Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
AMD Graphics Microsoft Security Windows

AMD/ATI Video Drivers: Unsafe At Any Speed 261

An anonymous reader writes "CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide ASLR. 'Always On' DEP combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from EMET with an 'EnableUnsafeSettings' registry key — because AMD/ATI video drivers will cause a BSOD on boot if 'Always On' ASLR is enabled."
This discussion has been archived. No new comments can be posted.

AMD/ATI Video Drivers: Unsafe At Any Speed

Comments Filter:
  • by LingNoi ( 1066278 ) on Thursday June 07, 2012 @11:57AM (#40246247)

    This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

    • by h4rr4r ( 612664 ) on Thursday June 07, 2012 @12:01PM (#40246317)

      You think their windows drivers suck?
      Check out the linux ones one time. A whole other world of suck!

    • Re: (Score:2, Funny)

      by Moheeheeko ( 1682914 )
      AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.
      • by Anonymous Coward on Thursday June 07, 2012 @12:21PM (#40246557)

        You're absolutely right; AMD's drivers rarely allow you to play games.

      • by LingNoi ( 1066278 ) on Thursday June 07, 2012 @12:23PM (#40246589)

        I never mentioned Nvidia, it's also completely irrelevant as AMD drivers will suck regardless of what Nvidia does.

        • The reason AMD's drivers suck is that they only have to be as good as nVidia's, which these days is a very low bar to meet. It used to be nVidia made good drivers and that was the main reason to purchase a nVidia card, but sadly that doesn't seem to be true any longer. Instead of forcing AMD to come up to nVidia's level, nVidia chose to sink to AMD's level.
          • We'll nVidia still makes good drivers for their high end CAD stuff but point taken on everything else.

          • by Mashiki ( 184564 )

            Instead of forcing AMD to come up to nVidia's level, nVidia chose to sink to AMD's level.

            Well there's a reason, because some braniac at nvidia decided to move their entire driver team from the 400/500 series drivers to the new 600 series drivers. And their secondary polish team is now doing the main driver writing. It gets worse though, as the driver writing itself has occasionally been outsourced to other companies.

            There was a huge thread about this over on the evga forums. And Nvidia went nearly 6mo without anything even approaching a solid driver. Though the new 300's seem to be more or

        • by Yunzil ( 181064 )

          AMD drivers will suck regardless of what Nvidia does.

          And Nvidia drivers will suck regardless of what AMD does as well.

          Remember a while back when Nvidia released drivers that could destroy your card? Good times.

      • Re: (Score:2, Insightful)

        by DragonTHC ( 208439 )

        NVIDIA hardware is actually stable at 100C though.

        • by Bengie ( 1121981 ) on Thursday June 07, 2012 @12:50PM (#40247031)
          More stable than water anyway.
        • by citylivin ( 1250770 ) on Thursday June 07, 2012 @01:35PM (#40247657)

          HAHAHA! I have had so many piss poor nvidia cards in the last few years that I switched to AMD now and havent looked back. IMHO the last good card that nvidia made was the 8800. I have a pile of broken 2xx cards in my desk that I am looking at right now. They seem to last a few months to a year. RMA'd cards from MSI and asus always come back and work for a few more months before failing to POST or creating graphics errors.

          Things change people. ATI drivers are not even that bad anymore. Sure they update a bit much and nag you to update, however they are stable and I have had less problems with my current 6850 then any nvidia card since 8800 was popular. I think the reason was poor solder, or too heavy heatsyncs warping the cards or something on the 2xx series. Perhaps they have fixed it now with there newest cards but fuck if I am switching back till ati lets me down!

          This is how the video card game always plays. Someone starts slipping and someone else takes the lead. For me, reliability is the best benchmark. Nvidia as I said has been shit so they lost me (and everyone i recommend cards to) as a customer. My 6850 has been rock solid since i purchased it. Not even any driver crashes! And yes I am aware that for the last 10 years ATI had crap drivers. This has been mostly fixed with their windows 7 drivers, so thats a few years ago now.

      • by sl3xd ( 111641 )

        AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.

        You don't seem to have looked hard enough at the AMD drivers, or developed software that uses them.

