Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AMD/ATI Video Drivers: Unsafe At Any Speed

timothy posted more than 2 years ago | from the hey-man-we've-all-got-problems dept.

AMD 261

An anonymous reader writes "CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide ASLR. 'Always On' DEP combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from EMET with an 'EnableUnsafeSettings' registry key — because AMD/ATI video drivers will cause a BSOD on boot if 'Always On' ASLR is enabled."

cancel ×

261 comments

Sorry! There are no comments related to the filter you selected.

prost (-1)

Anonymous Coward | more than 2 years ago | (#40246221)

first prost formula 1

ASLR (5, Insightful)

Jeremiah Cornelius (137) | more than 2 years ago | (#40247059)

Preventing yesterday's attacks, tomorrow.

Crappy AMD drivers?! (4, Insightful)

LingNoi (1066278) | more than 2 years ago | (#40246247)

This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

You shall use...! (-1)

Anonymous Coward | more than 2 years ago | (#40246311)

Nearly four months ago, I noticed that my internet connection was very sluggish. Eventually getting fed up with it, I began to seek out software that would speed up the gigabits in my router. After an hour of searching, I found what at first appeared to be a very promising piece of software. Not only did it claim it would speed up my internet connection, but that it would overclock my power supply, speed up my gigabits, and remove any viruses from my computer! "This is a fantastic opportunity that I simply can't pass up," I thought. I immediately downloaded the software and began the installation, all the while laughing like a small child. I was highly anticipating a future where the speed of my internet connection would leave everyone else's in the dust.

I was horribly, horribly naive. Immediately upon the completion of the software's installation, various messages popped up on my screen about how I needed to buy software to remove a virus that I wasn't aware I had from a software company I'd never once heard of. The strange software also blocked me from doing anything except buying the software it was advertising. Being that I was a computer whiz (I had taken a computer essentials class in high school that taught me how to use Microsoft Office, and was quite adept at accessing my Facebook account), I was immediately able to conclude that the software I'd downloaded was, in fact, a virus, and that it was slowing down my gigabits at an exponential rate. "I can't let this insanity proceed any further," I thought.

As I was often called a computer genius, I was confident at the time that I could get rid of the virus with my own two hands. I tried numerous things: restarting the computer, pressing random keys on the keyboard, throwing the mouse across the room, and even flipping an orange switch on the back of the tower and turning the computer back on. My efforts were all in vain; the virus persisted, and my gigabits were running slower than ever! "This cannot be! What is this!? I've never once seen such a vicious virus in my entire life!" I was dumbfounded that I, a computer genius, was unable to remove the virus using the methods I described. Upon coming to terms with my failure, I decided to take my computer to a PC repair shop for repair.

I drove to a nearby computer repair shop and entered the building with my computer in hand. The inside of the building was quite large, neat, and organized, and the employees all seemed very kind and knowledgeable. They laughed upon hearing my embarrassing story, and told me that they saw this kind of thing on a daily basis. They then accepted the job, and told me that in the worst case, it'd be fixed in three days from now. I left with a smile, and felt confident in my decision to leave the computer repairs to the experts.

A week later, they still hadn't called back. Visibly angry, I tried calling them countless times, but not a single time did they answer the phone. Their negligence and irresponsibility infuriated me, and sent me into a state of insanity that caused me to punch a gigantic hole in the wall. Being that I would require my computer for work soon, I decided to head over to the computer repair shop to find out exactly what the problem was.

Upon entering the building, I was shocked by the state of its interior; it looked as if a tornado had tore through the entire building! Countless broken computers were scattered all about the floor, desks were flipped over, the walls had holes in them, there was a puddle of blood on the floor, and worst of all, I saw that my computer was sitting in the middle of the room laying on its side! Absolutely unforgivable! I soon noticed one of the employees sitting behind one of the tipped over desks (the one that had previously had the cash register on top of it); he was shaking uncontrollably and sobbing. Despite being furious about my computer being tipped over, seeing him in that state still managed to make me less unforgiving. I decided to ask him what happened.

A few moments passed where the entire room was silent and nothing was said. Eventually, he pointed at my computer and said to me, "The virus... it cannot be stopped! Cannot be stopped! Cannot be stopped!" Realizing that he was trying to tell me that they were unable to repair my computer (the task I'd given them), I flew into a blind fury and beat him senseless. Not caring about what would happen to him any longer, I collected my computer, ignored the bodies of the two other employees that had committed suicide, and left the building. After a few moments of pondering about what to do and clearing my head, I theorized that their failure to repair my computer probably simply meant that they were unqualified to do the job, and decided to take my computer to another computer repair shop.

I repeated that same process about four times before finally giving up. Each time I took it to a PC repair shop, the result was the same: all the employees either went completely insane, or they committed suicide. Not a single person was able to even do so much as damage the virus. I was able to talk some sense into one of the employees that had gone mad and got them to tell me how they were attempting to fix the problem. They told me that they tried everything from reinstalling the operating system to installing another operating system and trying to get rid of the virus on the other one, but absolutely all of it was to no avail. Having seen numerous attempts by professionals to remove the virus end in failure, I managed to delude myself into believing that my first failure was simply a fluke and that I was the only one on the planet qualified to fix the computer. With renewed vigor, I once again took up the frighteningly dangerous task of defeating the evil, nightmarish virus once and for all with my own two hands.

