AMD/ATI Video Drivers: Unsafe At Any Speed

An anonymous reader writes "CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide ASLR. 'Always On' DEP combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from EMET with an 'EnableUnsafeSettings' registry key — because AMD/ATI video drivers will cause a BSOD on boot if 'Always On' ASLR is enabled."

Crappy AMD drivers?!

[LingNoi]

This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

Re:Crappy AMD drivers?!

[h4rr4r]

You think their windows drivers suck?
Check out the linux ones one time. A whole other world of suck!

Re:Crappy AMD drivers?!

[dimko]

Now, thats what I call professional troll fishing. Put a byte to silly humans, in a form of admitting of AMD fans appologising, when in fact I never saw in troll wars between Nvidia/AMD that they(AMD fans) are sorry for anything. Not bad, not bad...

Re:Crappy AMD drivers?!

[Moheeheeko]

AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.

Re:Crappy AMD drivers?!

[stone2020]

I hope you complained to Nvidia when they were burning cards up with their drivers.

http://www.engadget.com/2010/03/05/nvidia-pulls-196-75-driver-amid-reports-its-frying-graphics-car/

Re:Crappy AMD drivers?!

[LingNoi]

Seriously? Never? It comes up in almost every article with AMD/ATI in it. Just this week alone there's already been another article about it.

Re:Crappy AMD drivers?!

[thsths]

> This isn't very surprising AMD/ATI have always had crappy drivers.

Agreed. Unfortunately NVidia has essentially only one product which is way too power hungry for what it does. So you have the choice between bad software and bad hardware... :-(

Re:Crappy AMD drivers?!

This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

This can't possibly be true. I've been troll moderated to death and beset by ATI fanboys at every turn, for years now, on slashdot in the past, all assuring me ATI not only has awesome drivers on EVERY platform, including Linux, but that NVIDIA is unusable and the choice of the foolish. These trolls can't possibly be wrong, can they? I mean the video quirks and game bugs, rendering problems, and kernel crashes commonly associated with various ATI video cards can't possibly be real can they?

Seriously, if you are a Linux user who just wants good 3d with quality drivers and don't care about some dumb ideology, NVIDIA is literally the only option in town. Even on Windows their drivers are and always have been top notch. And when ATI was literally laughing and pointing at Linux users, NVIDIA was there to provide quality drivers which ATI has yet to even match in quality. And that's all ignoring the fact ATI has a long tradition of EOL'ing driver support for cards which really are not that old - scratch two laptops.

Seriously, I don't know why anyone would bother with ATI on Linux. And even on Windows, its still not a "gimme" decision.

Re:Crappy AMD drivers?!

[Orphis]

AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.

It's not a bug, it's a feature!

Re:Crappy AMD drivers?!

[Aggrajag]

I've never encountered any major problems with either NVIDIA's or AMD/ATI's drivers on Windows. Just couple of weeks ago I had a GT520 that I installed to a HTPC and just couldn't get it working. Turns out it was the motherboard that wasn't compatible.

Re:Crappy AMD drivers?!

You're absolutely right; AMD's drivers rarely allow you to play games.

Re:Crappy AMD drivers?!

[LingNoi]

What has Nvidia got to do with it? Why do you mention the failings of another company to cover for AMD?

Re:Crappy AMD drivers?!

[LingNoi]

I never mentioned Nvidia, it's also completely irrelevant as AMD drivers will suck regardless of what Nvidia does.

Re:Crappy AMD drivers?!

[saveferrousoxide]

oh for mod points :) +1 Insightful/Funny to you, poster!

Re:Crappy AMD drivers?!

> This isn't very surprising AMD/ATI have always had crappy drivers.

Agreed. Unfortunately NVidia has essentially only one product which is way too power hungry for what it does. So you have the choice between bad software and bad hardware... :-(

Uhh? Are you living under a rock?

Re:Crappy AMD drivers?!

[Moheeheeko]

A lot like Apple users deny their Macs are low quality, low spec and overpriced

Funny, just like the Nvidia cards they put in them.

Re:Crappy AMD drivers?!

[Lucky75]

Normally it wouldn't matter, but since they're really the ONLY competition, I think it's a fair point.

Re:Crappy AMD drivers?!

[DragonTHC]

NVIDIA hardware is actually stable at 100C though.

Re:Crappy AMD drivers?!

If I were, MS I'd yank the setting that's making my OS less secure (because security is such a priority...) and allow the affected consumers to BSOD. Then when the complaints start rolling in I'd point a finger at ATI. Hopefully that would motivate them to fix their issue. While I was at it I might add a feature to do something more useful than BSOD too...

Re:Crappy AMD drivers?!

[Mitchell314]

Linux sucks, it just happens that everything else is even worse. :D

Re:Crappy AMD drivers?!

[LingNoi]

I find it a bit concerning that we're now 4 levels deep into this and you still haven't even acknowledged my original point, you've constantly tried to turn this into some kind of comparison between other companies, something I never mentioned, something that isn't at all relevant here.

Please tell me what the link is between "AMDs drivers sucks and I wish their fans would demand better drivers" and "well Nvidia sucks too!". Congrats you're exactly the reason why AMD are laughing all the way to the bank. Why develop a better product when you're just going to accept whatever shit this company hands you and ask for more? Think about that for a moment.

Re:Crappy AMD drivers?!

[jedidiah]

Nope, just ATI drivers.

Nvidia drivers on Linux seem to even be better than the ATI ones for Windows.

Re:Crappy AMD drivers?!

[Sir_Sri]

I was on the phone to an nvidia rep about a week after that happened. They had a very very very bad time with that one.

Both companies have had their occasional spectacularly bad driver releases, that, in the course of years of business is not a huge surprise.

I think this is more about AMD not bothering to keep their drivers in step with modern windows software practices. There's a strong case for "if it works" (which generally it does) don't break it, but eventually have to keep up with technology and AMD will have to. But at this point I would think they've forgotten about anything major for windows 7 or less, and are only really thinking about windows 8. What they should do for that is a fair point.

Re:Crappy AMD drivers?!

[LingNoi]

Apart from the optimus cards in laptops, especially the ones without a bios switch..

Re:Crappy AMD drivers?!

IT IS relevant becuase while AMD drivers may be bad, the only other option is something worse. THAT is why AMD isnt bending over backwards to make something better and AMD users accept it, because they can look at Nvidia and say "well at least they arent THAT bad."

Re:Crappy AMD drivers?!

