Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NVIDIA Releases Fix For Dangerous Display Driver Exploit

Soulskill posted about a year and a half ago | from the nothing-like-fixing-bugs-over-the-holidays dept.

Security 84

wiredmikey writes "NVIDIA on Saturday quietly released a driver update (version 310.90) that fixes a recently-uncovered security vulnerability in the NVIDIA Display Driver service (nvvsvc.exe). The vulnerability was disclosed on Christmas day by Peter Winter-Smith, a researcher from the U.K. According to Rapid7's HD Moore, the vulnerability allows a remote attacker with a valid domain account to gain super-user access to any desktop or laptop running the vulnerable service, and allows an attacker (or rogue user) with a low-privileged account to gain super-access to their own system. In addition to the security fix, driver version 310.90 addresses other bugs and brings performance increases for several games and applications for a number of GPUs including the GeForce 400/500/600 Series."

cancel ×

84 comments

Sorry! There are no comments related to the filter you selected.

No 7-series support? (1)

qwertphobia (825473) | about a year and a half ago | (#42493199)

Looks like they're now dropping support for the Geforce 7-series cards. Bummer, I have a 7800GT and it's still pretty quick.

Re:No 7-series support? (3, Informative)

Anonymous Coward | about a year and a half ago | (#42493265)

Really? Try this page.
http://www.geforce.com/drivers/results/49740 [geforce.com]
Still plenty of support for the 7 series.

It's also pretty old (4, Insightful)

Sycraft-fu (314770) | about a year and a half ago | (#42493513)

About 7.5 years old. It is reasonable that they cease supporting it with new drivers. You can still get drivers for it, they have drivers for OSes up to and including Windows 8, they just aren't keeping support in newer unified drivers.

Sounds pretty reasonable to me. They gave you over 7 years of driver updates. It is fairly unrealistic to assume that they'll continue with new support forever, particularly given that there is little reason. The 7 series can't do WDDM 1.1 or 1.2, it can't handle DirectX 10, 10.1, 11 or 11.1, it can't do CUDA, DirectCompute or OpenCL. There is just little in the way of things to implement for it.

If you wish to continue using the card, no problem (though be aware that an Intel 4000 series GPU found in Ivy Bridge processors is likely to be faster, and certainly has far more features) just use the 306 series drivers. It will continue to operate with those no problem.

If the security issues is what you are worried about, it looks like it only affected the 310 drivers, so no issues there.

Re:It's also pretty old (4, Insightful)

Billly Gates (198444) | about a year and a half ago | (#42493599)

Nvidia and ATI have great cheap $49 cards if you want aero. That can cream the gaming 7800 series easily. No meed to get a new system.

If it is on XP you have a lot more security issues than this card though.

Re:It's also pretty old (1)

Lost Race (681080) | about a year and a half ago | (#42499125)

If it is on XP you have a lot more security issues than this card though.

Such as?

I have a few XP systems that are still getting regular automatic patches and updates from Microsoft. You seem pretty confident that all XP systems are vulnerable, so you must be aware of something specific. Care to share?

Re:It's also pretty old (2)

qwertphobia (825473) | about a year and a half ago | (#42493949)

Yes, it's reasonable, that doesn't mean I like it. I won't gracefully give up my right to complain on the Internet.

Frankly it's linux kernel compatibility I'm most concerned about. If Fedora 18 comes out next week with an updated kernel which breaks compatibility with the current 7-series driver, what are the chances it's going to get fixed?

In the other hand, things are moving along in the Nouveau open source driver [slashdot.org] so there are alternatives.

Re:It's also pretty old (1)

drinkypoo (153816) | about a year and a half ago | (#42494729)

I got a 1GB 610GT for $12 on Black Friday. It's in my system right now because the new fan for my 240GT (still better than the budget cards, anyway) has only just arrived. It's a gimped 520 IIRC and still better than your 7800. Its specs are almost as good as my 240GT (which was a spectacularly good core when the card was new, in spite of it being based on a core which was already old when it was released) but it has 1/4 the fill rate so 1920x1200 is murder.

I do miss the days when the nVidia driver went all the way back to geforce, but not very much. My oldest card is a 9600 and I don't even use it, it's just my backup for my backup.

Re:It's also pretty old (0)

Anonymous Coward | about a year and a half ago | (#42496843)

Frankly it's linux kernel compatibility I'm most concerned about. If Fedora 18 comes out next week with an updated kernel which breaks compatibility with the current 7-series driver, what are the chances it's going to get fixed?

