Comments Locked

51 Comments

Back to Article

  • Makaveli - Friday, June 8, 2012 - link

    in before the first idiot to post NV drivers are better.

    I'm surely going to sleep better when we have this.
  • Spunjji - Friday, June 8, 2012 - link

    As will I.

    *yawn*

    There was me thinking this was a security issue, not a potential headache for government I.T. administrators. It's still pretty lame that AMD don't support ASLR this late in the game, mind you.
  • CeriseCogburn - Saturday, June 9, 2012 - link

    That's a given that nVidia drivers are better, we all know this, and have for years.

    It's just that some of us like to pretend that doesn't matter and that no one should care.

    It looks like that is the case this time as well. It doesn't matter, and no one should care.

    Perfect for amd fans. PhysX doesn't matter either. Neither does adaptive v-sync, nor does target framerate, nor does dirver updates back to series 6 while HD4000 is dropped, etc etc.

    Nothing matters but praising amd for being superior, no matter what faults and omissions they constantly have.
  • silverblue - Monday, June 11, 2012 - link

    No mention of drivers that run your card way too hot there, it seems.

    Oh... too soon?
  • JPForums - Monday, June 11, 2012 - link

    <quote>That's a given that nVidia drivers are better, we all know this, and have for years.</quote>

    I've gone through a rather large number of both nVidia and ATi/AMD cards over the years and I can say with great certainty that inferior drivers are the hallmark of Intel graphics. I've run into driver issues with both nVidia and ATi with little to distinguish one as superior to the other. SLI does tend to be less problematic than Crossfire for games recently released. However, ATi seems to have (slightly) fewer issues in HTPC applications (not that either company has been critically misbehaved in a good while). Hence, your blanket statement ("We all know this") can be proven false by counterexample.

    <quote>It looks like that is the case this time as well. It doesn't matter, and no one should care.</quote>

    If you use Microsoft EMET, modify it from default settings, and happened to modify a registry key that was, at the time, undocumented, then you should care ... until ATi releases a fix. It is not as if ATi's drivers can't be used with ASLR. Even if it were, it is not as if that is a security vulnerability. ASLR is a way to make existing vulnerabilities (both know and undisclosed) harder (not impossible) to exploit. If a breach has occurred, then it happened in an other program due a bug that may or may not have been exploitable with system wide ASLR.

    <quote>PhysX doesn't matter either.</quote>

    It give me more eye candy, but I have yet to play a game where it changes gameplay. A welcome addition, yes, but I would like it better if they opened it up to competitors (licensed?) and it became more prevalent and integral. Until then, it does little to sway my purchasing decision.

    <quote>... neither does adaptive v-sync</quote>

    I love this one. The benefits are obvious and it can be applied retroactively without the need for developers to lift a finger.

    <quote>... nor does target framerate</quote>

    Theoretically provides benefits to people with power usage restriction and/or inadequate cooling. Since a few fps won't make a notable difference in power usage and I use cooling solutions capable of keeping my cards well below any thermal design thresholds, it doesn't really concern me. Perhaps it is good for systems where the fan has to get obnoxiously loud to keep it cool under full load. Though, I would consider that a flaw of the cooling system as even my laptop (ASUS G73SW) doesn't have to work that hard to keep cool. Desktops have far more space to work with.

    <quote>... nor does dirver updates back to series 6 while HD4000 is dropped</quote>

    It should be mentioned, though, that the HD4000 series isn't dropped. It has simply been moved to a less frequent update schedule. I don't like that the HD4000 series has taken a back seat, but I have don't really know where it make since to transition. I like that nVidia supports back to the 6 series, but truth be told, it has been a long time since my 6800 Ultra (or my 8800GT for that matter) saw any benefit from a driver update. I always liked nVidia's as needed release schedule better than ATi's once a month schedule. Perhaps this will allow them to address crossfire issues for new releases more quickly. Still, I think they should fully support at least three major generations back.
  • CeriseCogburn - Tuesday, June 12, 2012 - link

    Yeah whatever, we all know nVidia drivers are superior period and have been for a very long time.
    If you actually work on hundreds of systems you find this out and NO counterexample can prove it wrong.
  • Shadowmaster625 - Friday, June 8, 2012 - link

    This government bureaucratic absurd nonsense moment has surely been brought to you by Intel.
  • prophet001 - Friday, June 8, 2012 - link

    "This government bureaucratic absurd nonsense.."

