One of the common problems that people face when using a 64-bit Windows is loading unsigned drivers. This is by design to provide a more restrictive environment to protect Windows from easily being infected by rootkits, a type of malware that uses a driver for low level hooking. It is also very difficult for software that belongs to a high risk category to obtain a digital certificate and one example is the Elite Keylogger where it took them years to get their driver signed.
This becomes a problem when using some legitimate software and you’re unable to load an older program such as PeerGuardian with the error message “Windows cannot verify the digital signature for this file” because of an unsigned driver. We know that PeerGuardian has been superseded by a program called PeerBlock which doesn’t have these issues, but it’s just being used as an example to demonstrate the problem.
It appears the obtaining a certificate to perform driver signing costs hundreds of dollars per year and not every software developer can afford that kind of money especially when their software is freeware or open source. Fortunately, there are ways to force the unsigned drivers to load in 64-bit (x64) versions of Windows 7, 8 and Vista. There are some tutorials suggesting that typing this command:
bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS
into command prompt will do the job, but it doesn’t work on Windows 7 x64. It is believed this command was rendered useless with the release of Vista x64 SP1 and definitely doesn’t work on Windows 7 or 8. There was also a number of separate security patches on Vista which caused the command to not work. The Windows boot manager editor EasyBCD has an option which uses a command equivalent to DDISABLE_INTEGRITY_CHECKS, but as this is no longer useful, we would recommend you ignore this option in EasyBCD.
There are still a few working ways to load unsigned drivers though…
This first method is to continuously press F8 when Windows is booting up until you get the Advanced Boot Options menu, then select “Disable Driver Signature Enforcement”.
The problem about this method is you have to do that every time you boot up Windows and if you forget to select this option, you won’t get to load the unsigned drivers and the software that needs the driver won’t work.
This method is to use ReadyDriver Plus, an enhanced version of the original ReadyDriver program. It does the same thing as the first method by selecting the Disable Driver Signature Enforcement option in Advanced Boot Options, but does it automatically as if you are doing it yourself.
There are modifications made to the Vista/7 Bootloader to load ReadyDriverPlus and you don’t have to touch the keys during boot. ReadyDriverPlus launches itself from the menu and then makes the appropriate selection to disable Driver Enforcement, based on what you choose to install. This tool works great on Windows 7 x64.
Next we’ll show you how to load Windows in Test Mode allowing for unsigned drivers to be enabled.