[Skarecrow77]

this is actually the most honest assessment of operating systems i've seen in a long time.

to be fair, the phrase "in their own way" should be tacked on to the end, because windows, linux, and osx do not suck in the same ways.

Re:Crappy AMD drivers?!

[Bengie]

More stable than water anyway.

Re:Crappy AMD drivers?!

[Skarecrow77]

then nivida has vastly improved them since the last time I used them (early 2010), at which point "they install" was about the best thing that could be said for them... as long as you add "just make sure not to update your kernal" to the end.

Re:Crappy AMD drivers?!

[Skarecrow77]

crying about fanboys while running around fanboying. typical.

all fanboys suck. end of story. mint vs ubuntu, google vs apple, nintendo vs sega, fuckin coke vs pepsi... if you're on one side of an arguement, and you can't see the cons of your own side as well as the pros of the other side, you don't really understand the arguement and you shouldn't be speaking.

Re:Crappy AMD drivers?!

[Skarecrow77]

wow. somehow click on the wrong reply button and reply to myself. so i look like an idiot. bah, i'm going to lunch.

Re:Crappy AMD drivers?!

[DeadCatX2]

stone2020 wasn't making excuses for AMD. Quite the contrary, he was saying that you're biased if you nail AMD to the cross for this, and give NVIDIA a pass on the things that they mess up. "I hope you complained..."

Don't just hold one company's feet to the fire. Hold the whole industry's feet to the fire. Fail to do this and you're just a fanboi.

Re:Crappy AMD drivers?!

[Skarecrow77]

so you're crying about fanboys, while running around fanboying. typical.

all fanboys suck. end of story. mint vs ubuntu, google vs apple, nintendo vs sega, fuckin coke vs pepsi... if you're on one side of an arguement, and you can't see the cons of your own side as well as the pros of the other side, you don't really understand the arguement and you shouldn't be speaking.

Re:Crappy AMD drivers?!

Makes me wish I didn't listen to my supposedly (degree in comp. sci., working as a coder for some corporation, never really cared about the details) vastly more computer literate (and I'm no slouch, but I'm more of a hobbyist and less concerned with keeping up with the tech) coworker when I built my last system and instead stuck with nVidia. Hell, my current system (Phenom II hex core, 8 gigs of ram and an AMD 6870HD) gets worse performance in Linux running WoW than my old single core athalon64 3200 with a Geforce 8800.

Re:Crappy AMD drivers?!

Please explain "something worse?"

Re:Crappy AMD drivers?!

[aaaaaaargh!]

I think you're just nitpicking. The OP pointed out that despite their crappy drivers AMD is still the better alternative if you have to choose a graphics card. Contrary to what you think that's both informative -- though arguably not very much, since most people knew that already -- and relevant to the point about AMD you've made.

Re:Crappy AMD drivers?!

[Jay+Tarbox]

Back in the day, alt.sysadmin.recovery always said this (they probably still do) all OS's suck.

Re:Crappy AMD drivers?!

[Skarecrow77]

The GTX 400 series was indeed very power hungry, with one GTX480 eating nearly as much power as two of the equivilent ATI cards. I know firsthand, I have two computers with GTX 470s and they heat up the upstairs loft so much the house's AC can't keep up in the summer. put those two computers into sleep mode, no problem.

The GTX 500 series was a significant improvement on power draw and heat dissapation.

the GTX 600 series is downright reasonable. go read a few reviews.

Re:Crappy AMD drivers?!

scary but true

Re:Crappy AMD drivers?!

fuckin coke vs virgin cola...

ftfy

Re:Crappy AMD drivers?!

[Luckyo]

The obvious point is that drivers for both premium GFX card vendors have significant problems due to all the chasing of the better performance at cost of everything else, often including system stability and compatibility.

Re:Crappy AMD drivers?!

[citylivin]

HAHAHA! I have had so many piss poor nvidia cards in the last few years that I switched to AMD now and havent looked back. IMHO the last good card that nvidia made was the 8800. I have a pile of broken 2xx cards in my desk that I am looking at right now. They seem to last a few months to a year. RMA'd cards from MSI and asus always come back and work for a few more months before failing to POST or creating graphics errors.

Things change people. ATI drivers are not even that bad anymore. Sure they update a bit much and nag you to update, however they are stable and I have had less problems with my current 6850 then any nvidia card since 8800 was popular. I think the reason was poor solder, or too heavy heatsyncs warping the cards or something on the 2xx series. Perhaps they have fixed it now with there newest cards but fuck if I am switching back till ati lets me down!

This is how the video card game always plays. Someone starts slipping and someone else takes the lead. For me, reliability is the best benchmark. Nvidia as I said has been shit so they lost me (and everyone i recommend cards to) as a customer. My 6850 has been rock solid since i purchased it. Not even any driver crashes! And yes I am aware that for the last 10 years ATI had crap drivers. This has been mostly fixed with their windows 7 drivers, so thats a few years ago now.

Re:Crappy AMD drivers?!

[Billly+Gates]

Agreed.

This is coming from an ATI/AMD person too.

I love my hardware and still prefer it over Nvidia. But I realize it is not perfect in regards to the drivers. HDMI was a nightmare to setup. Aero is disabled too after sleeping unless I use only 12.3, not 12.1 nor 12.4, but 12.3. Any other combo will either but a black rectangle around my screen as underscan is on while the drivers think my monitor is a TV screen and not a computer screen or aero is disabled after waking from sleep.

But I do not have to worry about it overheating or randomly dying like my last 2 NVidia's so it is the price I pay. Just DO NOT TOUCH IT after I get the drivers at 12.3.

Well now I have to upgrade again as I find this security flaw unacceptable. I also think Linux and Apple suck in their own unique ways and I have been accused of being a MS fanboi. Whatever, I am a realist and refuse to do blindfaith to defend my purchases.

Re:Crappy AMD drivers?!

[bhcompy]

WoW is single threaded and CPU dependent. Your video card isn't the problem, it's the processor, which is much less efficient at running single threaded operations than a single core/cpu processor.

Re:Crappy AMD drivers?!

[Eowaennor]

Actually WoW is very multithreaded and can make use of up to 3 cores. They even make use of some multithreaded OpenGL ( I know little about this).

Re:Crappy AMD drivers?!

[sdguero]

Second that. Some of my fellow nerdlings have talked up ATI's open source policy etc. Just because it's open source doesn't mean it's not a POS...

Re:Crappy AMD drivers?!