In my attempts to fix the problem, I'd even resorted to buying another computer. However, the virus used its WiFi capabilities to hack into the gigabits of my new computer and infect it. Following each failed attempt, I grew more and more depressed. I had already beaten my wife and children five times in order to relieve some of my stress, but even that (which had become my only pleasure after failing to remove the virus the first time), did nothing for me any longer. That's right: my last remaining pleasure in life had stopped being able to improve my mood, and I had not a single thing left that I cared about. I sank into a bottomless ocean of depression, barricaded myself in my room, and cried myself to sleep for days on end. Overcome with insanity, vengefulness, and despair, there is not a single doubt that if this had continued for much longer, I would have committed suicide.

One day, it suddenly happened: while I was right in the middle of habitually crying myself to sleep in the middle of the day, I heard a thunderous roar outside, followed by the sound of a large number of people screaming. When I peered outside my window to find out what all the commotion was about, the scene before me closely resembled that of a God descending from the heavens themselves! I gazed in awe at the godlike figure that was descending from the heavens, and so did the dozens of individuals that had gathered in my backyard. For a few moments, everyone was speechless. Then, they started shouting predictions about what they thought the figure was. "Is it a bird!?" "Is it a plane!?" But, despite not ever having seen it before, I knew just how inaccurate their predictions were, and began to speak the name of the heroic figure.

However, my sentence was cut off when, like a superhero coming to save the unfortunate victim from the evil villain, MyCleanPC [mycleanpc.com] flew into my house and began the eradication of the virus. MyCleanPC [mycleanpc.com] was able to completely eliminate in minutes the exact same virus that over ten PC repair professionals were unable to remove after weeks of strenuous attempts! Wow! Such a thing! I simply couldn't believe that MyCleanPC [mycleanpc.com] was so miraculously efficient that it was able to destroy the virus in less than 500 milliseconds! MyCleanPC [mycleanpc.com] totally, completely, and utterly saved me from a lifetime of despair!

My wife's response? "MyCleanPC [mycleanpc.com] is outstanding! My husband's computer is running faster than ever! MyCleanPC [mycleanpc.com] came through with flying colours where no one else could! MyCleanPC [mycleanpc.com] totally cleaned up my husband's system, and increased his speed! I highly, highly recommend that you use MyCleanPC [mycleanpc.com] !"

After witnessing just how wonderful MyCleanPC [mycleanpc.com] is, I insist that you use MyCleanPC [mycleanpc.com] when you need to fix all the gigabits on your computer! MyCleanPC [mycleanpc.com] will completely eradicate any viruses on your computer, speed up your internet connection, overclock your gigabits and speed, and give you some peace of mind! MyCleanPC [mycleanpc.com] is simply outstanding!

But even if you're not having any visible problems with your computer, it's highly likely that you're still in a situation where MyCleanPC [mycleanpc.com] could help you. MyCleanPC [mycleanpc.com] will get rid of any viruses or wireless interfaces that are hidden deep within your computer's bootloader. MyCleanPC [mycleanpc.com] will also speed up your computer to such a degree that it'll be even faster than when you first bought it! You must try MyCleanPC [mycleanpc.com] for yourself so that you can be overclocking your speed with the rest of us!

MyCleanPC: For a Cleaner, Safer PC. [mycleanpc.com]

Re:You shall use...! (0, Funny)

Anonymous Coward | more than 2 years ago | (#40246579)

Sorry to hear about that. Sounds like you could have saved yourself a lot of trouble by using ASLR compatible drivers.

Oh, and by the way, your mom called. She says she didn't stretch her Vag all out of shape so you could grow up and be a forum spammer, and that you should find something new to do with your life.

Re:Crappy AMD drivers?! (3, Insightful)

h4rr4r (612664) | more than 2 years ago | (#40246317)

You think their windows drivers suck?
Check out the linux ones one time. A whole other world of suck!

Re:Crappy AMD drivers?! (-1)

Anonymous Coward | more than 2 years ago | (#40246347)

Everything on Linux Sucks, film at 11.

Re:Crappy AMD drivers?! (-1)

Anonymous Coward | more than 2 years ago | (#40246707)

"Everything on Linux Sucks, film at 11."

Really??? I guess that means Microsoft is just pretending to run Skype on Linux because it sucks more than their own servers...

Re:Crappy AMD drivers?! (4, Insightful)

Mitchell314 (1576581) | more than 2 years ago | (#40246831)

Linux sucks, it just happens that everything else is even worse. :D

Re:Crappy AMD drivers?! (2, Insightful)

Skarecrow77 (1714214) | more than 2 years ago | (#40247021)

this is actually the most honest assessment of operating systems i've seen in a long time.

to be fair, the phrase "in their own way" should be tacked on to the end, because windows, linux, and osx do not suck in the same ways.

Re:Crappy AMD drivers?! (1)

Jay Tarbox (48535) | more than 2 years ago | (#40247209)

Back in the day, alt.sysadmin.recovery always said this (they probably still do) all OS's suck.