The 7 series will be supported on Linux through 2017 [custhelp.com] .

Re:It's also pretty old (1)

davydagger (2566757) | about a year and a half ago | (#42493979)

" it can't do CUDA, DirectCompute or OpenCL"

nouveau is feature complete for 2D and 3D rendering, in addition, without OpenCL, CUDA, or the bells and whistles of new hardware, it just might work better for this guy's application.

nouveau renders the world wide web just fine, it also works all the way back to NV04.

Your also not going to be playing the latest games on your old video card anyway.

Re:It's also pretty old (1)

Anonymous Coward | about a year and a half ago | (#42494755)

NVC0 family [400 series]
All sorts of fun. Feature-wise it isn't too different but the architecture has changed a lot.
These cards are generally working with the latest kernel and Mesa but may still have power management issues. It is recommended to use the Linux 3.1 kernel or newer (or a backported driver from this kernel).

Oh yea, it sounds perfect!

Re:It's also pretty old (2)

hairyfeet (841228) | about a year and a half ago | (#42496759)

Ya know, I never understood why folks have a fit when Nvidia and AMD drop support, as you pointed out they are several years old now and simply can't do WDDM 1.2 which is required for all the features of Win 8. MSFT has always had legacy drivers built in so you probably won't need a driver at all for an Nvidia 7 or 8, and on the AMD side 2, 3, and 4, so what is there to complain about?

Hell my HD4850 has had support dropped for nearly a year but Win 7 and all my games run fine so why should I care? Its not like these cards are gonna magically have more performance squeezed out of them via software, all the bugs are pretty much worked out by now, so what good would new drivers do? Considering the fact you can buy an Nvidia 210 for like $20 that will run rings around the old 7 series if he really wants to run win 8 he'd be better off just getting a new card and if he is on XP-7 it should run just fine with the drivers he has.

The only place i could see it being a problem is Linux but until Torvalds joins the rest of the world and has a stable ABI so older drivers can work on the latest kernel its either the hacked together FOSS drivers or you're SOL. Neither Nvidia nor AMD will ever be able to fully open their drivers thanks to HDCP, AMD were able to give around 65% but that's it and with Nvidia you run a supported card or give it up. But you can't blame the GPU companies for that, when its no longer supported that's it and if the old drivers won't run tough luck, you can't expect them to pay a team of devs to support cards they aren't even selling anymore.

Re:No 7-series support? (0)

Osgeld (1900440) | about a year and a half ago | (#42493765)

your probably the jerk who drive a 72 buick on the interstate cause it feels fine at 55mph

I dont like upgrading, but a 7800 was like 3 machines ago ... cause its a nearly 8 year old card

Re:No 7-series support? (1)

qwertphobia (825473) | about a year and a half ago | (#42493915)

Not far off.. it's a '96 f-150 and I drive it like I stole it some days. And I get what you're trying to say... but my 7800 runs just fine and these days 90% of my time on my PC is spent in email and web browsers.

Re:No 7-series support? (1)

Osgeld (1900440) | about a year and a half ago | (#42494045)

then you would be fine on any card, whats the problem, use the windows default drivers

Re:No 7-series support? (1)

Anonymous Coward | about a year and a half ago | (#42494245)

here you go a nice affordable replacement [newegg.com] for your aging card. yeah yeah no need to thank me for the hot find. it's a real steal!

Re:No 7-series support? (0)

Anonymous Coward | about a year and a half ago | (#42497925)

Actually, most of those older land-barge cars feel fine at much higher speeds than most of the subcompact cars that are popular today. I know, I drive the modern version of one of those--a Crown Victoria--and, having come from a Toyota Corolla where 120 km/h started to feel worrisome (top speed 160 km/h for my year, after all) I have to actually monitor my speed now to ensure I don't get a ticket. The Crown Vic can get to 160 km/h+ on the highway and I don't even notice it other than whizzing by the other traffic.

Now, I'm not saying the old-style BOF, RWD, live axle, huge vehicles are safe at those speeds, but the feeling presented to the driver is that they can do it safely.

Re: No 7-series support? (0)

Anonymous Coward | about a year and a half ago | (#42494435)

7800GT? Quick?

No it isn't.

Re:No 7-series support? (1)

Elbart (1233584) | about a year and a half ago | (#42494723)

They've announced to stop support 6- and 7-series a few months back. You should be reading the release notes once in a while.

nvvsvc.exe (0)

Anonymous Coward | about a year and a half ago | (#42493211)

What does nvvsvc.exe do anyhow?