[toadlife]

It's been five or so years since I last bought a desktop PC, so my experience is a little out of date, but just to give another example of NVidia's history of support for non-Windows OS's, on my last desktop computer I played the Linux version of America's Army on FreeBSD*...and I got better frame rates** than I did playing the Windows version in Windows!

*Yes, Nvidia even supported FreeBSD way back then; after a quick check I see that they still do.

**Probably related to differences in the port and not the drivers or OSs, but still impressive.

Re:Crappy AMD drivers?!

[Jorl17]

I had around 7 different AMD/ATI cards on 7 different machines. All of them turned to crap. Chose NVIDIA -- have had 9 of those and none has had problems.

Re:Crappy AMD drivers?!

[Lonewolf666]

... as long as you add "just make sure not to update your kernal" to the end.

AFAIK that goes for all closed source Linux drivers. Because the internal interfaces in the kernel change from time to time, and then the drivers need to adapt.
For open source drivers, there is usually a kernel maintainer who does this.
With closed source drivers, you have to wait for the company who made them to do it.

Re:Crappy AMD drivers?!

[Gr8Apes]

That is very true.

Windows succeeded in the desktop where Linux failed by making it simple enough for joe average to deal with setting up and running a desktop. They have abandoned that process starting with Vista and making it worse in Win 7, at least for those who knew how to do it before. Sounds like Win8 will be worse no matter who you are, with no coherent story for configuration as of the pre-release candidate.

Linux has been getting much better in this regard, although managing a workstation can still be difficult for non-technical people. At least Ubuntu meets the needs of +90%. (just a guess) in its default installation which has become pretty darn easy.

OS X usually doesn't have to be installed, since it comes on a system, and the updates are usually just about click and done. I've only installed OSX on 1 workstation out of 4 because the HD was replaced with a bigger faster one and I wanted to try out the then new OS X version out. The install was as painless as any I've experienced. Default configuration is fine for +90% (same as Ubuntu at least) with most never needing to see their system preferences for much of anything.

Re:Crappy AMD drivers?!

[Gr8Apes]

it may have 3 concurrent threads, but it has a single primary thread that is CPU bound. All testing I've seen revealed that a fast dual core has the best performance for WoW, as dual cores usually can clock about the same as single cores, and quad cores+ max out lower (well, at least until recently with the addition of the throttling mechanisms) This was a while ago, after the initial release of the hex and octo core CPUs that showed no benefit for games beyond 2-3 cores.

Re:Crappy AMD drivers?!

[Gr8Apes]

Love the way you dropped in an Apple troll at the same time.

Guess Apple's crappy low quality Mac Air is the reason Intel had to dangle $300M in front of vendors to try to get them to compete in the Ultra book arena, since the lowest quoted price from PC vendors for anything comparing to a Mac Air was $1500. (Mac Airs run <$1K) and Intel didn't want to see a large segment of its low power CPU sales go to a single vendor that has ties to multiple CPU vendors and manufactures its own low-power CPU to boot.

Re:Crappy AMD drivers?!

[serviscope_minor]

Windows succeeded in the desktop where Linux failed

I'm always genuinely baffeled by this kind of statement to be honest. Linux has what .5% or 1% share of an absoloutely huge market. If I could fail like that it would be success beyond my wildest dreams! There are plenty of successful hardware vendors which sell relatively niche laptops, desktops etc with far less of a global market share, and they are successful businesses.

How anyone can consider anything, when it has millions of deployments, a failure is frankly beyond me.

Re:Crappy AMD drivers?!

[pegasustonans]

This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

While I'm an Nvidia person in recent years, ATI has done a lot over the past year to address a number of the concerns with their software/driver package (specific application profiles; greater customization, etc...)

And, as bad as their Linux support may be, it's far better than it used to be (remember trying to enable accelerated graphics on an ATI setup in Linux ~7 years ago?).

Re:Crappy AMD drivers?!

[poetmatt]

In comparison and I don't know if it's motherboard, video card, etc, but:

HDMI works flawless for me on my high end AMD card, but I remember having a nightmare with an Nvidia card. However, neither of them reflect on any form of reality - you could have the same problems with probably any graphics device period regardless of the manufacturer and more dependent on the quality of the individual chip binned and the driver/os combination, etc.

Re:Crappy AMD drivers?!

[Nimey]

No, the saying is "all hardware sucks. All software sucks."

Also: down, not across.

Re:Crappy AMD drivers?!

The nvidia drivers are running fine with the newest kernel. I can't remember the last time they wouldn't work with the latest kernel. The worst case scenario is needing a patch for them to run.

Re:Crappy AMD drivers?!

[EvilBudMan]

It's just that artificial gravity their chips create.

Re:Crappy AMD drivers?!

I agree with everything, except the "dumb ideology" part. How in the world did you manage to end up calling
- your own right to freedom and
- defining the selling-copies-as-if-they-were-physical-objects-that-require-work-to-make content Mafia as evil
"dumb ideology"?

Do you consider not liking to be raped in the ass "dumb ideology" too?
Cause I got megacorp-equivalent Bubba Rapesky here who got the hots for ya. ^^

Re:Crappy AMD drivers?!

[sl3xd]

AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.

You don't seem to have looked hard enough at the AMD drivers, or developed software that uses them.

I write management software for supercomputing clusters - and GPU's are one of the shiny things right now. Mainstream GPU drivers have hooks that let us do things that admins like to know about - monitor temps, fan speeds, voltages, etc.

Unfortunately, AMD's driver's aren't just bad. I'm not a lawyer, but there's a good chance they are criminally bad.

Fatal flaws that I know of:
* It's trivial to write a program that will shut off the GPU's cooling fan with the AMD drivers; as well as disabling any overtemp throttling. I'm honestly surprised malware hasn't been written to do this already. Either way, your eggs will be ready shortly. I hope the building doesn't burn down.

* This is a gripe on their Linux drivers, but it's fair game: AMD's own instructions explicitly state that to make GPU monitoring available to a monitoring daemon (or to make GPU crunching available to remote users), it's necessary to run "xhost +" as root.

Whiskey, Tango, Foxtrot

For those that don't know - runining "xhost +" as root isn't as bad as having an empty root password, but it's near the top of the list of batshit-stupid things to do. None of AMD's competitors require opening one of the biggest security holes possible just to use their product. What's worse: AMD's response is that they won't be doing anything about it for the forseeable future.

Other GPU makers aren't without problems - everybody has faults - but it speaks volumes that AMD has no intention of fixing a grave security bug in their drivers.

Re:Crappy AMD drivers?!