    Yes
  • CeriseCogburn - Saturday, June 9, 2012 - link

    And soon will be brought to you by the Dear Leader of China as they finally won through cracking every last bit of US Government and DOD information, exploited thanks to AMD's lame driver "team fail".
  • silverblue - Monday, June 11, 2012 - link

    LOL @ you if you think China needs AMD's help to get into "secure" US systems when even individuals on their own can do the same.
  • _vor_ - Tuesday, June 12, 2012 - link

    Seriously guy, find a different hobby already. I grow tired of your exaggerated and panicked trolling propaganda.
  • CeriseCogburn - Sunday, June 10, 2012 - link

    Since out US government never responds, as most republics of it's nature, until after an enormous problem comes crashing down on their heads and everyone else's - it is clear a huge security breach hole already occurred.

    I'm sure it's national security information so we won't be hearing about it right away if ever, but the unusual nature of the warning and posting indicates we've already lost a motherlode.

    NOTE: THE major partner
    " As the major partner in the United States’ internet security agency US-CERT and de-facto coordinator for the international CERTs.."

    NOTE: Unusual involvement

    " So while it’s common for CERT/CC to publish information regarding specific vulnerabilities, it’s less common for them to get involved with general security weaknesses in this manner.

    So what has drawn CERT/CC’s attention? It turns out that AMD’s drivers don’t properly behave ... "

    So what we have here is a major US take down, and the reaction... from the "bungling bureaucrats" to plug the open hole that has existed for a long, long time... and now it's important because someone (foreign gov crackers no doubt) USED IT...

  • Taft12 - Friday, June 8, 2012 - link

    Interesting article, thanks for the summary Ryan. This doesn't affect you or I but it could cost AMD some gargantuan GPU computing project contracts within the governments of the US and other countries too. Consider the notice served.
  • CeriseCogburn - Sunday, June 10, 2012 - link

    Amd is "open source" so this isn't a problem for them. They like being an "open system" with open source drivers ...

    Par for the fail course amd
  • greylica - Friday, June 8, 2012 - link

    Free drivers can solve the problem for all manufacturers. Closed source drivers allowing DEP won't solve the problem, or the flaw (they could only cover them for a brief period).
    Closed source drivers will only help manufacturers to spread more FUD using patent excuses until a cracker touts the damn closed thing to discover a ''special'' function that was never exploited, because it was never published, and then, more virus and exploits for Windows, Mac and probably causing also causing victims in Linux users of those ''proprietary drivers''...

    Do you see how closed source drivers are unsafe ?
    No one could prevent when a function we don't know will be used against users...

    Free drivers are the only solution for any of the Oses.
    Publish the command table for the cards and the community will help you address those flaws forever. The free software community has been asking for free drivers (or a list for the cards commands and capabilities) for a long time...

    ;)
  • Senti - Friday, June 8, 2012 - link

    Agreed. Closed source OR security – choose one.
    I don't quite get what they fear not opening driver sources. That people will find out that all major games have dozens of hacks for them to not only work faster but just work at all? What a surprise, who could thought! That competitors will copy the same hacks? I'm sure they reverse engineer others' drivers anyway and will get the same information, just maybe some days later.

    The worst is when they decide that some hardware is now "deprecated" and won't be supported. It doesn't bother them that it works just fine and do the required job – no support, no (security) updates.
  • JarredWalton - Saturday, June 9, 2012 - link

    The problem the GPU makers imagine is that drivers access the hardware at a very low level and thus only work optimally if they have complete knowledge of the caching system, instruction latencies, etc. Basically, the only way to create a good driver is to post detailed information about every piece of the hardware architecture. That would expose all the strengths and weaknesses, and potentially allow a competitor to take advantage of the information.