Re:nvvsvc.exe (0)

Anonymous Coward | about a year and a half ago | (#42493273)

Nothing! [youtube.com]

Re:nvvsvc.exe (0)

Anonymous Coward | about a year and a half ago | (#42493633)

I have no idea, but I have always disabled it ever since it was introduced with absolutely no adverse effects. I've tried searching for an exact answer as to what it's supposed to do, but every single answer is some clueless moron saying it's "part of the Nvidia driver" and to "leave it alone". I don't care how little RAM or CPU time a service is using, if it's unnecessary, it's gone. In my experience it's completely unnecessary and you can safely disable it.

Re:nvvsvc.exe (1)

X0563511 (793323) | about a year and a half ago | (#42494763)

Probably detecting driver freezes and restarting it.

It's something I've only seen happen rarely - but I've had a game "lock up" for a few seconds, only to be greeted by a notification that the driver froze and was restarted. The game died, but the whole system did not (without this functionality it would have been a power cycle)

Re:nvvsvc.exe (1)

jones_supa (887896) | about a year and a half ago | (#42495125)

Isn't that functionality built in Windows instead of nvvsvc.exe?

Re:nvvsvc.exe (1)

X0563511 (793323) | about a year and a half ago | (#42495807)

I don't believe so, but I could be wrong. If it is, it doesn't seem to trigger correctly for ATI/AMD cards when I've had some limited time using them.

Re:nvvsvc.exe (0)

Anonymous Coward | about a year and a half ago | (#42495953)

It has been starting with Vista.
Windows XP however does not have the the ability to dynamically stop, start, and restart display drivers and detect eventual crashes. So there such a service is needed.

Re:nvvsvc.exe (1)

jones_supa (887896) | about a year and a half ago | (#42495963)

It works for Intel cards.

Dangerous ? Nope. (4, Interesting)

lemur3 (997863) | about a year and a half ago | (#42493325)

Not like a CRT catching fire...

I remember hooking up an old CRT to the wrong video card.. one with way too a high resolution for that screen..

A while later, hooked up to the correct video card, I noticed a bit of smoke coming out from where the dials were.. removed the case.. plugged it in again to see if it was OK .. it burst into 3 foot high flames.

thankfully a fire extinguisher was about 3 feet away... mom would have been awfully mad if i had burned down the house.... scared the bejeezes out of me ... the burnt electrical smell was horrendous..

(bonus: it was a fancy no mess extinguisher)

lesson learned.

Re:Dangerous ? Nope. (5, Funny)

earlzdotnet (2788729) | about a year and a half ago | (#42493341)

The more I learn about the past of computing the more I'm convinced they only ever considered one failure mode: catastrophic.

Re:Dangerous ? Nope. (-1)

Anonymous Coward | about a year and a half ago | (#42493435)

I permanently damaged my Commodore by doing a killer poke. Then, after the monitor caught fire and I put it out, I pulled out the burned remains of the CRT. Then I took a fat shit in the monitor case...

So--so I turned my Commodore...into a commode! Heeheeheehahahahahooooooooo!

Re:Dangerous ? Nope. (4, Informative)

Anonymous Coward | about a year and a half ago | (#42493453)

http://en.wikipedia.org/wiki/Lp0_on_fire

Re:Dangerous ? Nope. (1)

X0563511 (793323) | about a year and a half ago | (#42494781)

I raise you a CPU opcode, HCF [wikipedia.org]

Re:Dangerous ? Nope. (1)

Anonymous Coward | about a year and a half ago | (#42493391)

It appears as though you have found a use for is_computer_on_fire().

http://www.tycomsystems.com/beos/BeBook/The%20Kernel%20Kit/System.html

Good old BeOS. Man I miss that operating system (though Haiku fills that gap nicely), but moreso the radical hardware that came with it (BeBox).

No it didn't (1)

ArchieBunker (132337) | about a year and a half ago | (#42493465)

I've *NEVER* heard of a single instance of a refresh rate or too high of a scanning frequency causing monitor failure. Seems like a trivial thing to fix for a monitor manufacturer. Would you sell a product that shot out fire if someone clicked a slider setting too high?

Re:No it didn't (0)

Anonymous Coward | about a year and a half ago | (#42493547)

Later CRTs simply switch off if you try to drive them too high, older ones didn't.

I remember a shitty 14" CRT I had to use for a while that couldn't support anything over 800x600@60Hz, but, damn, it tried. No bursting in flames, but that noise and those pictures weren't pretty. Some extra shitty hardware could probably go up in flames like that.