Re:Crappy AMD drivers?! (3, Insightful)

jedidiah (1196) | more than 2 years ago | (#40246933)

Nope, just ATI drivers.

Nvidia drivers on Linux seem to even be better than the ATI ones for Windows.

Re:Crappy AMD drivers?! (1)

LingNoi (1066278) | more than 2 years ago | (#40247003)

Apart from the optimus cards in laptops, especially the ones without a bios switch..

Re:Crappy AMD drivers?! (1)

Skarecrow77 (1714214) | more than 2 years ago | (#40247047)

then nivida has vastly improved them since the last time I used them (early 2010), at which point "they install" was about the best thing that could be said for them... as long as you add "just make sure not to update your kernal" to the end.

Re:Crappy AMD drivers?! (4, Insightful)

Skarecrow77 (1714214) | more than 2 years ago | (#40247095)

crying about fanboys while running around fanboying. typical.

all fanboys suck. end of story. mint vs ubuntu, google vs apple, nintendo vs sega, fuckin coke vs pepsi... if you're on one side of an arguement, and you can't see the cons of your own side as well as the pros of the other side, you don't really understand the arguement and you shouldn't be speaking.

Re:Crappy AMD drivers?! (4, Funny)

Skarecrow77 (1714214) | more than 2 years ago | (#40247117)

wow. somehow click on the wrong reply button and reply to myself. so i look like an idiot. bah, i'm going to lunch.

Re:Crappy AMD drivers?! (0)

Anonymous Coward | more than 2 years ago | (#40247421)

fuckin coke vs virgin cola [wikipedia.org] ...

ftfy

Re:Crappy AMD drivers?! (1)

Anonymous Coward | more than 2 years ago | (#40247165)

Makes me wish I didn't listen to my supposedly (degree in comp. sci., working as a coder for some corporation, never really cared about the details) vastly more computer literate (and I'm no slouch, but I'm more of a hobbyist and less concerned with keeping up with the tech) coworker when I built my last system and instead stuck with nVidia. Hell, my current system (Phenom II hex core, 8 gigs of ram and an AMD 6870HD) gets worse performance in Linux running WoW than my old single core athalon64 3200 with a Geforce 8800.

Re:Crappy AMD drivers?! (1)

dimko (1166489) | more than 2 years ago | (#40246327)

Now, thats what I call professional troll fishing. Put a byte to silly humans, in a form of admitting of AMD fans appologising, when in fact I never saw in troll wars between Nvidia/AMD that they(AMD fans) are sorry for anything. Not bad, not bad...

Re:Crappy AMD drivers?! (1)

LingNoi (1066278) | more than 2 years ago | (#40246457)

Seriously? Never? It comes up in almost every article with AMD/ATI in it. Just this week alone there's already been another article about it.

Re:Crappy AMD drivers?! (-1)

Anonymous Coward | more than 2 years ago | (#40246495)

You're right, AMD/ATI fanboys are even worse than that. They don't apologise for the poor quality of the drivers, they simply deny the problem exists. A lot like Apple users deny their Macs are low quality, low spec and overpriced (buyer's remorse + justification).

Re:Crappy AMD drivers?! (1)

Moheeheeko (1682914) | more than 2 years ago | (#40246653)

A lot like Apple users deny their Macs are low quality, low spec and overpriced

Funny, just like the Nvidia cards they put in them.

Re:Crappy AMD drivers?! (2)

Skarecrow77 (1714214) | more than 2 years ago | (#40247143)

so you're crying about fanboys, while running around fanboying. typical.

all fanboys suck. end of story. mint vs ubuntu, google vs apple, nintendo vs sega, fuckin coke vs pepsi... if you're on one side of an arguement, and you can't see the cons of your own side as well as the pros of the other side, you don't really understand the arguement and you shouldn't be speaking.

Re:Crappy AMD drivers?! (2, Funny)

Moheeheeko (1682914) | more than 2 years ago | (#40246377)

AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.

Re:Crappy AMD drivers?! (1)

Orphis (1356561) | more than 2 years ago | (#40246503)

AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.

It's not a bug, it's a feature!

Re:Crappy AMD drivers?! (5, Funny)

Anonymous Coward | more than 2 years ago | (#40246557)

You're absolutely right; AMD's drivers rarely allow you to play games.

Re:Crappy AMD drivers?! (5, Insightful)

LingNoi (1066278) | more than 2 years ago | (#40246589)

I never mentioned Nvidia, it's also completely irrelevant as AMD drivers will suck regardless of what Nvidia does.

Re:Crappy AMD drivers?! (1)

saveferrousoxide (2566033) | more than 2 years ago | (#40246593)

oh for mod points :) +1 Insightful/Funny to you, poster!

Re:Crappy AMD drivers?! (1, Insightful)

DragonTHC (208439) | more than 2 years ago | (#40246763)

NVIDIA hardware is actually stable at 100C though.

Re:Crappy AMD drivers?! (4, Funny)

Bengie (1121981) | more than 2 years ago | (#40247031)

More stable than water anyway.

