 billion, which is down 25%. Earnings per share were $0.47, down 23% compared to a year ago.

Microsoft Q3 2016 Financial Results (GAAP)
  Q3’2016 Q2’2016 Q3’2015
Revenue (in Billions USD) $20.531 $23.796 $21.729
Operating Income (in Billions USD) $5.283 $6.026 $6.594
Gross Margin (in Billions USD) $12.809 $13.924 $14.568
Margins 62.4% 58.5% 67.0%
Net Income (in Billions USD) $3.759 $4.998 $4.985
Basic Earnings per Share (in USD) $0.48 $0.63 $0.61

Microsoft also reported non-GAAP earnings, which exclude revenue deferrals and the impact of restructuring charges. On a non-GAAP basis, revenue was $22.1 billion, which is up 2% year-over-year. Operating income was $6.8 billion, up 1%, and net income was $5.0 billion, down 3%. Earnings per share were $0.62, which was flat year over year. In addition to non-GAAP metrics, Microsoft also added constant currency results due to the high US dollar, and based on constant currency (CC), revenue was up 5%, operating income was up 10%, net income was up 6%, and earnings per share were up 10%.

Productivity and Business Processes, which includes Office commercial and consumer, and Office 365 commercial and consumer, as well as Dynamics products, had revenue for the quarter of $6.52 billion, which was up 1% year-over-year, or 6% based on CC. However, the gross margin for this segment fell 4%, and operating income came in at $2.99 billion, which was down 7%. Microsoft attributes the lower margins due to higher numbers of people using cloud services, which means, at least for the moment, the cloud offerings from Microsoft are making them less money than the non-subscription model, which is pretty interesting. I would guess that a lot of that is due to the large spending that is taking place to constantly expand infrastructure to handle new clients, but that is only a guess.

Looking at the numbers of Office though are very interesting. The consumer version of Office 365 increased from 12.4 million a year ago to 22.2 million this year. That is an increase in seats of 79% year-over-year, which is extremely good. A few years ago, I don’t think a subscription version of Office would have worked, but clearly Microsoft has found a solid hook for consumers with the packages. Even more impressive is the commercial seats for Office 365 business. Microsoft doesn’t often announce their user base for this, but on the earnings call, CEO Satya Nadella announced that they have over 70 million monthly active users for Office 365 commercial, and that is an increase in seats of 57% year-over-year. Also good news for Microsoft is that they have seen a 35% quarter-over-quarter growth in their premium protection services offered as part of the higher tiers of Office 365, and a key driver is the new premium tier, Office 365 Suite E5. Not to be outdone by Office, Dynamics CRM Online has seen its seats more than double year-over-year, and 80% of new CRM customers are choosing the cloud version.

Next up is the Intelligent Cloud segment, which includes server and server products, as well as cloud infrastructure such as Azure. Revenue for the quarter was $6.10 billion, which is up 3% year-over-year, or 8% in CC. Gross margin declined 2% (up 3% CC) year-over-year, and once again due to a higher mix of cloud services. The infrastructure expenditure here is a lot, and operating expenses grew 13% with investments in cloud infrastructure. With the lower margins and higher expenses, operating income fell 14% to $2.19 billion. Server products and cloud services had revenue growth of 5% CC, which is pretty stable, but it is Azure that is the big growth here. Azure revenue grew 120% CC this quarter, compared to the same time last year. Azure compute usage and Azure SQL usage more than doubled, and the Enterprise Mobility customer install base grew almost four times.

AWS is still the king of cloud computing, but Microsoft continues to make big gains here. They also are the only major cloud company to offer a hybrid offering, both with the traditional Windows Server elements, as well as the Azure Stack which can be run locally. At Build, they emphasised that are pushing towards more services in Azure as well, rather than having to have companies do the traditional VMs in the cloud. They still have a long way to go to catch AWS, but they continue to show this is a strength going forward.

The final segment of Microsoft is More Personal Computing, and this includes Windows, Surface, Xbox, phone, and search. Phone has certainly been a sore spot for Microsoft, and they took some big write-downs last year to basically write off the entire Nokia acquisition. For this quarter, revenue for this segment was $9.46 billion, which is up 1% year-over-year, or 3% CC. The increase in revenue this quarter was attributed to search and Surface, but lower phone and Windows revenue were a negative impact. Gross margin was 2% higher, once again due to search and Surface, and operating expenses fell 14% with the lower spending on phone. Operating income grew 57% for the quarter, to $1.65 billion. On a revenue basis, this is the largest single segment in Microsoft, but the margins for consumer are a lot lower than the enterprise services.

Windows 10 is now on over 270 million monthly active devices, but Windows OEM Pro declined 11% this quarter, which was worse than the commercial PC market. Revenue for non-Pro though grew 15%, which is quite a bit better than the PC market as a whole did, due to a bigger ratio of higher priced devices being sold. Windows volume licensing grew 6% CC.

On the devices side, revenue for devices fell 9% CC, and this is due to Lumia phone sales dropping off a cliff. Revenue for Lumia fell 46% year-over-year. This negative marred a great performance by the Surface line, and Surface had a 61% CC increase in revenue to $1.111 billion for the quarter, which is the second straight quarter where Surface was over $1 billion in revenue. Sales of the Surface Pro 4 and Surface Book are doing well.

Microsoft no longer breaks out sales numbers for Xbox, but gaming revenue grew 6% CC for the quarter. Microsoft is seeing an increase in Xbox Live transactional revenue, and they have a 26% increase in Xbox Live users compared to a year ago. Video game revenue was up 11% CC, and I would imagine a good chunk of that is still Minecraft. Xbox hardware revenue declined, with less sales of the Xbox 360 which is now officially out of production.

Search revenue, excluding traffic acquisition costs, grew 18% CC. Microsoft is getting more revenue per search, and search volume is also up. As a tidbit, they said that 35% of search revenue in the month of March was on Windows 10 devices.

Microsoft Q3 2016 Financial Results (GAAP)
  Productivity and Business Processes Intelligent Cloud More Personal Computing
Revenue (in Billions USD) $6.52 $6.10 $9.46
Operating Income (in Billions USD) $2.99 $2.19 $1.65
Revenue Change YoY +1%, +6% CC +3%, +8% CC +1%, +3% CC
Operating Income Change YoY -7% -14% +57%

Microsoft paid $6.4 billion back to investors in Q3 2016, with $3.6 billion in share buybacks and $2.8 billion in dividends. Looking ahead to Q4, Microsoft expects revenues to be between $21.7 billion and $22.4 billion.

The company continues to move from a traditional software company to a cloud infrastructure player, and with the results today we can see some big gains there. It was great to get an updated number for Office 365 commercial seats, which are now at over 70 million monthly users, and the growth in Azure is very large. Microsoft missed the boat on mobile, but are making up for it with platform agnostic solutions, and they are looking heavily towards conversations-as-a-service with bot integration in Skype and more. The Surface lineup is now very strong, when only a few years ago it had to endure a massive write-down. Phones, on the other hand, were basically non-existent and the acquisition of Nokia seems to be all for naught.

Source; Microsoft Investor Relations