=====================================================================
6. Drivers
=====================================================================
A
driver is something that resides in kernel mode, and as such has to be very carefully written to ensure it does not misbehave, have unhandled exceptions or perform badly.
Windows has a number of drivers available to it natively, but if a new model of device or an entirely new class of device appears after it is released, there is no reasonable way to expect it to be able to communicate with that device.
The manufacturers of the hardware are the origin for the drivers to communicate with their products - if your particular operating system does not have a driver for a device you have installed, then the manufacturer is who you need to contact.
Often, the built-in drivers the manufacturers provide to Microsoft to bundle with the operating system do not contain a lot of the performance-enhancing features that the dedicated (or later versions) of the drivers do.
For this reason you should always ensure you have the latest stable release (ideally WHQL) drivers from the manufacturer for all your hardware.
In some cases manufacturers will use a common chipset, so while Windows does not have a specific driver for a device it might have one that is compatible that works (or at least provides basic functionality).
How does Windows know what a device is?
We are back to this "plug and play" concept - the BIOS has kindly enumerated the devices and presents the hardware ID string (and compatible ID strings) to the OS.
The hardware ID string contains the manufacturer's code plus a code for the device, prefixed with the type of connection (or "bus") the device is on.
e.g. A device on my system has the following hardware ID:
PCI\VEN_10DE&DEV_0092&SUBSYS_060110B0&REV_A1\... PCI means this is connected to the PCI bus.
VEN_10DE means this is nVidia.
DEV_0092 when used in combination with the vendor ID means this is a 7800GT graphics card.
The device ID is not necessarily unique, this is similar to the fact that a house number is not unique - only when used in combination with the rest of your address.
Hint:
If you get an "unknown device" reported in Device Manager, try using search engines to look for the VEN & DEV strings as a pair.
e.g.
Windows 2000 would probably detected my graphics card as a "Standard VGA Compatible" adapter, as it can determine the class to provide basic functionality, but the 7800GT came out way after SP4 was released.
So if I searched the Internet for "PCI\VEN_10DE&DEV_0092" and "2000" and "driver", I could probably look at the results summary to see what they have in common.
The above describes
device drivers - software that handles how the OS can communicate with a physical device inside or attached to the system.
But there is another type of driver, called a
filter driver.
A filter driver is something that gets involved with every single I/O request of certain types - the most common filter drivers are backup agents, anti-virus applications and software firewalls.
When you consider the function of anti-virus products, they have to involve themselves with verifying data in memory, on disk or that is transferred across any bus - including the network.
It is actually quite a feat that these products do not have a significant impact on system performance, yet greatly enhance security.
Every filter driver inserts itself into the I/O operation inline, so if you install 4 AV products you will have every operation scanned 4 times and it can have a serious impact on performance (and possibly system stability).
Running more than 1 "real time monitoring" AV product at the same time is not recommended.
Disabling anti-virus is not the same as uninstalling it - the filter driver will still be loaded and operational, just the user mode component is not active - if you are having bugchecks and suspect AV then it should be updated, reinstalled or removed to verify.
A
huge percentage of bugchecks in Windows are caused by 3rd party drivers.