Or maybe it was just something like poor grounding and shock while plugging/unplugging it live in OP's case.

Re:No it didn't (1)

lemur3 (997863) | about a year and a half ago | (#42493723)

it was one of these..

GATEWAY 2000 CRYSTALSCAN 1024NI

  http://meghan.schnooze.com/Photos/ToSell/monitor.jpg [schnooze.com]

think it was 14 inch..

and to the naysayers! yes! it really did happen.

Re:No it didn't (1)

Black LED (1957016) | about a year and a half ago | (#42493839)

But dude! Crystalscan! CRYSTALSCAN!

Re:No it didn't (0)

Anonymous Coward | about a year and a half ago | (#42497917)

While I don't doubt that your monitor blew up, I *DO* doubt it blew up because your refresh was too high.

I'm guessing you powered off the crt when you swapped leads? My memory seems to recall this particular beastie had four diodes for the rectifier, instead of an all-in-one bridge. If just one of those failed shorted when you plugged it back in/turned it on (inrush current), then it would still power up, but with a heavy AC component now feeding into the rest of the circuits (and capacitors). Fireworks will soon ensue.

Just sayin'

Re:No it didn't (1)

Kjella (173770) | about a year and a half ago | (#42494087)

I think I experienced that. It was in the 80s, old IBM PC and somehow the machine froze - not just the screen but it didn't respond to input or anything, but I left it running in the hope it'd recover. Suddenly there was a rather loud bang as a capacitor blew and released its magic smoke. Of course it could be coincidence, but I suspect it was the computer crashing and sending a very bad signal to the screen. This was the age where you'd check machine and screen compatibility before plugging it in, probably for a good reason.

Re:No it didn't (1)

drinkypoo (153816) | about a year and a half ago | (#42494721)

I've *NEVER* heard of a single instance of a refresh rate or too high of a scanning frequency causing monitor failure.

It's not the kind of thing that is likely to crop up, is it? The only monitors which will even try to sync to a bad frequency were ancient multisyncs, modern ones are smart enough to detect a signal out of range. And you'd pretty much have to have some bad hardware for it to happen.

Re:No it didn't (1)

ais523 (1172701) | about a year and a half ago | (#42495445)

If you overclock a monitor, you can expect similar results to if you try to overclock a CPU. (In general, it's going to overheat.) Because it's rather easier to do by mistake than it is for a CPU, monitors tend to check for it nowadays and cut out intentionally.

Re:No it didn't (1)

ATMD (986401) | about a year and a half ago | (#42498389)

Would you sell a product that shot out fire if someone clicked a slider setting too high?

I have one of those, I use it for sticking bits of metal together.

Re:Dangerous ? Nope. (-1)

Anonymous Coward | about a year and a half ago | (#42493559)

Not like a CRT catching fire...

I remember hooking up an old CRT to the wrong video card.. one with way too a high resolution for that screen..

A while later, hooked up to the correct video card, I noticed a bit of smoke coming out from where the dials were.. removed the case.. plugged it in again to see if it was OK .. it burst into 3 foot high flames.

thankfully a fire extinguisher was about 3 feet away... mom would have been awfully mad if i had burned down the house.... scared the bejeezes out of me ... the burnt electrical smell was horrendous..

(bonus: it was a fancy no mess extinguisher)

lesson learned.

Bullshit...

Re:Dangerous ? Nope. (1)

jamesh (87723) | about a year and a half ago | (#42493757)

Not like a CRT catching fire...

I remember hooking up an old CRT to the wrong video card.. one with way too a high resolution for that screen..

A while later, hooked up to the correct video card, I noticed a bit of smoke coming out from where the dials were.. removed the case.. plugged it in again to see if it was OK .. it burst into 3 foot high flames.

thankfully a fire extinguisher was about 3 feet away... mom would have been awfully mad if i had burned down the house.... scared the bejeezes out of me ... the burnt electrical smell was horrendous..

(bonus: it was a fancy no mess extinguisher)

lesson learned.

Bullshit...

Possibly, but not necessarily. Older hardware wasn't always manufactured to "must not burn" specifications, and scanning at too high resolution could definitely cause damage to the monitor (and there were warnings in the manuals to that effect). My guess would be that the damage would be through overheating so fire is definitely a possibility, especially if the thing is full of flammable crud (fluff, paper dust, etc). 3 foot high flames might be an exaggerated memory of a distant past but I'm willing to believe the essence of the story.