Re:Crappy AMD drivers?! (0)

Anonymous Coward | more than 2 years ago | (#40247241)

scary but true

Re:Crappy AMD drivers?! (-1)

Anonymous Coward | more than 2 years ago | (#40246861)

Yes, some Nvidia cards may get a bit hot, but these cards have the "actually f**cking works" feature, whereby the card actually f**cking works! For the past decade, every single time I've put an ATI/AMD card in one of my computers, it's caused frequent crashes ("frequent" as in an average uptime of less than 20 minutes). I upgraded drivers and tried all of the tweaks that the fanboys recommend, and none of the suggestions did a damn thing.

Every time, I ended up going back to an Nvidia card, and I've never had a single problem with Nvidia cards or drivers. They simply work. End of story.

Re:Crappy AMD drivers?! (-1)

Anonymous Coward | more than 2 years ago | (#40247083)

Or you're retarded when it comes to PCs.

I've been using ATI/AMD for 4 years straight without a problem. No special tweaks, no third party drivers, etc.

Re:Crappy AMD drivers?! (-1)

Anonymous Coward | more than 2 years ago | (#40247251)

I've been building PCs since the early 90s and using them since before that, so no, I'm not "retarded when it comes to PCs". I've simply never encountered an ATI/AMD card that actually works. Every Nvidia card that I've used works out of the box with no issues whatsoever.

Re:Crappy AMD drivers?! (0)

stone2020 (123807) | more than 2 years ago | (#40246419)

I hope you complained to Nvidia when they were burning cards up with their drivers.

http://www.engadget.com/2010/03/05/nvidia-pulls-196-75-driver-amid-reports-its-frying-graphics-car/ [engadget.com]

Re:Crappy AMD drivers?! (3, Insightful)

LingNoi (1066278) | more than 2 years ago | (#40246569)

What has Nvidia got to do with it? Why do you mention the failings of another company to cover for AMD?

Re:Crappy AMD drivers?! (1)

Lucky75 (1265142) | more than 2 years ago | (#40246739)

Normally it wouldn't matter, but since they're really the ONLY competition, I think it's a fair point.

Re:Crappy AMD drivers?! (2)

LingNoi (1066278) | more than 2 years ago | (#40246903)

I find it a bit concerning that we're now 4 levels deep into this and you still haven't even acknowledged my original point, you've constantly tried to turn this into some kind of comparison between other companies, something I never mentioned, something that isn't at all relevant here.

Please tell me what the link is between "AMDs drivers sucks and I wish their fans would demand better drivers" and "well Nvidia sucks too!". Congrats you're exactly the reason why AMD are laughing all the way to the bank. Why develop a better product when you're just going to accept whatever shit this company hands you and ask for more? Think about that for a moment.

Re:Crappy AMD drivers?! (0)

Anonymous Coward | more than 2 years ago | (#40247015)

IT IS relevant becuase while AMD drivers may be bad, the only other option is something worse. THAT is why AMD isnt bending over backwards to make something better and AMD users accept it, because they can look at Nvidia and say "well at least they arent THAT bad."

Re:Crappy AMD drivers?! (0)

Anonymous Coward | more than 2 years ago | (#40247191)

Please explain "something worse?"

Re:Crappy AMD drivers?! (1)

DeadCatX2 (950953) | more than 2 years ago | (#40247129)

stone2020 wasn't making excuses for AMD. Quite the contrary, he was saying that you're biased if you nail AMD to the cross for this, and give NVIDIA a pass on the things that they mess up. "I hope you complained..."

Don't just hold one company's feet to the fire. Hold the whole industry's feet to the fire. Fail to do this and you're just a fanboi.

Re:Crappy AMD drivers?! (1)

aaaaaaargh! (1150173) | more than 2 years ago | (#40247199)

I think you're just nitpicking. The OP pointed out that despite their crappy drivers AMD is still the better alternative if you have to choose a graphics card. Contrary to what you think that's both informative -- though arguably not very much, since most people knew that already -- and relevant to the point about AMD you've made.

It's what fanboys do (1)

Sycraft-fu (314770) | more than 2 years ago | (#40247231)

When a problem with their chosen product is pointed out, they try to deflect it with criticism of the product offered by someone else. Happens all the time with videocards. The two camps have some really rabid fans who cannot accept any criticism of their chosen card and if it happens they instantly start screaming about the other vendor.

Perfect solution fallacy (1)

tepples (727027) | more than 2 years ago | (#40247469)

The two camps have some really rabid fans who cannot accept any criticism of their chosen card and if it happens they instantly start screaming about the other vendor.

What's wrong with "Sure, my card has problems, but your card also has problems, and here's how your card's problems are more noticeable in practice"? If bad isn't allowed to complain about worse, that's the perfect solution fallacy [wikipedia.org] .

Re:Crappy AMD drivers?! (2)

Luckyo (1726890) | more than 2 years ago | (#40247513)

The obvious point is that drivers for both premium GFX card vendors have significant problems due to all the chasing of the better performance at cost of everything else, often including system stability and compatibility.

Re:Crappy AMD drivers?! (1)

Sir_Sri (199544) | more than 2 years ago | (#40246961)

I was on the phone to an nvidia rep about a week after that happened. They had a very very very bad time with that one.

Both companies have had their occasional spectacularly bad driver releases, that, in the course of years of business is not a huge surprise.

