Lots of good, interesting points here. I think we're getting a bit off track with the discussions of signed drivers, etc. but those *are* very important considerations and additional factors in the overall Vista picture.
I agree with the majority of you that the signed driver requirement is a bad thing, especially for small companies, as long as the actual verification process is still costly. But I say don't allow unsigned drivers necessarily (or if you do so, make it really a pain in the butt), rather just make the verification process cheaper. OR perhaps better yet provide 2 levels or types of verification - 1 security-related and 1 stability/functionality related (the latter being the major focus of the current verification as far as I know). This allows drivers to be made that make no guarantee of *stability*, but can at least be verified as not being a *security risk*. I would think such a verification process would be much less rigorous and thus costly because it is much less system-dependent. You can analyze a given driver and test on a limited subset of machines and generally see if it poses a security problem, whereas testing on a wide variety of hardware is much more important for stability and compatibility verification.
Anyway I'd like to get back to the "access the Vista kernel" thing though (continue discussion about driver signing, etc. if you want of course - maybe fork the thread if necessary). Neil, I'd be a lot less suspicious of this from the A/V vendor side if there were more unanimous outcry about it, and if the firms I actually respect had a problem with it. But as is, like I said, it's mostly the firms I don't like and who I think make poor products anyway (that don't protect that well *as it is*) that are crying for this level of access. Frankly I don't want Mcafee or Symantic digging around in my kernel! The problem is you can't just allow access to only them, either. It has to be basically opened up for anyone with "the right credentials" to access. That seems like a huge and unnecessary hole to me.
As for legitimate reasons, you speculate they have some, but I've not heard of any. I'm no expert, but from where I stand MS's arguments make at least as much sense as the A/V vendors - IMO a good deal more in fact. The only thing that gives me pause about it is MS caving so quickly, but I think the antitrust stuff, especially in the EU, is playing heavily into that, so the picture is not entirely clear without that taken into account.
Ultimately I guess the question is "Will this make users of Vista more secure overall?" and I honestly don't feel confident that the answer is yes.