Re:Dangerous ? Nope. (1)

Black LED (1957016) | about a year and a half ago | (#42493889)

I have never seen flames come out of a CRT display, but I have witnessed at least two which have died after emitting a decent amount of black smoke. One was an old 14" Hyundai SVGA monitor and the other was a Compaq of some sort. The Hyundai had been in use for years at that point and had already suffered some kind of circuit board failure that prevented the the blue gun from firing, resulting in a golden image tone.

Re:Dangerous ? Nope. (2)

Gaygirlie (1657131) | about a year and a half ago | (#42494373)

Bullshit...

I doubt that. I've actually seen myself an old CRT bursting into flames shortly after I noticed the plastic on its side turning brownish and starting to melt. The thing is, CRTs are a very much different kind of a beast than our LCDs and a CRT can indeed be permanently damaged just by sending a wrong kind of a signal. Sending a wrong signal enough could cause the capacitors to blow and this could result in a fire. Have you ever opened a CRT-display? Those things have huge voltages going on there. I once opened this 21" high-end CRT and the warning labels on the rails there read 17,000 volts.

Re:Dangerous ? Nope. (0)

Anonymous Coward | about a year and a half ago | (#42498573)

So I take it you have never heard of fixed frequency monitors?

Hmmm, oh well. Your loss. I was enjoying 1600x1200 in 1995 for about $200 on a trinitron monitor (that was one attached to a Textronix workstation) because of that.

Re:Dangerous ? Nope. (1)

mrmeval (662166) | about a year and a half ago | (#42494819)

NEC had one glorious little monitor, pretty thing and expensive but if were plugged into the wrong card it would most of the time sheer the picture tube off, it would at best damage the phosphor. This would happen right at the part of the yoke closest to the face. Couple an odd reaction by the vertical circuit to a higher vertical frequency to an increase in horizontal frequency resulting in a very high boost in high voltage unchecked by an inadequate x-ray protect and you had in effect an electron cutting beam till air entered and arcing caused it to finally draw enough current to trip the safety. NEC just replaced them with more expensive units.

Re:Dangerous ? Nope. (1)

ATMD (986401) | about a year and a half ago | (#42496225)

Nice screen saver.

Re:Dangerous ? Nope. (1)

Shark (78448) | about a year and a half ago | (#42497693)

Made in Britain?

Re:Dangerous ? Nope. (2)

Zero__Kelvin (151819) | about a year and a half ago | (#42498563)

"mom would have been awfully mad if i had burned down the house"

... until she realized that it finally got you out of her basement?

Let's see how long it takes to download. (-1)

Anonymous Coward | about a year and a half ago | (#42493433)

Hmm, less than 30 seconds. Peaked at 8.4 MB/s.

Sucks to be you people who noticed this late.

Re:Let's see how long it takes to download. (0)

Anonymous Coward | about a year and a half ago | (#42493591)

Not all of us can masturbate to a 8.4MB/s internet connection. Many of us are less fortunate and can only get a 10KB/s connection.

Re:Let's see how long it takes to download. (1)

Osgeld (1900440) | about a year and a half ago | (#42493769)

what sucks is a 170 meg driver download, thats just fucking stupid

sadly enough I think they got a little smaller

Don't want all the 'bells & whistles'? (0)

Anonymous Coward | about a year and a half ago | (#42494263)

Do this (to install ONLY the driver): Open the driver distro with WinRar to install ONLY the driver, doing the following (on Windows)

---

1.) Extract out the "Display.Driver" folder to your harddisk (137mb sized, vs. 173mb full distro file = a 36mb size savings which you can use again & again as noted below...)

2.) Open up devmgmt.msc (an mmc.exe console snapin (& select "Display Adapters", highlight & right-click on the NVidia unit displayed))

3.) Select "Update Driver Software" from the popup menu, & point the updater to where you extracted the "Display.Driver" folder from the driver distro file on your harddisk earlier...

DONE!

---

* There ya go... & you can save that Display.Driver folder for future subsequent driver installs too, & reuse it again (it is MUCH tinier & supplies the basics).

(Nicest part is, it is easy to "rollback"/get out of, since the system will fallback onto SVGA base driver if anything "goes wrong" here, but it shouldn't since the drivers are WHQL tested, usually - but, this should allow you to install whatever version it is you last had running RIGHT, easily...).

APK

P.S.=> Lastly - If the SIZE of the inital driver distro file bugs you?

THEN, Don't download the "INTERNATIONAL" model of the driver distro!

(It's much larger due to having to house all the extra data for diff. languages/nations, especially if you do NOT require them....)