[DigiShaman]

Look. I'm no fanboy here. I've build plenty of AMD and Intel boxes. Back in my gaming days, I would flipflop between ATI and nVidia cards. One thing is for certain however. nVidia is *not* worse. They may be more expensive or overpriced for what you get. They're drivers might even be bloated. But nVidia drivers have always, and I mean always been superior to anything ATI have coded. That whole .NET framework dependency (is that still a problem, I don't know) was always a major PITA when setting up a new PC. What AMD needs to do is shitcan their entire driver dev team and start over. They have great silicon on the card, but the drivers suck absolute balls!

Re:Crappy AMD drivers?!

[pegasustonans]

The obvious point is that drivers for both premium GFX card vendors have significant problems due to all the chasing of the better performance at cost of everything else, often including system stability and compatibility.

Sure, new drivers can cause problems, but 'performance at any cost' is what the gaming market generally demands.

Either the gaming market has to change or Nvidia and ATI have to change their customer-base.

With Intel currently dominating the non-gamer laptop graphics market, why wouldn't ATI & Nvidia embrace their loyal customer-base of hardcore gamers?

Re:Crappy AMD drivers?!

[Skarecrow77]

depends on your definition of failure.

if gnu/linux was aiming to become the predominant desktop OS, displacing microsoft, then it certainly has failed

if gnu/linux was aiming to beocme a major player in the arena, maybe not the overall leader but boasting enough of a market percentage that it couldn't be successfully ignored or neglected by software devlopers and hardware OEMs, then yeah... it's probably failing at that too.

if gnu/linux was aiming to become a viable alternative to the market leaders for people who care about free software and people who care about being in full control of their own OS, well it has become a rousing success at that.

Re:Crappy AMD drivers?!

[Yunzil]

AMD drivers will suck regardless of what Nvidia does.

And Nvidia drivers will suck regardless of what AMD does as well.

Remember a while back when Nvidia released drivers that could destroy your card? Good times.

Re:Crappy AMD drivers?!

[kyrio]

I've been building computers since I was three years old, using hardware from brands well known and completely unknown, and I've had essentially the same failure rate regardless of the brand. Bugs have generally been limited to quality of post-purchase support, such as the availability of new drivers and firmware. Maybe you're just mentally challenged.

Re:Crappy AMD drivers?!

Someone's retarded for posting their own experiences and observations about video cards?

How the fuck did you get +1 bonus for such low quality commenting? You sure as fuck don't deserve it.

Re:Crappy AMD drivers?!

[Bert64]

Windows succeeded in a very different market to what Linux now competes in...

Dos came bundled, and windows was pushed as the natural progression from dos. It had very few competitors, most of which were considerably more expensive both for the software and the hardware required to run it on.

Linux on the other hand came much later, and is faced with a market already dominated by an incumbent player who has no interest in promoting linux as the natural progression away from their existing product.

If both windows and linux were introduced new to the market today, i think the story would be very different... Alternative OSs to the incumbents have a very rough time of it, commercial ones outright fail due to not being able to build marketshare fast enough to fund development (look at beos etc), desktop linux would have been considered a commercial failure and dropped years ago if it was a commercial product, only due to being open source and thus not dependent on revenue has it been able to build a user base slowly and steadily.

Re:Crappy AMD drivers?!

[VGPowerlord]

The last video card I had problems with was an ATI 9800. Since then, I've gone through an nVidia 8600 GT (came with a PC I had 4 years ago), 220 Ti (replace the previous card in the same computer), and 570 (in my current PC).

Re:Crappy AMD drivers?!

Oh, I see the cons. It's just that my cons are still better than the opposite side's pros.

By the way, it's spelled "argument". If you don't really understand rudimentary English, you shouldn't be speaking.

Re:Crappy AMD drivers?!

[cyber-vandal]

Joe Average cannot deal with setting up and running a Windows desktop. That's why I am always helping Joe Average and why there are dozens of books and magazines and thousands of websites giving advice to people who struggle to use Windows. Windows is familiar, not easy to use. Having said that Linux is such a mess right now that there's no way I would ever advise anyone to use it. In fact anyone with a decent amount of disposable income gets told to buy a Mac.

Re:Crappy AMD drivers?!

[hairyfeet]

And with open source drivers you have to pray a handful of guys can keep literally dozens if not hundreds of drivers working so its a trade off there as well. I'd urge Linux fans to read this article by one of the developers at Red hat where he says the current system is totally broken simply because you have an ecosystem where a handful of devs are trying to own and maintain 20,000 packages AND the drivers AND keep it all updated and its just impossible. Not only does he recommend a hardware ABI so the companies can just write their own drivers without having to dump them on the kernel devs, but he recommends more of an Android market approach with a sandbox for apps and the devs focused on maintaining the core system and improving it there. its a good read and he makes a lot of good points.

As for AMD/ATI, it works for my customers and me and that is what matters. the odds you'd get AAA gaming to work on system wide ASLR is probably zip anyway, the stuff is just too buggy. Like it or not Nvidia seems to be focusing more on workstations and HPC than gaming as the Fermi cards are hot as hell and power hungry. not a problem if you are putting it in server tower with plenty of fans but that IS a problem with most desktops being midtower cases. So as long as the drivers don't crash, the games run, and the heat and power usage stay reasonable like the price is I think I'll just stick with AMD thanks anyway. I don't see how system wide ASLR is supposed to stop a bug when the biggest attack vector is the browser which Win 7 has sandboxed in low rights more if you use IE or Chromium based, and on top of that the good free AVs like Avast and Comodo also sandbox so I just don't see any nasties getting through all of that yet being magically stopped by system wide ASLR. if they cook up a bug that gets through low rights mode and two sandboxes? i don't think ASLR is gonna stop 'em.

Re:Crappy AMD drivers?!

[cyber-vandal]

The justification is that I don't have to fight my OS to get on with what I want to do. That is worth every penny. No remorse and no justification. This machine is the most expensive electrical item I have ever bought and it's the only one that I've never had a moment's regret since starting to use it.

Re:Crappy AMD drivers?!

[hairyfeet]

Also since he has a Thuban (the same chip series I have) if he was on Windows there is an excellent OC utility that would let him set the target speed for turbo core so that when he is running a heavily single threaded app like WoW his core speed would shoot up under turbo to give him more performance. My board came with an even nicer OCer (Asrock if anyone is interested, great tool set they provide with their boards) so that when i'm using single threaded apps it'll shoot up from 2.6GHz to 3.1GHz which is a pretty damned big speed boost. Luckily I have a hyper N520 cooler so its no biggie as its great on keeping the chip chilled but I wouldn't try it with the stock cooler. Not saying Linux is bad for this, just that it doesn't have any tools that I'm aware of that allow the shifting of turbo on the fly based on load like the Windows OCing tools do.