I think this is more about AMD not bothering to keep their drivers in step with modern windows software practices. There's a strong case for "if it works" (which generally it does) don't break it, but eventually have to keep up with technology and AMD will have to. But at this point I would think they've forgotten about anything major for windows 7 or less, and are only really thinking about windows 8. What they should do for that is a fair point.

Re:Crappy AMD drivers?! (1)

thsths (31372) | more than 2 years ago | (#40246467)

> This isn't very surprising AMD/ATI have always had crappy drivers.

Agreed. Unfortunately NVidia has essentially only one product which is way too power hungry for what it does. So you have the choice between bad software and bad hardware... :-(

Re:Crappy AMD drivers?! (0)

Anonymous Coward | more than 2 years ago | (#40246609)

> This isn't very surprising AMD/ATI have always had crappy drivers.

Agreed. Unfortunately NVidia has essentially only one product which is way too power hungry for what it does. So you have the choice between bad software and bad hardware... :-(

Uhh? Are you living under a rock?

Re:Crappy AMD drivers?! (2)

Skarecrow77 (1714214) | more than 2 years ago | (#40247217)

The GTX 400 series was indeed very power hungry, with one GTX480 eating nearly as much power as two of the equivilent ATI cards. I know firsthand, I have two computers with GTX 470s and they heat up the upstairs loft so much the house's AC can't keep up in the summer. put those two computers into sleep mode, no problem.

The GTX 500 series was a significant improvement on power draw and heat dissapation.

the GTX 600 series is downright reasonable. go read a few reviews.

Re:Crappy AMD drivers?! (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40246487)

This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

This can't possibly be true. I've been troll moderated to death and beset by ATI fanboys at every turn, for years now, on slashdot in the past, all assuring me ATI not only has awesome drivers on EVERY platform, including Linux, but that NVIDIA is unusable and the choice of the foolish. These trolls can't possibly be wrong, can they? I mean the video quirks and game bugs, rendering problems, and kernel crashes commonly associated with various ATI video cards can't possibly be real can they?

Seriously, if you are a Linux user who just wants good 3d with quality drivers and don't care about some dumb ideology, NVIDIA is literally the only option in town. Even on Windows their drivers are and always have been top notch. And when ATI was literally laughing and pointing at Linux users, NVIDIA was there to provide quality drivers which ATI has yet to even match in quality. And that's all ignoring the fact ATI has a long tradition of EOL'ing driver support for cards which really are not that old - scratch two laptops.

Seriously, I don't know why anyone would bother with ATI on Linux. And even on Windows, its still not a "gimme" decision.

Re:Crappy AMD drivers?! (1)

Aggrajag (716041) | more than 2 years ago | (#40246545)

I've never encountered any major problems with either NVIDIA's or AMD/ATI's drivers on Windows. Just couple of weeks ago I had a GT520 that I installed to a HTPC and just couldn't get it working. Turns out it was the motherboard that wasn't compatible.

Re:Crappy AMD drivers?! (0)

Anonymous Coward | more than 2 years ago | (#40246789)

If I were, MS I'd yank the setting that's making my OS less secure (because security is such a priority...) and allow the affected consumers to BSOD. Then when the complaints start rolling in I'd point a finger at ATI. Hopefully that would motivate them to fix their issue. While I was at it I might add a feature to do something more useful than BSOD too...

AOD (5, Insightful)

Kjella (173770) | more than 2 years ago | (#40246251)

Acronym Overload Detected. A summary is supposed to summarize but I couldn't tell what this story is about unless I already know.

Re:AOD (2)

zoward (188110) | more than 2 years ago | (#40246423)

Acronym Overload Detected. A summary is supposed to summarize but I couldn't tell what this story is about unless I already know.

Notice that the first reference to ASLR in the summary is actually a link to Wikipedia. If you hover over the link, you get the acronym expansion. While not as effective as expanding it in the text, it's nice to have the full Wikipedia article available in case you want to read up on it prior to digging into the article.

Re:AOD (5, Insightful)

Obfuscant (592200) | more than 2 years ago | (#40246583)

Notice that the first reference to ASLR in the summary is actually a link to Wikipedia.

And the reference to EMET is a link to a microsoft page that has at the top this warning:

This article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

I'm reading this on a linux system, but I manage several windows boxes. It's very useful for microsoft to refuse to diplay content it decides I don't need to see. Thank you.

Re:AOD (1)

PRMan (959735) | more than 2 years ago | (#40247023)

So? You're a Linux admin! Change your browser string.

Re:AOD (1)

JamesTRexx (675890) | more than 2 years ago | (#40247419)

Change your browser string

Why would I have to do that just because someone else decides for me what I need or not need to read.
I'd like to decide for myself what's relevant or not. Having to change the browser ID every time to XP, Vista, 7, 2003, 2008, etc. to look up information on microsoft.com is not an option.

Re:AOD (1)

Anonymous Coward | more than 2 years ago | (#40246781)

Actually, that's the second reference. Given /.'s rather broad appeal, the acronym shouldn't be "expanded" in the text, it should be added after the full text: "AMD/ATI video drivers are incompatible with system-wide Address Space Layout Randomization (ASLR)." After that, the acronym alone is fine. A brief explanation would be nice as well, but a wikipedia link will do.

Whether anything appears when hovering over the link is browser-dependent and shouldn't be relied upon.