E.G.-> 310.70 International model = 215mb & 310.90 non-internation model = 173mb...

... apk

Re:Let's see how long it takes to download. (1)

jittles (1613415) | about a year and a half ago | (#42495507)

Part of the reason the driver is so big is because they now package all cards into one driver. Well, at least all of their GeForce cards. You literally have generations worth of drivers in one file. Sure they added the PhysX and the HD AUdio driver, 3D crud, and a few other things. However, I think most of that size comes from different driver files. I don't think all of them get installed.

True - might even make my trick tinier! (0)

Anonymous Coward | about a year and a half ago | (#42497019)

http://hardware.slashdot.org/comments.pl?sid=3361043&cid=42494263 [slashdot.org]

* That helps, albeit ONLY imo, if you're looking for BASIC functionality only (minus stuff like the nvtray control panel which DOES offer some niceties, like saving games 'tweaked' how you like, minus having to tune each game via its OWN config files (takes time + mistakes in & of itself), vs. having the driver "override" for you, via this nicety!

APK

P.S.=> I mean, I put out the 64-bit driver sizes in my last post too (omitted mentioning that, & they ARE larger due to pointers being larger alone, than their 32-bit couterparts).

What you're noting would ALSO help!

Simply by 'busting up' the monolithic driver size into card model specific versions instead!

(Assuming, of course, that the architecture isn't so "alike" across say, 400-500-600 series boards, etc., hardware-wise, where it would NOT demand tinier individual drivers in .sys files)...

... apk

Turn your flipping auto-updater on (2)

GodfatherofSoul (174979) | about a year and a half ago | (#42493473)

The days of trying to manually screen each update your system needs are over. Too many components are vulnerable and the turnaround time for an exploit is too short.

Re:Turn your flipping auto-updater on (0)

Anonymous Coward | about a year and a half ago | (#42493905)

Good luck with that if you have a laptop.

OEMs are notorious for lagging on updating drivers. The latest video drivers that Dell has for my Quadro-based laptop are 259.70, which was released in January 2011. It's only recently that NVIDIA has taken the matter into their own hands and started rigging their generic drivers to work with laptop parts, and even then they still have to warn on the driver download page about possible issues and required patches for specific laptops. There is also pretty much an entire website dedicated to hacking NVIDIA driver INFs for this purpose [laptopvideo2go.com] .

Re:Turn your flipping auto-updater on (2)

DrXym (126579) | about a year and a half ago | (#42494271)

Laptop driver support can be *horrible* because manufacturers twiddle with the chipsets params so that means their drivers are machine specific and certified. I'm writing this on an old netbook with Intel IGP. The OpenGL implementation is bugged so I want to install a later driver which is up on Intel's site. Can I install this driver? No because it decides "the driver being installed is not validated for this computer". And HP don't give a fuck about providing a certified version.

Re:Turn your flipping auto-updater on (1)

jones_supa (887896) | about a year and a half ago | (#42495361)

Which netbook?

Re:Turn your flipping auto-updater on (1)

DrXym (126579) | about a year and a half ago | (#42495505)

An HP Mini 210. OpenGL ES 2.0 driver is totally broken - I'm on holiday and using it for development and the driver just crashes whenever glLinkProgram is called. Seems to be a widespread issue so I assume it's a driver fault.

Re:Turn your flipping auto-updater on (1)

Black LED (1957016) | about a year and a half ago | (#42494301)

I have been using notebook drivers direct from Nvidia for quite some time; at least since I bought the laptop prior to my current one, which would have been in late 2008. Maybe it was different for the Quadro, but they have had mobile GeForce drivers available for download for years.

I don't know if this will work for you, but here are the Quadro Notebook Drivers v310.90 [nvidia.com] dated yesterday.

Re:Turn your flipping auto-updater on (1)

jittles (1613415) | about a year and a half ago | (#42495535)

I have been using notebook drivers direct from Nvidia for quite some time; at least since I bought the laptop prior to my current one, which would have been in late 2008. Maybe it was different for the Quadro, but they have had mobile GeForce drivers available for download for years. I don't know if this will work for you, but here are the Quadro Notebook Drivers v310.90 [nvidia.com] dated yesterday.

Whether you can install the latest and greatest drivers from NVidia, or have to download from your OEM depends on the OEM. They usually tweak some settings (PCI Device ID) specifically so that the default NVidia drivers will not install. They do this for support purposes. You can modify the INF for the Nvidia drivers and force them to install, but it can be a pain to get them working right sometimes. For instance, when Vista came out, I bought a new laptop. Dell restricted the drivers so I couldn't use the Windows XP drivers for my video card. I had to find this solution to be able to run XP on the device.