        I write management software for supercomputing clusters - and GPU's are one of the shiny things right now. Mainstream GPU drivers have hooks that let us do things that admins like to know about - monitor temps, fan speeds, voltages, etc.

        Unfortunately, AMD's

    • by thsths ( 31372 )

      > This isn't very surprising AMD/ATI have always had crappy drivers.

      Agreed. Unfortunately NVidia has essentially only one product which is way too power hungry for what it does. So you have the choice between bad software and bad hardware... :-(

      • The GTX 400 series was indeed very power hungry, with one GTX480 eating nearly as much power as two of the equivilent ATI cards. I know firsthand, I have two computers with GTX 470s and they heat up the upstairs loft so much the house's AC can't keep up in the summer. put those two computers into sleep mode, no problem.

        The GTX 500 series was a significant improvement on power draw and heat dissapation.

        the GTX 600 series is downright reasonable. go read a few reviews.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

      This can't possibly be true. I've been troll moderated to death and beset by ATI fanboys at every turn, for years now, on slashdot in the past, all assuring me ATI not only has awesome drivers on EVERY platform, including Linux, but that NVIDIA is unusable and the choice of the foolish. These trolls can't possibly be wrong, can they? I mean the video quirks and game bugs, rendering problems, and kernel crashes commonly associated with various ATI video cards can't possibly be real can they?

      Seriously, if you

    • I've never encountered any major problems with either NVIDIA's or AMD/ATI's drivers on Windows. Just couple of weeks ago I had a GT520 that I installed to a HTPC and just couldn't get it working. Turns out it was the motherboard that wasn't compatible.
    • Second that. Some of my fellow nerdlings have talked up ATI's open source policy etc. Just because it's open source doesn't mean it's not a POS...
    • This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

      While I'm an Nvidia person in recent years, ATI has done a lot over the past year to address a number of the concerns with their software/driver package (specific application profiles; greater customization, etc...)

      And, as bad as their Linux support may be, it's far better than it used to be (remember trying to enable accelerated graphics on an ATI setup in Linux ~7 years ago?).

  • AOD (Score:5, Insightful)

    by Kjella ( 173770 ) on Thursday June 07, 2012 @11:57AM (#40246251) Homepage

    Acronym Overload Detected. A summary is supposed to summarize but I couldn't tell what this story is about unless I already know.

    • by zoward ( 188110 )

      Acronym Overload Detected. A summary is supposed to summarize but I couldn't tell what this story is about unless I already know.

      Notice that the first reference to ASLR in the summary is actually a link to Wikipedia. If you hover over the link, you get the acronym expansion. While not as effective as expanding it in the text, it's nice to have the full Wikipedia article available in case you want to read up on it prior to digging into the article.

      • Re:AOD (Score:5, Insightful)

        by Obfuscant ( 592200 ) on Thursday June 07, 2012 @12:23PM (#40246583)

        Notice that the first reference to ASLR in the summary is actually a link to Wikipedia.

        And the reference to EMET is a link to a microsoft page that has at the top this warning:

        This article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

        I'm reading this on a linux system, but I manage several windows boxes. It's very useful for microsoft to refuse to diplay content it decides I don't need to see. Thank you.

        • by PRMan ( 959735 )
          So? You're a Linux admin! Change your browser string.
          • Change your browser string

            Why would I have to do that just because someone else decides for me what I need or not need to read.
            I'd like to decide for myself what's relevant or not. Having to change the browser ID every time to XP, Vista, 7, 2003, 2008, etc. to look up information on microsoft.com is not an option.
        • by Anonymous Coward on Thursday June 07, 2012 @02:44PM (#40248479)

          ... you failed to mention that. Oh, right. Your goal was to be sensational. Carry on.

          • 1) Don't start your post in the subject line, that is fucking annoying. Are you new?
            2) What do you mean "the" article content? He doesn't know which content it showed him, and neither do you. But I notice you're anonymous and cowardly, so you're probably a shill as well.

    • Re: (Score:2, Offtopic)

      by cpu6502 ( 1960974 )

      Unfortunately expanding-out the acronyms doesn't make the summary any clearer:

      "CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide Address space layout randomization (ASLR).