Organization names that are acronyms are fine, but the AMD/ATI thing is ridiculous. There is no such organization as AMD/ATI. ATI is gone. The cards aren't even branded under that name anymore. Sure, there are older drivers to which this article probably also implies and you can still buy older ATI cards, but adding "/ATI" is just adding noise.

DEP isn't explained even via a link. Nor is BSOD. EMET requires you to actually click the link to even get what the acronym stands for.

It's just a mess. I think the submitter spent more time trying to come up with a clever title than making a summary that made sense to the average slashdotter.

 

Re:AOD (0)

Anonymous Coward | more than 2 years ago | (#40246877)

tldr ("too long, didn't read")

Re:AOD (1)

Mitchell314 (1576581) | more than 2 years ago | (#40246941)

While I do find unexplained industry-specific acronyms annoying, if you read /. and don't know what BSoD is . . .

But a link should be good enough.

Re:AOD (1)

BiggerBadderBen (947100) | more than 2 years ago | (#40246485)

Seriously, WTF??? How many acronyms can you squeeze into 5 lines of text?

Re:AOD (1)

Belial6 (794905) | more than 2 years ago | (#40246613)

I see what you did there.....

Re:AOD (0)

Anonymous Coward | more than 2 years ago | (#40246697)

Turn in your geek card. All these should be familiar enough by now.

Re:AOD (1, Offtopic)

cpu6502 (1960974) | more than 2 years ago | (#40246563)

Unfortunately expanding-out the acronyms doesn't make the summary any clearer:

"CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide Address space layout randomization (ASLR).

'Always On' Data Execution Prevention (DEP) combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from the Enhanced Mitigation Experience Toolkit with an 'EnableUnsafeSettings' registry key â" because AMD/ATI video drivers will cause a Blue Screen Of Death on boot if 'Always On' ASLR is enabled."

What?

Re:AOD (3, Insightful)

hawguy (1600213) | more than 2 years ago | (#40246759)

Unfortunately expanding-out the acronyms doesn't make the summary any clearer:

"CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide Address space layout randomization (ASLR).

'Always On' Data Execution Prevention (DEP) combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from the Enhanced Mitigation Experience Toolkit with an 'EnableUnsafeSettings' registry key â" because AMD/ATI video drivers will cause a Blue Screen Of Death on boot if 'Always On' ASLR is enabled."

What?

Actually that helps. I didn't recognize the ASLR and DEP acronyms since there wasn't enough context to know what they were talking about, I didn't immediately recognize the term "Address Space Layout Randomization", but when I saw "Data Execution Prevention" it became much more clear what they were talking about.

But a little explanation would have been nice. Something like "DEP and ASLR are security mechanisms used to make it more difficult for malware to execute code or to predict memory addresses where programs and their data are located"

Re:AOD (0)

Anonymous Coward | more than 2 years ago | (#40246723)

If you don't know these things, go read some Wikipedia. These are the basics, 101 stuff. The summary would quickly turn to a book if all these things were explained.

Re:AOD (5, Informative)

noh8rz3 (2593935) | more than 2 years ago | (#40246857)

aslr = a way to secure your memory so it's harder for malware to run attacks.
EMET = a bunch of tools that windows uses to secure the machine. aslr is one of these tools
bsod = blue screen of death. your computer is frozen
AMD = a company that was formerly known for making computer chips, but is now in the graphics card business
ATI = a graphics card manufacturer that AMD bought.
DEP = another tool in the EMET toolkit.
cert/cc = an organization that is viewed as an authority on computer stuff.

in short, AMD drivers suck so much that microsoft has to override its own computer protections to keep AMD from crashing your machine. so the drivers are not just unstable, they make your machine more vulnerable to malware. cert says, "epic fail".

AMD's proprietary Linux driver is secure... (3, Funny)

GerbilSoft (761537) | more than 2 years ago | (#40246265)

...because it crashes before any malware can do any damage.

Re:AMD's proprietary Linux driver is secure... (1)

Beorytis (1014777) | more than 2 years ago | (#40246471)

Maybe that is by design... From TFA: "Application crashes that could otherwise be exploited to run an attacker's code are reduced to crashes that may just cause a denial of service. "

Re:AMD's proprietary Linux driver is secure... (0)

Anonymous Coward | more than 2 years ago | (#40247027)

Doesn't crash on my computers. /nvidia doesn't have drivers for all graphic cards so you'll have to use nouveau driver

There is nothing in this story connecting ATI/AMD! (1)

SenseiLeNoir (699164) | more than 2 years ago | (#40246287)

The story is about DEP and ASLR effectiveness at blocking exploits. IT has nothing to do with the title or the ATI/AMD aspect.

OOps. (0)

SenseiLeNoir (699164) | more than 2 years ago | (#40246305)

Oops, My mistake, ignore that post.

Re:OOps. (0)

Anonymous Coward | more than 2 years ago | (#40246375)

cool story bro

Re:There is nothing in this story connecting ATI/A (4, Informative)

tlhIngan (30335) | more than 2 years ago | (#40246515)

The story is about DEP and ASLR effectiveness at blocking exploits. IT has nothing to do with the title or the ATI/AMD aspect.

