The GW Micro blog has been discontinued. For instant updates on GW Micro products and events, follow us on Twitter, and like us on Facebook.

A Thought on Braille Driver Signing

by Doug on Tuesday, September 15 2009

I've been asked by many people what I think about the announcement from Freedom Scientific entitled "Freedom Scientific Announces Secure and Compatible Braille Display Initiative" dated August 11, 2009. The direct URL to this announcement on Freedom Scientifics' web page is: http://www.freedomscientific.com/news/pressroom/2009/secure-compatible-braille-displays.asp First, a little background. In order to get a Braille display to work with any screen reader, a driver has to be written to specifically support it. This driver is responsible for communicating between the hardware and the screen reader itself. This way the screen reader doesn't have to get bogged down with the technical details of each and every display. A simple interface is provided and, as long as the Braille driver is written to talk to this simple interface, the screen reader will work with it "out of the box." According to this announcement, starting with JAWS 11, the developers of these Braille drivers will now have to work with Freedom Scientific to get their driver digitally signed by Freedom Scientific before JAWS 11 will use the driver. Stated another way, until the Braille driver for your Braille display is digitally signed, JAWS 11 will not talk to your Braille display. This is all being done in the name of security and in fact the announcement starts by saying "The goal of this new program is to follow Microsoft's move to signed drivers to improve security and compatibility for customers who use a Braille display with JAWS." There is much confusion regarding this announcement ranging from, "Does this make any difference," to, "Will this affect my copy of Window-Eyes?" Let me state, very clearly, that this will not affect Window-Eyes in any way. However, I feel compelled to comment on this announcement as it does affect the screen reader community in general. It is true that digitally signing drivers is typically a good thing. This is why all of the necessary Window-Eyes executables and DLL files are digitally signed using a valid certificate unique to GW Micro. In fact, we go to the extra effort to have our mirror driver (which is used by Windows Vista and Windows 7) thoroughly tested by Microsoft in order to get Microsoft's digital signature. That's security on top of security. You may not have noticed but as you install Window-Eyes on Vista or Windows 7, you never receive a "Windows can't verify the publisher of this driver software" warning. This is because we have worked with Microsoft to properly register and sign our driver. There is a very minimal cost required for this service, and we only have to pay for this service whenever we change our mirror driver. If you were to install JAWS 10 or 11 on Vista or Windows 7 you would notice the "Windows can't verify the publisher of this driver software" warning, asking if you want to trust the driver or not. This indicates the JAWS mirror driver has not been digitally signed by Microsoft.

Security warning screen shot Driver signing screen shot
I have a hard time accepting the concept of requiring digitally signed Braille drivers in the name of security when the JAWS mirror driver itself isn't digitally signed by Microsoft. From unofficial sources I've heard that Freedom Scientific is charging a great deal of money for the privilege of signing the Braille drivers. Unlike Microsoft's policy of only charging a nominal fee when the driver changes, they charge an annual fee, even if the driver isn't updated. Large Braille companies may be able to afford this, but smaller companies cannot, and may be forced to make undesirable decisions that end up putting the end user at a disadvantage. It is easy to see how a Braille display manufacturer with these increased costs might have to raise their prices. I think it is worth describing how Window-Eyes communicates with its Braille drivers. Under Vista and Windows 7, both JAWS and Window-Eyes need to run with UI Access. This means we are running at an elevated security level. With this higher security level comes responsibility. Because we are elevated, we have to be very careful of what we do and what we allow the user to do. There are many things that we prohibit, ranging from not running any scripts on secure desktops (like the log on screen where you type your username and password) to not allowing a script to receive key presses while typing in a password edit box. We also do things like not allowing the Braille driver we are communicating with to run at the elevated privilege that Window-Eyes itself is running. This way, if a bad Braille driver did somehow get installed (which would require admin rights to do, and a confirmation by the end user) it still wouldn't have elevated privileges to do anything really nasty. These kinds of security features are built into Window-Eyes automatically. So why am I writing about all this? First: Window-Eyes users should know that Freedom Scientific's new requirement will not affect them in any way; Window-Eyes will continue to openly support Braille displays without additional requirements or cost to the driver developer. Second: know that signing Braille drivers doesn't really help with security, especially if security is greatly lacking in other parts of an application. Third: it is important that the blind community be mindful of what is happening in the screen reader arena. Review the facts, and approaches behind the changes you read about, and make your own decisions.

Return to Article List