Re:Turn your flipping auto-updater on (1)

Black LED (1957016) | about a year and a half ago | (#42495887)

That used to be true, but it hasn't been like that for a long time. The Nvidia notebook drivers seem to be pretty universal. While I can't say with certainty that they will work with all laptops, I haven't run across that particular problem in years. I've installed the unified notebook drivers across a dozen different models among perhaps a half dozen brands, none of them any older than seven years, and they have worked without any fuss.

All I can recommend is for you to give them a shot. They will probably work.

Re:Turn your flipping auto-updater on (0)

Anonymous Coward | about a year and a half ago | (#42493935)

Oh yeah, like I'm going to let everything that has it's own auto-updater run whenever the fuck it feels like. I think not. I actually like my machine to boot quickly instead of having umpteen different things all trying to check to see if they need updating at the same goddamn time. I don't let them schedule themselves either because most of the ones for things I use seem to want to stay resident all the damn time even if they aren't due to check for an update for several days. Nevermind that windows can schedule them to run, oh no, they've got to load on startup and stay resident.

Fuck that noise. Updaters run when I schedule them to run and not at any other time.

Re:Turn your flipping auto-updater on (0)

Anonymous Coward | about a year and a half ago | (#42494309)

You're doing it wrong.

> like I'm going to let everything that has it's own auto-updater run whenever the fuck it feels like.

All driver updates are downloaded by the system updater, which can be configured when it should run. Or disabled and run manually, if you really want.

You also confuse "check for updates" and "actually update". When the system updater detects new updates, it asks you if you want to install them now or later.

> I actually like my machine to boot quickly instead of having umpteen different things all trying to check to see if they need updating at the same goddamn time.

The system updater checks at regular intervals, not every boot.

> I don't let them schedule themselves either because most of the ones for things I use seem to want to stay resident all the damn time even if they aren't due to check for an update for several days.

They don't stay resident, they are run by the Task Scheduler or Cron Daemon (or equivalent), and the latter is the only thing that stays resident.

> Nevermind that windows can schedule them to run, oh no, they've got to load on startup and stay resident.

This sentence contradicts to itself. If Windows can schedule them they don't have to load on startup or stay resident.

Re:Turn your flipping auto-updater on (0)

Anonymous Coward | about a year and a half ago | (#42494331)

Unfortunately nvidia broke their auto-updater. The updates user is created with an expiring password. When the password eventually expires, it breaks the auto-updater.

Re:Turn your flipping auto-updater on (0)

Anonymous Coward | about a year and a half ago | (#42494825)

Yeah, this has always bugged the hell out of my. Why the fuck did Nvidia decide the only way they could update a graphics driver, was to create A WHOLE NEW USER on my computer? No over piece of software or driver needs this. Did no-one at nividia stop and think what they were doing wrong, or give the boys at Microsoft or whatever a call to ask about the correct way of doing this?

Re:Turn your flipping auto-updater on (0)

Anonymous Coward | about a year and a half ago | (#42496263)

The problem with auto-update is the way that, occasionally, a system that is functioning perfectly fine will get borked by a broken update, or install something incompatible with some other software that is essential. There have been plenty of stories here on slashdot about updates that have been pushed out without enough testing. It has happened even for critical OS updates, let alone individual applications that have gone bad. On top of that, some OS (read: Windows) have upteen different update tools, one for every application/driver set. All that stuff running in the background has to be maintained too, and apart from the resource hogging and constant phoning home, it can have its own security flaws.

My solution is to strip out everything that is unnecessary (e.g., nvvsrv.exe wasn't even running on my machine -- I had already killed it). That pre-emptively deals with a surprising amount of problems. Adobe Reader, for example, has all sorts of fluff that I don't use most of the time, so it's removed or disabled. When I have checked, most of the security updates that it has received in the last few years were in components I had already disabled. It's like leaving JavaScript, Flash, or Java enabled by default in your browser. Do people still do that, and count on auto-update to save them when the next inevitable flaw shows up? I still update regularly, but there's no way I'm turning it on automatically. The principle that "If it isn't broke, don't fix it" still applies.

ATI had an exploit too (5, Insightful)

Billly Gates (198444) | about a year and a half ago | (#42493583)

Do we as geeks and IT professionals need to worry about this?

First it was the OS that got you owned. Then when Linux, Macosx, and NT/XP came it was about IE. IE 5.5 and 6 were instant targets. Then as that died off it was flash, java, and ODF addons.