Re:Crappy AMD drivers?!

[RubberDuckie]

That's called the 'Lovelace Factor': All software sucks, it's just a matter of how much it sucks.

Re:Crappy AMD drivers?!

[hairyfeet]

Laptop or desktop? if its desktop there is a setting in BIOS, on mine its called "Repost video on STR resume" and that simply refreshes the video on wake up and there you go. if its a laptop then you simply have to stick with whatever driver works as the OEMs strip the living shit out of the BIOS they put into laps and netbooks. i think its sorry but only the high end gamer laptops have a full BIOS while the rest may as not even have access considering how damned useless they are.

And why would you have to upgrade? you STILL HAVE ASLR just not on the GPU which we haven't seen any malware so far that I'm aware of attacking specific GPUs. I doubt very seriously one would be able to play any games with system wide ASLR on anyway as it would most likely cause all that buggy game code to crash and crap itself anyway, and if you are on win 7 and using a browser that supports low rights mode like IE or any of the Chromium based your biggest attack vector is already sandboxed.

so this would be like getting upset your GPU can't do double precision FP like a workstation card does. Most people are never gonna be doing anything where they would need that particular feature so it just hasn't been a big priority. I can tell you that as a shop owner the biggest bugs being spread ATM are ALL PEBKAC based, mainly variants on Security Tool and AV201x bugs. If your browser is in low rights mode and you aren't one of those morons that will run an exe just because some website says "U got teh viruz ZOMFG!" then frankly you don't have a damned thing to worry about. Windows still uses ASLR just not on the GPU, big whoop. I'd love to see a FRAPS on system wide ASLR before and after because i have a feeling it would be tying a boat anchor to most AAA games, if they even run at all.

Re:Crappy AMD drivers?!

[jedidiah]

That is a "blob driver" problem that has little to do with nvidia in particular. If it is a problem (which it wasn't in 2010), then it will be equally a problem for ATI or Nvidia.

Things like dealing with hostile TVs, video acceleration, good 3D performance, and CUDA are all good to go.

Plus you don't have the kind of screen corruption issues that you tend to get with ATI.

Re:Crappy AMD drivers?!

[hairyfeet]

And I've had 3 Seagates turn to shit whereas the Samsung have never let me down...its called luck of the draw folks. they crank these things out like flapjacks and bad ones get out all the time, which is why I judge a company not by whether or not they put out the occasional dud but what they DO about said dud and what kind of service you get. that is why I use Sapphire and Gigabyte cards, Gigabyte and Asrock boards, and I guess that now Samsung is gone I'll be stuck with WD hard drives. Not because these companies have never handed me a dud, but because when they DID hand me a dud they said "our bad" and worked to quickly replace it and THAT should be what matters folks, not whether a bad one slips through QA.

Re:Crappy AMD drivers?!

[hairyfeet]

Do they lie too? The one thing I don't like about my Thuban is I have to use Speedfan to monitor temps instead of coretemp because coretemp will report a good 30 degrees F too low. I don't know if the Coretemp guys are correct that the Phenom II senors fudge numbers but for some reason SF reports the correct temps while CT does not. Right now CT says my X6 is at 72f, which is 2 degrees below room temp so I know that's BS, yet I fire up SF and it says a much more believable 112F.

So I would be interested to hear whether you have done any readings to see if the data you are getting is accurate. I don't mess with my AMD HD4850 GPU much, other than speeding up the fan because the default settings were IMHO too low, but hearing from someone actually in charge of writing monitoring software could shed some light on this.

Re:Crappy AMD drivers?!

[Fuck_this_place]

I disagree. Their hardware isn't much better in my experience. My foray into ATI land was the 9800pro, and so far, it is the only card that has died on me, tho it did last several years. I still have TNT's that work just fine. The drivers are the worst part tho by far. I found someone's old box, it also had a 9800 in it that was fried in exactly the same way. I find it amusing because the 9800 was ATI's first 'good' card. If being a fanboy means preferring a product that has never failed, and has drivers that are easy to understand and always work, well I guess that's me. Then again, when I build my computers, I use good parts. ATI cards used to be cheaper, their only saving grace, but they are no longer so, though IMO they should be.

Re:Crappy AMD drivers?!

[stone2020]

"What has Nvidia got to do with it?"

Since Nvidia is AMD's only competition. Everything.

"Why do you mention the failings of another company to cover for AMD?"

If the other company sucks more, then it should be pointed out. The Nvidia driver myth is so outdated.

Re:Crappy AMD drivers?!

[Fuck_this_place]

Better how exactly, fanboy?

Re:Crappy AMD drivers?!

[Gr8Apes]

Joe Average in the old days could and did run windows, it wasn't until XP SP3 and wireless becoming common that windows setup/configuration started being far beyond Joe Average. If you bought hardware, it came with Windows drivers. You plopped it in, installed the disk, and it worked, sort of. (We'll discount ATI drivers, those things were hit and miss in the early days) If you knew enough to download the latest drivers and had network access, you could get a working system up and running pretty easily. As MS layered more and more menus and bugs, er, features, into their systems, things quickly spiraled out of control and you get to the mess that's Win 8.

As for buying a Mac, I advise that method too, although if a Linux system came pre-installed on hardware, it would suffice also, as long as everything necessary was there. (Basically web browser, email client, and possibly office productivity) That covers the 80% easily. I just don't advise it. My Last Linux desktop is about to hit the recycling pile because it's too big a pain to maintain. This one is Ubuntu 10.10, and having installed SVN 1.6 on it with one small miscalculation trashed the system (SVN was not debian repo supported, but third party.... careful what commands you execute when enabling one of those - whoops) Reinstalled, reconfigured, and somewhere across the past 12 months, I either added something or did something that the last power cycle caused apparmor to kill mysql. Having gone round with apparmor a couple of times in the past for other apps, I decided rather than fight it this round, I'd go ahead and kill the desktop since it was being used less and less. I still use Linux extensively (and almost exclusively) for servers, which are paradoxically trivially easy to maintain in comparison.

Re:Crappy AMD drivers?!

[Billly+Gates]

I am referring to the drivers when I say upgrade. My drivers have to be at 12.3 or the other bugs will pop out with the driver forgetting I have a monitor and not a TV nor aero being disabled after sleeping. It is a driver issue and not a bios thing.

