But there are other considerations: Microsoft doesn't want software publishers to install lousy drivers that take Windows down with them and, if they happen to do it, Microsoft wants to know who wrote these drivers. Security-wise, this does not establish a real security boundary, but rather a mild mitigation. And maybe they want to be sure of your identity and are delegating the verification to the CAs (assuming that EV does what it's supposed to do). Hey! What's up with that? Is this a conspiracy colluded with CAs to make us pay more for certificates? Maybe. Note that Microsoft intends to require kernel mode drivers to be WHQL-certified (or use "attestation signing", supposedly only on non-Server SKUs), which requires submitting the drivers to Microsoft, and opening a Windows Hardware Developer account using an EV certificate. A kernel-mode code signing certificate is not the same as a domain-validated SSL certificate.
What being able to load unsigned driver saves you is not 75 USD or filling an online form, but rather providing a provable identity. You were right in your deleted comment that an administrator can load drivers, but on 圆4 they have to be signed. The first sentence holds if you replace SYSTEM with kernel-mode driver. No need to go through the complex operation Q to get SYSTEM access. Or simply open a command prompt as SYSTEM and go to town. Or use Debug Privilege to take over a process (say, a service) running as SYSTEM. An administrator who wanted to get some code running as SYSTEM could install a service that runs as SYSTEM. There is formally a distinction between Administrator and SYSTEM, seeing as they are some things which are ACL'd so that SYSTEM can do them and not arbitrary adminitrators, but that distinction is formal and not practical. That you can use administrator privileges to pwn the machine is not interesting, because by virtue of being an administrator you already pwn the machine. If you have administrator privileges, then you are already on the other side of the airtight hatchway. Commenter should go ahead and read Raymond Chen's posts about " being on the other side of this airtight hatchway". The comment about "an admin still lives in userland" is nonsense, of course. As noted in the comments, kernel debugging is disabled by default because it allows (even on 64-bit Windows) loading not-really-signed (self-signed) kernel drivers.