Are video drivers next? Which never gets updated? The video drivers. Which has its own cpu, ram, and is never checked by AV? The video card. A reflash would be a nightmate.

Re:ATI had an exploit too (0)

Anonymous Coward | about a year and a half ago | (#42493635)

Gamers update their graphics drivers frequently and windows update has a habit of pushing WHQL driver updates.

Re:ATI had an exploit too (0)

Anonymous Coward | about a year and a half ago | (#42494333)

Which sucks badly. If you have a higher driver version installed, in some cases, Windows (7) update fails, crashes and takes a few boots to recover.

Re:ATI had an exploit too (0)

Anonymous Coward | about a year and a half ago | (#42497003)

Windows update only crashes if you are a moron.

Re:ATI had an exploit too (4, Interesting)

DrXym (126579) | about a year and a half ago | (#42494311)

Do we as geeks and IT professionals need to worry about this?

Absolutely. WebGL allows any random website to tap your hardware through the browser. WebGL is essentially OpenGL ES 2.0 give or take a few APIs and is supported by just about every modern browser except IE. Some enable WebGL by default on suitable hardware, some have it disabled by default. When it is enabled a page has carte blanche to abuse the chipset six ways to sunday. The only protection afforded by browsers is the driver has to implement a GL extension called GL_EXT_robustness which says the driver promises, fingers crossed to be really good about checking and recovering from errors.

ActiveX had something similar called the "safe for scripting" bit. IE wouldn't load a page unless the control said it was safe and look what happened there. While there are less graphics drivers than activeX controls, it's easy to imagine a driver version claiming it's robust when in fact it isn't. It's easy to imagine a malicious site using that fact to break a lot of machines. I assume browsers could implement a whitelist of "good" drivers and update the list in addition to checking for the extension but it's obviously imperfect and offers additional browser exploits where none existed before.

Re:ATI had an exploit too (0)

Anonymous Coward | about a year and a half ago | (#42495295)

Interestingly enough, thanks to the manufacturers making it harder and harder to find legacy drivers for older cards, I find myself constantly downloading drivers from third-party "driver database" websites. Will we start to see an age where loads of rogue sites start popping up and releasing malware through drivers?

Re:ATI had an exploit too (0)

Anonymous Coward | about a year and a half ago | (#42497753)

Ummm... Nvidia easily provides access to drivers back to the Geforce 5 FX series, which is now 10 years old - which I think is pretty damn reasonable. BTW, what makes you think those shady 3rd party driver sites aren't already filled with malware? Enjoy your virus laden crap drivers.

NVidia forgot to test their drivers again ... (1)

Cammi (1956130) | about a year and a half ago | (#42496867)

A NVidia, how about fixing your drivers so that it will stop quit providing a signal on windows 8 machines after an hour or so? Should have tested your drivers before release.

Re:NVidia forgot to test their drivers again ... (1)

Zero__Kelvin (151819) | about a year and a half ago | (#42498585)

" how about fixing your drivers so that it will stop quit providing a signal on windows 8 machines after an hour or so"

You make that plus sound like a drawback.

Re:NVidia forgot to test their drivers again ... (1)

Cammi (1956130) | about a year and a half ago | (#42513093)

If a driver does not work, it is not a plus. For instance ... you would not be on a computer ...

Re:NVidia forgot to test their drivers again ... (1)

Zero__Kelvin (151819) | about a year and a half ago | (#42513173)

"If a driver does not work, it is not a plus. For instance ... you would not be on a computer ..."

... and by logical inference, if a driver for Windows 8 does not work, I would not be using a Windows 8 computer. Ergo, it is not a drawback; it is a major plus. Please try to follow along with the rest of the class.

Re:NVidia forgot to test their drivers again ... (1)

Cammi (1956130) | about a year and a half ago | (#42608841)

Yeah, that made no sense. Please try to follow along with the rest of the class.

Re:NVidia forgot to test their drivers again ... (1)

Zero__Kelvin (151819) | about a year and a half ago | (#42609379)

I know you are but what am I ...

Drivers and the network (1)

obeythefist (719316) | about a year and a half ago | (#42500681)

Excuse me if this is a dumb question, but why is the display driver exposed to the network at all?

Re:Drivers and the network (1)

hobarrera (2008506) | about a year and a half ago | (#42502043)

No network access as far as I can see:

the vulnerability allows a remote attacker with a valid domain account to gain super-user access

You need an account on the machine to log into it first.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>