Starting from Windows 8, Microsoft has enforced its policy regarding signed drivers, making the installation of unsigned drivers impossible. If you don't know what is a signed driver is, you can try to understand Microsoft's explanations.
Regarding our Thymio robot, we are using the usb/serial driver provided by Microsoft (usbser.sys). Even in this case, we need a signed catalog file to correctly bind the robot with the driver under Windows 8. Getting a code-signing certificate from a certificate authority costs several hundred dollars per year. This money goes into the pockets of these big companies, and anyway does not guarantee the quality of the signed driver. This is out of the question for our open-source project, and also for other open-source projects.
To comply with the Microsoft policy, we have issued our own certificate to self-sign the driver. When Aseba gets installed on Windows 8, and if the support for Thymio is needed, we install our public key inside the Trusted Root Certificate Authority of the operating system. The name of our certificate is "Mobsya Code Signing Entity". Surprisingly, no confirmation is required by the user for this step. The user only has to confirm the installation of the driver itself.
We believe that silently installing a trusted root CA from an untrusted source, without even asking the user, is a flaw inside an operating system, as this can lead to severe security issues like identity spoofing. We are committed to keep our private key in a secure, disconnected place, and to not use it for malicious purposes. Others could have less regard when installing their software on your computer… When you cleanly uninstall Aseba, using our uninstall shortcut, we will remove our certificate from the trusted CA store.