    Now, the flip side is that the CPU people have basically been doing this for years, because you can't make a good compiler for an architecture without such details. So far, I don't know that anyone has really tried to clone Intel or AMD hardware because of the information.
  • greylica - Saturday, June 9, 2012 - link

    By the updated response, they will create another driver. It shows that the GPU manufacturers insists to maintain the root cause for PC troubles and unsafe operation nowadays.
  • CeriseCogburn - Saturday, June 9, 2012 - link

    Wait a minute, it's the gpu makers - it's AMD - can't you say it ? AMD is failing her - I swear to god you people do it every time - if amd fails, it's "the industry" or "gpu makers" - it's really sad the bias is so deep.
  • greylica - Sunday, June 10, 2012 - link

    No it's not the bias, there are lot's of things wrong with GPU makers. Why they still refuse to give informations for simple things as GPU commands ?

    When you buy a product, you have the right to know how to use it.
    Why can't we have the information of the GPU commands ?
    This is what we are talking here, most of the card makers and CPU makers in the world give the programmers, a manual of how to work with their equipment.
    GPU makers insists in covering things from coders...
    That's what we are talking here.
    If you trust them blindly, go ahead saying that this is ''bias''...

    I can't share the same opinion about this.
  • CeriseCogburn - Monday, June 11, 2012 - link

    Yeah, sure amd fan boy
  • CeriseCogburn - Monday, June 11, 2012 - link

    Intal and nVidia didn't have a problem, they handled it - there would be no problem if amd didn't fail yet again this time.

    It's amd, amd fan boy. Race up to it, be a man.
  • greylica - Monday, June 11, 2012 - link

    You're making a great confusion, perhaps because you haven't been in the Image industry or because you never study GPU driver problems.

    *Intel - poor OpenGL device drivers all over the entire line up ( I don't know for HD 4000/5000, not tested yet ),
    *Nvidia - create artificial limitations on hardware to sell Quadro, overbloated drivers, with lot's of specific hacks to diminish OpenGL performance.
    *AMD - the worse driver install in the linux world, and at every new line of cards, they drop support for a bunch of them, leaving users with no choice.

    May be you're biased guys, I'm not talking about AMD, I'm talking about a general situation about GPU device drivers and you're trying to corrupt the texts. You're the real biased, not me.
  • CeriseCogburn - Tuesday, June 12, 2012 - link

    No you're the one complaining that "gpu makers" don't give you every intricate detail of source so in an article of AMD failure, you forget that entirely and blame it on the way the "industry" does business.

    Well Intel and nVidia did industry business just fine with ASLR, and amd the failure did not. AMD has to make the driver fix, and it appears they still won't be compliant.

    I'm sure you'd love all their code so you could (or other dream entities you may choose) create the driver that is always good and always gets fixed by yahoos such as yourself or the great unwashed free coders of the world, huh. Then you can have something much better than the companies themselves, or so you appear to think. WHO CARES.

    AMD has FAILED, that's what matters - and Intel and nVidia have not - but if they'd only listen to you there would be no virus issues and security issues that aren't fixed pronto, by you and your imaginary workforce.

    Intel and nVidia don't need you or your imaginary workforce, only AMD does.

    Have fun moaning, amd fan.
  • triarii - Friday, June 8, 2012 - link

    so basically, by finding and flipping one bit a virus writer can bring down all machines with AMD drivers. brilliant.
  • DaveSimmons - Friday, June 8, 2012 - link

    If they have that level of access they can just format your hard drive instead.

    But most malware writers these days do it for the money, to add your PC to their botnet. They have no interest in petty vandalism.
  • Penti - Friday, June 8, 2012 - link

    You can crash any driver risking the machine going down mostly without any privilege-escalation so that is nothing new. ASLR don't protect against bugs and built in vulnerabilities, it only addresses buffer overflow attacks. Not all exploits is based on those scenarios. It also doesn't mean you can't conduct buffer overflow attacks successful. There are still vulnerabilities in OS and software.