The CERT article mentions it, and it mentions it in that you cannot use the DEP/ASLR protections (in the kernel) because ATI/AMD make an incompatible driver. And since graphics drivers are kernel things, loading them means the kernel must disable DEP/ASLR, making your machine just that much less secure because of it.

Everything is insecure (-1, Troll)

Khyber (864651) | more than 2 years ago | (#40246297)

Nothing is secure. Man can make it, man can break it. This is yet another proof of that concept.

To think otherwise is sheer stupidity.

Oh, wait, this is CERT we're talking about. Stupidity comes from them in spades. Let's audit all of their systems, bet you 10,000,000:1 they're just as insecure as the stuff they're claiming is insecure.

Re:Everything is insecure (1)

Anonymous Coward | more than 2 years ago | (#40246391)

Nothing is secure. Man can make it, man can break it. This is yet another proof of that concept.

That is patently WRONG.

Software is in the realm of mathematics - you know, area where things can be *proven* to be correct and that can be *proven* to never fail.

Software can be made 100% secure assuming it is the only attack vector.

Re:Everything is insecure (0)

Khyber (864651) | more than 2 years ago | (#40246445)

"Software can be made 100% secure assuming it is the only attack vector."

No way in hell. If software could be made secure, we'd not need laws for DRM.

Re:Everything is insecure (1)

Bengie (1121981) | more than 2 years ago | (#40246575)

DRM is logically insecure. Still waiting for you to disprove him.

Re:Everything is insecure (1)

Khyber (864651) | more than 2 years ago | (#40246671)

Software can NEVER be 100% secure. Why? Because there's always hardware flaws, and HUMAN FLAWS.

And since humans make both hardware and software, it can't be infallible. Hence why we have branch prediction, error correction, and more. And even then, stuff still screws up.

Re:Everything is insecure (1)

Your.Master (1088569) | more than 2 years ago | (#40247053)

Branch prediction isn't about fallibility or security.

Re:Everything is insecure (1)

Khyber (864651) | more than 2 years ago | (#40247151)

"Branch prediction isn't about fallibility or security."

How wrong you are. Ever hear of a Simple Branch Prediction Analysis attack? We covered that back in 2006, if not earlier.

Re:Everything is insecure (1)

Bengie (1121981) | more than 2 years ago | (#40247123)

Quantum physics makes 100% never a reality for anything. The point is that given enough brain power, one could prove something is secure. Whether or not it's a good idea to assume something is 100% secure is a whole other issue.

Re:Everything is insecure (0)

Anonymous Coward | more than 2 years ago | (#40246651)

That is patently WRONG.

Software is in the realm of mathematics - you know, area where things can be *proven* to be correct and that can be *proven* to never fail.

Do you hear that knocking? It's Godel telling you that you're an idiot:

http://en.wikipedia.org/wiki/G%C3%B6del's_incompleteness_theorems

It's basically a mathematical proof that if man can develop software, man can break software. (There was an article on exactly this subject in one of the recent Communications of the ACM.)

Re:Everything is insecure (2)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#40246845)

Proving the existence of unprovable statements within logically consistent systems doesn't prevent there from being provable ones... If you are very lucky indeed, the ones that are provable and the ones that you care about might even overlap...

Re:Everything is insecure (2)

Your.Master (1088569) | more than 2 years ago | (#40247073)

No, it isn't. It's a proof that there are unprovable statements. It's not a proof that there are no provable statements, which would be self-contradictory.

Re:Everything is insecure (1)

bmo (77928) | more than 2 years ago | (#40246931)

Software can be made 100% secure assuming it is the only attack vector.

1. That's assuming too much and ignores reality (humans) so this is automatically bunk. But I'll take this as "credible" to discuss the next point.

2. People, like you, have claimed that you should be able to write a mathematical proof for your code, and if you can, it's secure (because supposedly it's only going to do what you tell it without error).

This totally ignores the concept of Complexity - complex (and even unexpected) behaviours arise from simple rules. People don't write proofs for code because the complexity grows exponentially as the lines of code get more numerous. Mapping it simply becomes impossible. Sure, you can write a proof for a 10 line algorithm. What do you do when you have a code base like the size of Windows 8? Or how about something much smaller? Let's take Conway's Game of Life. You have simple rules. You go ahead and map the output for every single set of values. Before the heat death of the Universe, please.

How much do you really want to pay for your software? What features are you willing to give up because it was too expensive to write the proofs? Do we *really* need *all* software to be subject to the same scrutiny as the software that runs a CAT scanner or a medical cyclotron?

It is said that the making of laws and sausages is similar, and you really don't want to watch it happening in real time. I believe we can add "writing software" to this. That's just reality, man. Deal with it.

--
BMO

Re:Everything is insecure (0)

Anonymous Coward | more than 2 years ago | (#40247299)

Build the prover into the compiler and make the computer do it for you whenever you accept input or pass values.

You don't have to prove every value, merely every edge case, which you can design by contract. It isn't physically impossible, merely fiscally improbable.

Why don't you want to pay for perfect software? I think all software should be subject to MORE scrutiny than medical devices, because medical devices still kill people on occasion.

Not insecure (0)

Anonymous Coward | more than 2 years ago | (#40246681)

Insecure means not confident, not safe is unsecure.

