1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News AMD accused of poking holes in Windows security

Discussion in 'Article Discussion' started by brumgrunt, 8 Jun 2012.

  1. brumgrunt

    brumgrunt New Member

    Joined:
    16 Dec 2011
    Posts:
    1,009
    Likes Received:
    27
  2. Griffter

    Griffter New Member

    Joined:
    1 Jun 2012
    Posts:
    414
    Likes Received:
    1
    interesting... but how can anyone blame another company for not being compatible with a company that decides one day they want something else.. so all others must change to support it?
     
  3. dicobalt

    dicobalt New Member

    Joined:
    21 Mar 2009
    Posts:
    169
    Likes Received:
    2
    Wow this is pretty serious. How could ATI go so long with this problem? Is it only recently a problem? I can't believe nobody has noticed yet. Anyways I am amazed AMD would knowingly release software like that.
     
  4. Alecto

    Alecto Member

    Joined:
    20 Apr 2012
    Posts:
    134
    Likes Received:
    1
    "Wow this is pretty serious. How could ATI go so long with this problem? Is it only recently a problem? I can't believe nobody has noticed yet. Anyways I am amazed AMD would knowingly release software like that."

    It is a problem with a feature that is disabled by default. This is not to say that AMD's drivers aren't crappy - they are, but blaming them for incompatibility with somthing that is disabled by default and apparently isn't used anywhere is like complaining about 3D acceleration not working in DOS version of Tomb Raider compiled for Glide ...
     
  5. Harlequin

    Harlequin Well-Known Member

    Joined:
    4 Jun 2004
    Posts:
    7,071
    Likes Received:
    179
    EMET is not installed by default on any windows machine - and since EMET 2 has been out 2 1/2 years , for retail users its not that big a deal
     
  6. Flibblebot

    Flibblebot Smile with me

    Joined:
    19 Apr 2005
    Posts:
    4,637
    Likes Received:
    150
    Quite. I think the bigger issue here is not so much AMD's incompatible drivers, but Microsoft including an important security feature that is turned off by default. Is there a reason for this - does it make a system less stable, or does it cause Windows programs to run slower?
     
  7. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,781
    Likes Received:
    1,479
    The reason, according to US-CERT, is AMD's drivers: Microsoft can't turn it on by default, 'cos then (insert AMD's market share per cent) of systems will blue-screen and die.
     
  8. Harlequin

    Harlequin Well-Known Member

    Joined:
    4 Jun 2004
    Posts:
    7,071
    Likes Received:
    179
    the reg key you need to look for is:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\EnableUnsafeSettings

    and if you dont have the optional and downloaded from MS EMET you dont have the reg key anyway (not present on my GTX 480 system)
     
  9. yougotkicked

    yougotkicked A.K.A. YGKtech

    Joined:
    3 Jan 2010
    Posts:
    251
    Likes Received:
    9
    I get the feeling that ASLR is disabled by default due to a performance overhead, not compatibility issues. I don't know the precise workings of the tech (I doubt anyone without a security clearance does), but based on my understanding of stack discipline and data addressing, I can make some reasonable assumptions. If those assumptions are right, ASLR would add a step or two to certain kinds of instructions. The result could easily be a substantial performance hit.

    In order for a buffer overflow attack to happen, you must already be executing some malicious code, which should have been caught by other security measures. Of course it IS reasonable for those security measures to fail, but ASLR still isn't a critical first-level security feature, and it could have observable performance costs, so it isn't enabled by default.

    All AMD is 'guilty' of, is not testing their drivers with an obscure security feature that drastically changes the way system-level addressing works on a tiny fraction of systems, which MS themselves have chosen NOT to require driver makers account for. US-CERT is just being dramatic and accusatory.
     
  10. l3v1ck

    l3v1ck Fueling the world, one oil well at a time.

    Joined:
    23 Apr 2009
    Posts:
    12,942
    Likes Received:
    16
    Then MS should say "AMD, this is your six months warning. In six months the next Windows update will turn this feature on. You've got that long to sort your drivers".
    Shouldn't be an issue. Both AMD and Nvidia release regular driver patches.
     
