Hello guys,

1. All Drivers can be signed unless they dont contain hooking of functions. A certification is only required (from $99-$400/year depends on the provider).
2. Hooking of functions are allowed in some cases for example if software is antivirus, firewall or any-other security related. Requirement: Hooking must not slow-down system performance. (How Norton certified driver turns my PC to 486, this is a mystery).
3. In Windows vista by default windows unsigned drivers cannot be installed. Why? Because in Vista, Microsoft introduces a new technology that normal non-admin users would be able to install programs. Those programs may install system-wide elements such as drivers. Thats why the system is stricted.
4. Windows Vista will have an option in Administration Panel (Local Security Panel) that will allow administrator to DISABLE this rule. Then, all drivers can be installed freely. Signed and non-signed.
5. As far as all security policy elements are registry keys, developers would be able to programmatically disable this restrictrion, ask for reboot and then install the driver.

Generally, this is surviving for legal developers (to install unsigned drivers) BUT it will kick-out those transparent driver installations (ie rootkits). This is what Microsoft want to defeat.

Hope that helps!