ATI mentioned they are stopping the monthly driver update as so many complaints are out there, on MaximumPC.com.

ASLR is just for the ram on the board and not the video card. We do not have malware on the video card yet ... hopefully. It is a big deal if ASLR is disabled on my desktop even if you have a sand boxed browser as malware writers always try to find ways to break out of it and do so every month with new vulnerabilities that need to be repatched. If I owned my own shop and serviced small to medium sized businesses I would even go out of my way to avoid ATI/AMD products or keep them on XP as there is no benefit of changing as ASLR, DEP, and other security is the main selling point to lower TCO.

As an ATI user I will take the commenter's advice and tell ATI to fix their damn driver and backport the Windows 8 one to Windows 7 that is secure. Even if it does slow down performance you have to remember consoles have ASLR ram in their DRM schemes. Too many bad guys out there

Re:Crappy AMD drivers?!

For how much less i paid for AMD vs 'Other'

AMD still gets a TON of slack from me.

Personally i have damm little trouble with ATI/AMD. Sure beats the hell out of nvidia and playing driver roulette to see which version will fix a game problem.

Re:Crappy AMD drivers?!

[Billly+Gates]

I can tell you from both experience and this story that the drivers still suck. Maybe just not as much. Nvidia drivers are always much better but the hardware has issues and fails in my experience.

I prefer to fiddle with drivers more until I find the right version and then keep it there. AMD needs to be scalded rather than defended by its users trying to justify their egos.

I plan to scald them as I find no ASLR and Dep unacceptable. I might as well still use XP then.

Re:Crappy AMD drivers?!

[lightknight]

Hmm. On a slightly off-topic, has anyone installed the 12.4 drivers, and had it reported as 12.3?

I ask, because I just completely uninstalled my old 12.3s, and tried installing the 12.4s fresh from the AMD website.

Re:Crappy AMD drivers?!

[catmistake]

The whole purpose of Linux, the main reason it exists and is popular, is because Windows sucks... Linux and the OSS community react nearly instantly every time Microsoft makes Windows suckier in a valiant effort to reduce the suckiness. To a large extent, they succeed. Any victories beyond this goal is gravy.

Re:Crappy AMD drivers?!

then it certainly has failed

I think what you mean is "has not yet succeeded".

I suspect it will be android that sneaks linux into the desktop. Have you seen those sub-$100 android pocket computers? That's the future I reckon. Everyone's used to using Android (or something like it) because it's on their phones.

Re:Crappy AMD drivers?!

[Antarell]

Makes me wish I didn't listen to my supposedly (degree in comp. sci., working as a coder for some corporation, never really cared about the details) vastly more computer literate (and I'm no slouch, but I'm more of a hobbyist and less concerned with keeping up with the tech) coworker when I built my last system and instead stuck with nVidia. Hell, my current system (Phenom II hex core, 8 gigs of ram and an AMD 6870HD) gets worse performance in Linux running WoW than my old single core athalon64 3200 with a Geforce 8800.

To counter that, my Lappy with built in a 6770m runs Minecraft better under Linux than Windows. Go figure :-/

Re:Crappy AMD drivers?!

[sound+vision]

I'm guessing your problems are more due to MSI and/or Asus than nVidia. I've been using a GeForce 275 GTX from XFX since 2009 and it hasn't given me any problems at all. Oh, and I live in Houston so ambient temp in my room is 80 - 81 degrees for all but a few weeks of the year.

Things like soldering and heatsinks are done by the card assemblers (in my case, XFX) rather than nVidia. So is the selection of the VRAM that goes on the card. Graphical corruption is almost certainly due to bad VRAM, unless you're overclocking the GPU or something. I'm guessing that MSI is skimping on one or several of these things in their boards.

Re:Crappy AMD drivers?!

[sound+vision]

Ah, I remember playing AA2 and Wolfenstein: Enemy Territory on Linux, and being pleasantly surprised at MUCH better framerates in Linux, to the tune of 20% better .... it was incredible, I couldn't believe it. nVidia's *nix drivers are definitely top-notch. (I was on a 64 MB Geforce 4 MX, and a Pentium 4, back then...)

The Army has now discontinued AA2 entirely in favor of AA3, which is basically like a demo. The game has like 4 maps total, 2 of which are old (Bridge and Pipeline). Hardly any populated servers to play on. Extremely limited weapon selection - M4 with grenade launcher, M16 (with or without scope), or SAW. Not even a pistol for the snipers. Oh and it runs choppily on a 275 GTX, no anti-aliasing, bare minimum settings... it's fucking sad. Oh, and no more Linux client.

Re:Crappy AMD drivers?!

[Jorl17]

True.

Re:Crappy AMD drivers?!

[Gr8Apes]

Windows succeeded in a very different market to what Linux now competes in...

Dos came bundled, and windows was pushed as the natural progression from dos. It had very few competitors, most of which were considerably more expensive both for the software and the hardware required to run it on.

Linux on the other hand came much later, and is faced with a market already dominated by an incumbent player who has no interest in promoting linux as the natural progression away from their existing product.

You are incorrect. Linux was already solidly around by 93, with the first slackware release. (Yes, I own, or owned, either it or the second release, I think I donated that a long time ago) Several co-workers were using Linux at work and loved it (94). At that time, Windows was fighting a multi OS battle, including DESQView, GEMS, OS/2 and BeOS. It was a relatively rich time in OS history. The missing OS? Unix. It sucked on x86 in ways that are difficult to describe, and that's not even including it's $1K+ price tag.

If both windows and linux were introduced new to the market today, i think the story would be very different... Alternative OSs to the incumbents have a very rough time of it, commercial ones outright fail due to not being able to build marketshare fast enough to fund development (look at beos etc), desktop linux would have been considered a commercial failure and dropped years ago if it was a commercial product, only due to being open source and thus not dependent on revenue has it been able to build a user base slowly and steadily.

It depends, what's the incumbent OS? If it was DOS, there'd be a very low bar to overcome. Speaking of OSes that won't die, look at eStation, OS/2 reborn. AmigaOS is still around in new incarnations. What you will no longer find is any flavor of DOS, and I'm unaware of MINIX, VMS, or IRIX still existing. IRIX was a personal favorite of mine for a while, it had potential on many levels, but it failed. As did Solaris. As crappy as Linux is in many respects, it is still a far better system than windows. Linux also has a bigger foothold than any other single *nix, except for OS X, which is tied to a single hardware vendor, as far as desktops go.