  11. Fizzban

    Fizzban Man of Many Typos

    Joined:
    10 Mar 2010
    Posts:
    3,316
    Likes Received:
    115
    It can't be too vital a piece of protection can it. If it was Microsoft would have told AMD to sort their drivers ages ago. And if the vast majority of us have been getting along fine without ASLR then I don't see the problem.

    If you are careful you shouldn't get a virus anyway. Can't remember the last time I got one. Only ever clean them off other peoples computers.
     
  12. JA12

    JA12 New Member

    Joined:
    3 Mar 2010
    Posts:
    44
    Likes Received:
    2
    "AMD has been accused of making Windows unsafe"
    :D :D
    Nah - Microsoft does that job very well already. And if they have a bad day, Adobe comes to the rescue.
     
  13. TC93

    TC93 New Member

    Joined:
    11 Nov 2011
    Posts:
    15
    Likes Received:
    0
    This is nothing but an nvidia fanboy article.
     
  14. TC93

    TC93 New Member

    Joined:
    11 Nov 2011
    Posts:
    15
    Likes Received:
    0
    And what about all the backdoors our Government (like the FBI) are always trying to get put into everything.
     
  15. alpaca

    alpaca llama eats dremel

    Joined:
    27 Jan 2009
    Posts:
    1,132
    Likes Received:
    45
    That is why everything from planes to fission-powered submarines and hydroelectric dams should run on ATI hardware! Conspiracy! Get the tinfoil hats!
     
  16. shanky887614

    shanky887614 New Member

    Joined:
    13 May 2009
    Posts:
    203
    Likes Received:
    0
    there are more security holes built into windows than a Colander

    i don't see why they are blaming amd

    windows is a piece of **** from a security standpoint

    dep is useless, so disabled it same as uac. havent had any problems/viruses in over 6 months thanks to my third party security
     
  17. digitaldave

    digitaldave New Member

    Joined:
    30 Jan 2009
    Posts:
    79
    Likes Received:
    0
    makes me laugh microsoft pointing fingers when they "alledgedly" had nothing to do with issuing MS security certs that enabled flame to target whoever they want to.
     
  18. azrael-

    azrael- I'm special...

    Joined:
    18 May 2008
    Posts:
    3,846
    Likes Received:
    124
    ASLR isn't something that's merely turned on by setting a registry key. A given application has to actively support it or rather it has to indicate to the OS that it supports it. There's a linker option for this in Visual C++ (or alternatively a project property in Visual Studio projects). The same goes for DEP.

    One could argue that AMD has a problem if ASLR support is indicated, yet hasn't been tested to work properly, but I wouldn't call it poking a hole in Windows security.
     
  19. DbD

    DbD Member

    Joined:
    13 Dec 2007
    Posts:
    471
    Likes Received:
    9
    If you can get past all the AMD fanboy nerd rage you'd notice this is a good thing they are doing. The whole idea behind this feature is to make windows more secure. The reason it's not on by default is because it has to be specifically coded into software so until all software supports this it stays turned off.

    It is particularly important for low level drivers with privileged access such as graphics drivers. Intel and Nvidia support this, AMD don't. I presume they were asked nicely (standard has been out for a while) but they ignored the requests so they are now being publicly bashed in an attempt to get them to comply.

    None of this matters to us of course as we don't have this setting turned on, but it matters in a big way to AMD if they want to sell any PC's with their chips in to the US government who have higher security standards.
     
  20. Sloth

    Sloth #yolo #swag

    Joined:
    29 Nov 2006
    Posts:
    5,634
    Likes Received:
    208
    Typical chicken/egg scenario where two companies try to muscle each other around. MS clearly didn't put in enough leverage to get AMD to move. If you want another company to do extra work for free so that your own features work then you need to put on your big girl panties and wrestle them into complying. Now we get to wait and see if this'll be enough to get AMD to move.

    Outside of higher sensitivity branches this likely isn't an issue, if AMD can make a better offer they'll get a deal. On the flip side, private sector business security isn't to be overlooked. As we've seen over the last couple years there's plenty of hacker interest in the personal data of employees and clients, and of course trade secrets can be worth millions.
     
Tags: Add Tags

Share This Page