    I do see why the government and authorities wants it enabled, it does reduce the chance for some attacks, make those attacks harder, but I more see it as just another deficiency for AMD in the enterprise market where they are pretty weak. It's mostly populated by Intel desktops and notebooks any way, AMD don't have a chance, but it will be a problem for workstations and notebooks with AMD graphics. More lost opportunities for AMD. I think they should take the market serious and have clients that can compete with say Intel AMT (VNC/KVM over SOL, and other management features) DASH isn't there as it is implemented and pair it with AMD graphics (or APUs.). As long as I don't see any AM3+ systems I'm happy with that and some better support any way.
  • Wreckage - Friday, June 8, 2012 - link

    Amd drivers are so bad...
    ....how bad are they?
    They are so bad that if you try to enable security your system crashes..ba-dum-dum.
  • eachus - Saturday, June 9, 2012 - link

    Read the article before posting, including the AMD response:

    The non-default settings used to produce the system crash at start-up as reported by CERT require changing a System Registry key for the tool (named "EnableUnsafeSettings"), which was not documented until the CERT report was published, and is not accessible through the EMET tool itself.

    An undocumented Registry key named "EnableUnsafeSettings," really sounds like something you want to use on a secure system...

    Now worry about something that you can do something about. CERT/CC (not US/CERT) broke lots of rules publishing this in this way. Yes, this is a non-issue which would normally be deal with in the normal course of business. There is no security risk, serious or otherwise, with AMD drivers, except in some tester's head. There is a serious issue when undocumented security tool settings get generally published. Just because this one is a non-issue, doesn't mean the next one will be.
  • Solidstate89 - Saturday, June 9, 2012 - link

    The only thing that registry key does is enable the option to make ASLR Mandatory instead of just Opt-in. So if you want the highest security levels possible, than yes, that would make for a secure system.
  • CeriseCogburn - Tuesday, June 12, 2012 - link

    ROFL - another amd apologist. Way to go know it all. Yes, the government should be doing what you say. LOL
  • Beenthere - Friday, June 8, 2012 - link

    Like I'm sure most PC users are worried about their AMD GPU drivers being hacked to bring the U.S. to it's knees by some rogue (Nvidia employee) hacker... PLEASE?
  • whatthehey - Saturday, June 9, 2012 - link

    Go away, AMD toolboy; the adults are trying to have a discussion. Only a seriously stupid person would take information released by CERT/CC showing a minor issue with AMD and turn that into an anti-NVIDIA comment. Good thing most US employees are likely using Intel or NVIDIA GPUs anyway. For most, it will be Intel IGP solutions while for higher end users it will be NVIDIA Quadro (which smokes the shorts off of AMD's FireGL stuff). And if you have a laptop that for some reason has a discrete GPU it will have NVIDIA as well.
  • gordon151 - Saturday, June 9, 2012 - link

    You seem more delusional than you accuse him of. AMD graphics is a huge part of enterprise systems on the private and government level. Both on desktops and laptops. I think AMD would have to start bundling viruses with their drivers for the market to shift to scenario such as what you claim.
  • CeriseCogburn - Sunday, June 10, 2012 - link

    Well if amd is a huge part of the government level, then they had better get off their dead fail bottom and bring it up about 5 notches.

    Thanks at least we now know how China stole all the MIRV secrets and everything else besides the fraudulent cisco router back doors.

    I appreciate that amd fan - yes it's a huge part of government enterprise with it's cavernous gaping vulnerability - way to go, you're a great amd spokesperson, while the other person likely wanted to calm his patriot nerves, you sure wrote the book straight for him....

    AMD has sold crap to our government and cost us taxes while our secret info bled forth...

    Love it, I'm so glad amd is a huge part of the government enterprise space-- thanks so much mr amd know it all.
  • whatthehey - Sunday, June 10, 2012 - link

    Directed at gordon151:

    Do you actually work for the government? Because I'd really like to know what they're doing with all those AMD graphics in their enterprise systems. Are you talking about the old Rage IIc chipsets used on many servers, which really aren't used 99% of the time because the servers are headless? Or are you talking about all the rank and file employees with desktops and laptops that do basic office tasks and for some reason apparently have AMD GPUs?

    I work in IT for a large corporation, and the US government is the largest corporation in the country. I can count the number of systems in our datacenter and location that have discrete GPUs on my two hands (eight, if you're wondering). Out of nearly 500 laptops and desktops and servers, we have eight systems right now with discrete graphics. They're all in one department that uses Photoshop and some other professional apps.

    Everyone else is running Core 2 or first generation Core i-series processors, with a few select people having been upgraded to second generation Core i-series systems in the last six months. They're all running Office applications for the most part, with some in-house software that basically requires no resources (think text-based interfaces and telnet sessions). We did make the migration to Windows 7 during the past year (having skipped Vista completely), which was a ton of work for our department. There are still plenty of people not happy with the change from XP.