Re:Everything is insecure (1)

MtHuurne (602934) | more than 2 years ago | (#40246813)

DER and ASLR don't make a system secure though. But they do make holes much harder to exploit.

Re:Everything is insecure (1)

Bengie (1121981) | more than 2 years ago | (#40247153)

DEP and ASLR are like an ogre, I mean onion... uhggg... They add to security for a cheap price.

WINDOWS ROX STEAV JOBZ IS A FAG (-1)

Anonymous Coward | more than 2 years ago | (#40246363)

MAC IS 4 GURLZ!!!11

ALHA DYT? (0)

Anonymous Coward | more than 2 years ago | (#40246373)

A Little Heavy on the Ancronyms Don't You Think?

Sounds ominous (1)

IT (101425) | more than 2 years ago | (#40246477)

As a long time AMD/ATI user of CPU/GPUs, this sounds ominous.
If true, either AMD/ATI has to kill it, or we will have to kill AMD/ATI.

THIS AIN'T NO CORVAIR !! (0)

Anonymous Coward | more than 2 years ago | (#40246685)

But it's damn close !!

call the next ati card the pinto. (0)

Anonymous Coward | more than 2 years ago | (#40246927)

call the next ati card the pinto.

Crappy, but not in the way that the Trolls say. (0)

Anonymous Coward | more than 2 years ago | (#40247279)

I'd been using AMD cards for years. Most recently a 5850 2GB(Rare, I know) and then a pair of 6870s in a crossfireX configuration.
The complaints about crashes and BSODs are old, guys really. Almost as old as the IBM 'Deathstar' complaints. (You realize that was over a decade ago, right? You also know that IBM no longer makes the drives, right? And still you won't shut the fuck up. God damn people, get a life)

I do, however, have other issues with AMD's drivers and it was one of the reasons I just picked up a new nvidia 670 a few days ago. (That, and the new nvidia kelper GPUS are absolute monsters. You know you've reached a milestone when the latest Elder Scrolls game runs near 120fps on fully cranked settings - Yeah I've got a 120hz display No, I don't use it for 3D)

1. Crossfire - Crossfire is great in theory, and it's great when it works.. But it works inconstantly, and suffers performance problems in certain situations on certian systems and absolutely no one can tell you why. It's also often takes months after a game release, and updates from both AMD and the game dev to get things working properly. Not worth the trouble. The clincher for me was Skyrim and Max Payne 3 at launch day. When turning off crossfire and dropping to a single card triples your performance, you know something is wrong.

2. Driver installer - Whoever writes the core of the drivers is doing fine. The installer, however, is just plain braindead. Most enthusiasts recommend a manual clean-out of old driver files-settings every time you update. For good reason.

3. UI - The control panel is just a bad UI experience, and does not have many useful controls anyway. Most serious tweaking happens in third party unities.

4. Connectivity features. Nvidia's devices just have better handling of various settings for video out. You have finer grain control over port settings, refresh rates, display settings, HDMI settings, etc. AMDs' drivers also completely shit themselves if you've got a device that reports bad EDID information (Lots of HDTVs), whereas Nvidia drivers can hack around it by forcing an output setting.

All of the above issues really aren't about the drivers themselves, but the installer, UI, and configuration tools. The userland end of the experience.

Re:Crappy, but not in the way that the Trolls say. (1)

Jeng (926980) | more than 2 years ago | (#40247401)

I haven't really kept up with the using two video cards in combination issues since I have not had a system that uses more than one video card yet so I have a question.

Is Nvidia's SLI set up better, and if so in which ways, and how much better?

Breaks an already broken security standard (1)

Jeng (926980) | more than 2 years ago | (#40247331)

As the MS blog in the second link stated, DEP + ASLR is already being exploited and that blog post is two years old at this point.

Still wish AMD/ATI would improve their drivers.

Re:Breaks an already broken security standard (1)

Billly Gates (198444) | more than 2 years ago | (#40247451)

It is pretty hard to do if you have a 64 bit version of Windows. In 32 bit you can spray until you hit something good as the address space is so much smaller assuming you make it past the sandbox of the non FF browser.

Still I have seen it work with my own eyes cut down malware in any organization that leaves XP behind. YOu can exploit it but then a patch from MS will fix it. It is not an exploit where it is useless forever and simple to get around. IT may not be perfect but it is very effective if you keep your 64 bit system patched and do not run flash. I think the latest flash maybe sandboxed.

Latest drivers may fix this (1)

Billly Gates (198444) | more than 2 years ago | (#40247405)

I am using an old laptop with Windows 8 to type this with an ati chipset. I noticed Windows 8 kept freezing and having issues until ATI came out with an experimental driver.

I used Regedit and found nothing with EMIT and UnsafeSettings in the registry as Windows 8 enables this by default. Now I know why it had so many issues before.

I do hope this issue is resolved as I always correct XP loyalists trolls on Slashdot saying how secure Win 7 is for these reasons. ASLR and DEP cut malware in half in any enterprise that migrates ... well except if they have ATI chipsets or cards. THis really blows for me as I refuse to run Metro garbage on my main work desktop and will not void my warranty by ditching my ATI card.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?