And now this developer is learning on HN he should remove that line in his resumé.
Or maybe he thought it was a clever idea... Let's call it a learning experience.
If they had a single certificate and used that across devices then the private key could be compromised and used to authenticate malware or pull off a man in the middle attack on an HTTPS site since your system now trusts this new CA. By generating the private key locally and throwing it away, you can be relatively confident that no one has the private key to this new root CA.
What's silly in the first place is that something not trusted to install unsigned drivers still has the perms to install a new root CA but given that constraint, this is a better solution than what Savitech did.
I can't see how buying an actual cert could be more risky than installing a new root CA. The goal of signing is to ensure origin and anti-tampering: two fails in this case. So now you may have a tampered with driver that doesn't remove the private key and uses the new CA to inspect your TLS traffic, and you wouldn't know.
If they had an actual root CA with a private key, they'd sign it locally (on the company machine). In no scenario would the company's private key be given to a customer (unless we're talking about Adobe).
Alternatively they would need to ship hundreds of different drivers or a single driver that binds to hundreds of different device IDS. Not nice.
I know what you're thinking "Oh, well there could be an exception for when you need it, you'd just use admin to authorize it or something" and that's exactly what this is.
That would be the relatively little known (and new) Windows 10 S, where only apps from the Windows Store can be installed or run. Designed for security (?) and to compete with Chromebooks.
See also Windows RT
Since they have a Chromebox, I do not have any calls regarding viruses or their computer being slow, etc.
Or people don't know/care. Or weighed the comparative downsides of a controlled app platform versus the wild west, and decided the controlled platform is less of a downside for what they want to do. Or lots of options, really.
The alternative is to add gpg keys of the software vendors that you trust. i.e., Every linux distro.
a) Adding a root CA to the cert store requires UAC elevation prompt.
b) The certificates are more useful in verifying if a given driver was issued by the manufacturer it says it was issued from.
Linux makes you type in the password manually every time for elevation but that will just make the average consumer remove or use unsafe passwords for their accounts.