Re:Crappy AMD drivers?!

Damm right. NVIDIA was my choice till i got pissed off and screwed over a few too many times.

ATI is my choice until they do the same.

(and given nvidias.... "our drivers are always geared to our newest card only, why dont you buy one".... long live ati!)

Re:Crappy AMD drivers?!

GNU was intended to replace Unix, not Windows.

Hint: It's in the name.

Re:Crappy AMD drivers?!

[brian2hand]

you people keep forgetting PCLinuxOS - it is a great alternative to Windows with a very low learning threshhold.

Re:Crappy AMD drivers?!

Yeah, that's always been my assessment too. They all suck - they just suck differently.

If you're used to one, you get used to how much is sucks, and you don't even think about it anymore.

Most of the time, when you try a second OS, you'll see all the problems that you weren't used to, but you won't notice that the problems you were used to don't exist. Which is why people, in general, get on OK with whatever OS they're used to, but have trouble with any other OS.

Alternatively, you might only notice the parts that don't suck, gladly migrate everything over, and gradually get used to the new suckiness (which is what happened when I switched from Windows XP to Linux all those years ago).

Using two different OSes regularly makes you notice the different ways they all suck, and they both start becoming a little annoying. Using three really drives that point home. I'm perfectly able to use Windows, Linux, or Mac OS X to do almost anything, but I find myself getting annoyed at all of them. There's always something stupid that just wouldn't happen in (whatever one I'm not using), or something that would be so much easier on a different OS, or some useful bit of software that isn't available here...

Re:Crappy AMD drivers?!

[sl3xd]

Verifying temperatures isn't generally that easy - mainly because what most systems are designed to measure isn't what most humans want to hear from it.

The first law of thermodynamics is we don't talk about thermodynamics.

Many monitoring packages typically fudge their numbers to some extent. It's a case of "A little inaccuracy can save a great deal of explanation."

The (vast majority) of people who even look at CPU temps are enthusiasts who think they know something about die thermals, but really have no fraking clue, other than "hot bad". A hard number is easy to understand - even if it's a lie or doesn't tell you anything that's actually useful.

Die temperatures (as measured by a thermal diode) can vary quite a bit compared to heatsink temperatures. Even then - move the probe to a different point on the heatsink, and the temp measured can vary even more. This means that comparing a thermal diode's temperature (ie. on-die in the GPU) vs. anything you can measure externally (via heatsink) is going to be a lot more trouble than it's worth -- and it's going to be different for every combination of die/heatsink/fan/chassis.

There are usually entirely different goals in temperature measurement. While a fixed temp is easy for a human to understand, a fixed temp isn't that great of a metric for a CPU's (or it's cooling system's) thermal health.

For example, Intel's PECI doesn't report absolute temperatures; it reports a negative value which represents the number of degrees until the core is "hot" - which isn't based on any fixed temperature. Some (wrongly) look at the CPU's max temp spec, and figure they can translate that to an actual temp.

In reality, it's like asking your wife "are you hot?" and then guessing what the temperature is from her reply. The result can vary depending on any of a number of external factors. More importantly, the number doesn't really matter to begin with. What matters is how your wife feels.

The "external factors" for a silicon die would be things like load, the volume, velocity, and temperature of the coolant air over the heatsink, heatsink size/geometry/material, airflow patterns in the chassis... Manufacturers (be they Intel, AMD, NVIDIA, or anybody else) don't have the luxury of controlling any of those variables, so they either have to design adaptive systems, or throw performance out the window in by throttling the core when they don't really have to.

Re:Crappy AMD drivers?!

[JohnnyMindcrime]

That's not my experience, I'm afraid.

I had 3 similar AMD64 multi-core PCs, all of them with NVIDIA GT440 cards in them, and for over a month now I've been trying to get them to work with the proprietary NVIDIA drivers that are up in the v295.x range - I cannot get any of them to start an X-session at all, and since about v173 of the drivers, there's been a problem that when they did work, if you logged out of the X-Session, you'd get a black screen with a few white dots and dashes in the top left corner with a total machine hang.

Incidentally, I dropped an ATI card in one of the machines, jiggled about with the kernel a bit, dropped in the proprietary ATI drivers and an accelerated Gnome desktop fired up fine. (Nope, I'm not an ATI fanboy by any means, there are BIG issues with their drivers on Linux and always have been.)

I have managed to get accelerated desktops working on the NVIDIA machines using the open source "nouveau" drivers but they, of course, are still reasonably early in development and give nowhere near the framerates of the proprietary NVIDIA drivers under normal circumstances.

The worse thing about it is that I used to own an NVIDIA GT-250 card that worked flawlessly under Linux but sold and replaced it with one of the GT-440 cards. I have since discovered on a forum (though not sure of the truth of this) that the only real difference between the GT440 and GT250 is that the former supports DirectX 11 whereas the latter does not, which is of course irrelevant to Linux.

Incidentally, if anyone can recommend me a reasonably good NVIDIA card for up to $100 (I don't need bleeding edge cards, if it can run Fallout 3 or Fallout New Vegas then that's fine for me) that also works well under Linux, I'd be grateful. I've lost touch with graphics cards specs over the past few years and when you check out reviews and comments on the Interweb, there's always a lot of conflicting information given.

Re:Crappy AMD drivers?!

[JohnnyMindcrime]

Not to mention the fact that NVIDIA have now dropped all support for ION chipsets in those laptops...

Re:Crappy AMD drivers?!

[micheas]

Dell ships computers with freedos on them today.

In 1993 it was more or less impossible to buy a PC without dos and Windows 3.x on it because Microsoft charged a lot less to OEMs if they agreed to ship a copy of Windows 3.x with every PC sold. (IIRC it was $99 per copy or $19 per copy if you agreed to ship Windows on every machine.)

So you can buy a new computer today with DOS on it from a major manufacturer. Minix is still alive and being used by Prof. Tanenbaum. Microsoft had all OEMs shipping Windows with every PC, and you claim it was a rich time in computing history? I am sorry but the writing was on the wall that Microsoft was going to win (painted on the wall by Microsoft, with their competitors blood)

Ironically, Bill Gates was one of the few people to see that web browsers could eventually be the Desktop OS. Hence, the decision to cut of Netscape's oxygen.

Re:Crappy AMD drivers?!

Citation?

Re:Crappy AMD drivers?!

[Gr8Apes]

Dell ships computers with freedos on them today.

Wow. Just... wow.