    THAT is what IT is like in the real world for 99% of large businesses and corporations. Sure, there are some companies that specialize in areas that need graphics and they'll have GPUs, but the government? What are they doing precisely that AMD GPUs are such a "huge part of enterprise systems" for them?

    But this is all beside the point. The original comment was directed at Beenthere with his stupid ass attempt to shift an article about a security flaw in AMD's drivers and create a subject about how NVIDIA is desperate and maybe hiring hackers. You can't seriously think such a tangent is anything but idiotic and fanboytastic, can you?

    PS: All the government offices I've been to in the past year or two (DMV, a court house, post office, etc.) are running basic PCs from HP or Dell, and I'll bet my SSD not a single one of those systems is using a discrete GPU.
  • Solidstate89 - Friday, June 8, 2012 - link

    Thanks to this article/report I just checked out EMET as I've never heard of it before.

    Very neat piece of software and piss-easy to use. Thanks for (inadvertently) pointing out such an awesome utility by reporting on this. I definitely plan on using this on my desktop.
  • Beenthere - Saturday, June 9, 2012 - link

    SOS, DD.
  • Ryan Smith - Saturday, June 9, 2012 - link

    No, it's still important. Always-on ASLR isn't commonly used (or even uncommonly used), but it is used.
  • CeriseCogburn - Sunday, June 10, 2012 - link

    Nice response amd...I'm sure you'll get all those big dollar government and large dollar institution sales now...

    That's nice amd - amd says amd will do something so their driver doesn't crash when always on everything mode is selected, but they won't be making their driver ASLR compliant any time soon, as it was only desired since Vista was released so many years ago...

    Some amd cheapo hack trick should do, instead, so their crapster driver doesn't take down the whole system...

    ROFL - they so suck

    I thank CERT CC for pointing out nVidia and Intel are already fully ASLR complaint. Someone needed to kick the traitor amd company.... amd loved by crackers and terrorists and espionage worldwide.
  • kyuu - Sunday, June 10, 2012 - link

    Somebody please tell me -- is this guy an idiot or just a troll?
  • silverblue - Monday, June 11, 2012 - link

    Both. He makes less sense than Drashek on SA.

    If ASLR was introduced in Vista in 2006, then it's ATi's fault for the original omission and AMD's (being the parent company) for not pushing the matter since.
  • CeriseCogburn - Tuesday, June 12, 2012 - link

    Thanks for both calling names, you're great contributors, I'm sure amd loves you.
  • _vor_ - Thursday, June 14, 2012 - link

    No more than NVIDIA loves you.

    In cased you missed it, that's what is called irony.
  • CeriseCogburn - Thursday, June 14, 2012 - link

    What's ironic is amd has failed and you have yet to acknowledge it. That's fanboyism at it's extreme.

    Irony is in the eye of the fanboy.
  • _vor_ - Friday, June 15, 2012 - link

    Maybe you would be so kind as to elaborate exactly where in my post I said anything about AMD. Are you implying that because I did not foam at the mouth in zealous exaltation of all things NVIDIA I am an AMD fanboy?

    Again, pot meet kettle.
  • CeriseCogburn - Sunday, July 1, 2012 - link

    Go away, you're worthless.
  • _vor_ - Tuesday, July 10, 2012 - link

    Is that really the best you have?
  • adelio - Monday, June 11, 2012 - link

    Talking about using discreet graphics cards, most of the people where i work >150 have dual monitiors, that is both IT and business staff. That normally requires discreet graphics cards as our standard PC's built in Graphics (Think HP/Lenovo business PC's) have poor buit in graphics.
  • toyotabedzrock - Monday, June 11, 2012 - link

    Does AMD intend to fix the issue or just make sure the tool cannot show the problem anymore?
  • CeriseCogburn - Tuesday, June 12, 2012 - link

    That's a good question, and it appears the paid amd liar pr spoekesperson said they will fix it so it doesn't crash, he never said the date amd drivers will become ASLR compliant, so there's the answer - NO they won't become compliant they will just hack in an amd cover up.

Log in

Don't have an account? Sign up now