      'Always On' Data Execution Prevention (DEP) combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from the Enhanced Mitigation Experience Toolkit with an 'EnableUnsafeSettings

      • Re:AOD (Score:4, Insightful)

        by hawguy ( 1600213 ) on Thursday June 07, 2012 @12:33PM (#40246759)

        Unfortunately expanding-out the acronyms doesn't make the summary any clearer:

        "CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide Address space layout randomization (ASLR).

        'Always On' Data Execution Prevention (DEP) combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from the Enhanced Mitigation Experience Toolkit with an 'EnableUnsafeSettings' registry key â" because AMD/ATI video drivers will cause a Blue Screen Of Death on boot if 'Always On' ASLR is enabled."

        What?

        Actually that helps. I didn't recognize the ASLR and DEP acronyms since there wasn't enough context to know what they were talking about, I didn't immediately recognize the term "Address Space Layout Randomization", but when I saw "Data Execution Prevention" it became much more clear what they were talking about.

        But a little explanation would have been nice. Something like "DEP and ASLR are security mechanisms used to make it more difficult for malware to execute code or to predict memory addresses where programs and their data are located"

        • Now look, I don't want to be a pissy elitist, but this is slashdot, news for nerds. If you don't know what ASLR or DEP are then you probably don't belong on this site at all; if you can't figure out how to use google to figure out what they are then you definitely don't belong here. These are not new technologies and there have been probably a dozen articles discussed here on slashdot about the relative merits of various operating systems' ASLR implementations (Windows best, MacOSX worst) and even highly de

    • Re:AOD (Score:5, Informative)

      by noh8rz3 ( 2593935 ) on Thursday June 07, 2012 @12:39PM (#40246857)

      aslr = a way to secure your memory so it's harder for malware to run attacks.
      EMET = a bunch of tools that windows uses to secure the machine. aslr is one of these tools
      bsod = blue screen of death. your computer is frozen
      AMD = a company that was formerly known for making computer chips, but is now in the graphics card business
      ATI = a graphics card manufacturer that AMD bought.
      DEP = another tool in the EMET toolkit.
      cert/cc = an organization that is viewed as an authority on computer stuff.

      in short, AMD drivers suck so much that microsoft has to override its own computer protections to keep AMD from crashing your machine. so the drivers are not just unstable, they make your machine more vulnerable to malware. cert says, "epic fail".

    • Yes I was baffled completely by the summary. But eventually after a few decades I'm sure Slashdot will get around to actually having editors.

  • by GerbilSoft ( 761537 ) on Thursday June 07, 2012 @11:58AM (#40246265)
    ...because it crashes before any malware can do any damage.
  • The story is about DEP and ASLR effectiveness at blocking exploits. IT has nothing to do with the title or the ATI/AMD aspect.

    • by tlhIngan ( 30335 ) <slashdot&worf,net> on Thursday June 07, 2012 @12:18PM (#40246515)

      The story is about DEP and ASLR effectiveness at blocking exploits. IT has nothing to do with the title or the ATI/AMD aspect.

      The CERT article mentions it, and it mentions it in that you cannot use the DEP/ASLR protections (in the kernel) because ATI/AMD make an incompatible driver. And since graphics drivers are kernel things, loading them means the kernel must disable DEP/ASLR, making your machine just that much less secure because of it.

  • As the MS blog in the second link stated, DEP + ASLR is already being exploited and that blog post is two years old at this point.

    Still wish AMD/ATI would improve their drivers.

    • DEP and ASLR is not a "security standard", and it cannot be exploited. It is a technique to mitigate a software exploit such that the chances of successfully executing an attack is much smaller. It's not foolproof, but then it was never designed to be. It does make things statistically more secure, however (as in, your chances of getting malware through some exploit are reduced, and it takes longer to write malware that can circumvent it).

  • by PingXao ( 153057 ) on Thursday June 07, 2012 @01:47PM (#40247783)

    Microsoft is constantly telling people that they won't sign their drivers unless they pass strict quality and certification standards. MS should just deny that to drivers as buggy as these are reported to be.

    Oh wait... that would mean MS Is actually committed to quality as opposed to just needing an excuse to deny the little guy who wants to write some driver-level code.

Genius is ten percent inspiration and fifty percent capital gains.

Working...