In 1993 it was more or less impossible to buy a PC without dos and Windows 3.x on it because Microsoft charged a lot less to OEMs if they agreed to ship a copy of Windows 3.x with every PC sold. (IIRC it was $99 per copy or $19 per copy if you agreed to ship Windows on every machine.)

Yes, that was known as the "Windows tax". MS imposed that contract in attempt to make windows ubiquitous as it was under fire from every direction. (I didn't say it was 1993 btw, that date was for Linux) DESQview, for instance, died off in 90-91 for all intents and purposes. And quite a few OSes stubbornly hung on through around 96, When even though proving that Win95 was in essence an application running on top of DOS and DOS could be swapped out with DRDOS, DRDOS and its brethren faded away. Another MS dirty trick that they lost in court, but won where it matters since those targeted competitors had all failed.

Minix is still alive and being used by Prof. Tanenbaum. Microsoft had all OEMs shipping Windows with every PC, and you claim it was a rich time in computing history? I am sorry but the writing was on the wall that Microsoft was going to win (painted on the wall by Microsoft, with their competitors blood)

Ironically, Bill Gates was one of the few people to see that web browsers could eventually be the Desktop OS. Hence, the decision to cut of Netscape's oxygen.

Minix still being used by it's creator is about as relevant as MS Bob still being used by Gates. Sorry, but the boat sailed long long ago wrt Minix. Same for the assumed tiny group that's still using BeOS. That one had promise but I never had the time to look at it and it essentially failed long before I got to it. Bill Gates entirely failed to see anything related to Web Browsers until Netscape had mopped the floor. That MS was able to displace Netscape and destroy them is a classic example of monopoly predatory practices. Giving IE away for free and including it with their OS distributions made it virtually impossible for Netscape to monetize their main product and raised the bar significantly on getting people to try Netscape.

Re:Crappy AMD drivers?!

[Ginger+Unicorn]

Scold

Scald

I think dousing them with boiling water is a bit of an overreaction :p

Re:Crappy AMD drivers?!

[DragonTHC]

you seem to favor the companies that I think of as crap.

I thought everyone knew that ASUS has better boards. Evga has better graphics (lifetime warranty!)

WD has better drives. And yes, I've had to RMA with all three of those companies.

Re:Crappy AMD drivers?!

[tibman]

Their graphics drivers are great! Network is painful : /

Re:Crappy AMD drivers?!

[Lonewolf666]

First, thanks for the link. Ingo Molnar is certainly someone who knows the Linux kernel.
But even so, I'm not sure if right now is the best time for an ABI regarding graphics. Linux graphics are currently in a transition from old Mesa code to Gallium 3D, which raises the question what exactly should go in the ABI. Mesa? Gallium 3D? A mix of both?
Once Gallium 3D is reasonably feature-complete, I'd agree with freezing its interface in an ABI and keeping that stable. Stable as in "will stay around until a big rework becomes necessary". That would make driver compatibility more like Windows, where things are stable for a few years until the next change in architecture comes around.

As for AMD/ATI, it works for me too, but part of that is because I still run my games on Windows, and I don't have other graphics-intensive software to run.
So I just run the open source drivers on Linux and the weak performance compared to Catalyst does not bother me.

Re:Crappy AMD drivers?!

[hairyfeet]

Asus is good if you are going Intel but since I've been building AMD exclusively for the past couple of years that doesn't help me any. the Asrock boards all come with core unlock which can easily turn a dual into a triple, triple to quad, I've even had customers get lucky and when i flipped the switch their quads became hexas, so its worth it for that alone, but in addition they have phase switching and Xfast which I've found does give a speedboost to USB 2 and LAN file transfers.

As far as Evga, last I looked they were Nvidia only, is that still the case? after i got burnt with a couple of cards during bumpgate I've sworn off Nvidia and found the sub $150 market (which is where the majority of my customers land) pretty much belongs to AMD when it comes to performance per dollar so that's what I've been sticking with. Both the Gigabyte and Sapphire boards have performed well so much so that me and my two boys are running Sapphire HD4850s and they purr like kittens.

so maybe I've been lucky, or maybe I've played the RMA game enough that I know which Is to dot and Ts to cross, but the above companies have never given me a bit of trouble when it comes to RMAs and I've found I've had to do RMAs on their gear surprisingly little. BTW if you ever DO use an Asrock board a word of advice: since they are gamer heavy they tend to be a little...aggressive...in their RAM timings so its best to simply go in and set the timings manually if you aren't using OCed RAM. Once you do that though its smooth sailing and their board toolset is frankly one of the best I've ever seen, from their IES power saver that controls phases to their OCing tool to Xfast its all well written and very stable. It also seems to be better than most when it comes to getting the most out of Turbocore, since they monitor the heat and voltages so tightly I tend to get an extra 100MHz to 300MHz out of turbocore just by leaving it to automatic. Can't complain about getting free speed, especially when its hassle free.

Re:Crappy AMD drivers?!

[hairyfeet]

ASLR works just fine for me as far as I can tell, and more importantly its enabled for the browser which is the main (and at least from what I've seen pretty much only) attack vector you need to worry about. And if you want to be extra secure you should probably flip the switch for structured error handling overwrite protection which I've had for over a year now and doesn't seem to affect performance any. Maybe its because I don't buy crappy boards, maybe its i get lucky, hell if i know, but as many boxes get built that go through my shop you'd think I'd be seeing some of these ATI horror stories but I'm just not.

As far as the monthly drivers, Nvidia doesn't do monthly drivers either, they do the same thing AMD is switching to which is only putting out drivers when needed as it just makes more sense. if you haven't added support for new cards or fixed any bugs simply repacking last month's driver simply makes no sense and causes needless updates. The only move AMD has done that's bothered me on the GPU front is putting the 4xxx into legacy but even that I can understand, as there simply isn't more speed to be gained there. since Win 8 is gonna require DX11 for all the bling and i have no intention of buying Win 8 it really doesn't affect me and the drivers that are already out work just fine in Win 7.

But I honestly don't see how a browser that is running at low permissions and is already sandboxed is gonna magically be able to get through all that but NOT get through ASLR. And honestly? I can't remember the last bug I saw that wasn't PEBKAC on Vista or 7, every bug I've seen has been classic social engineering like Security tool and AV201x which lets face it, if the user runs it and gives it permissions then nothing is gonna stop them, not ASLR or DEP or anything else.

In the end i just have to do what i think is right for my customers and the higher cooling and power requirements along with the higher prices for equal performance just don't make Nvidia a good buy IMHO. They are fine if you are building a gaming rig with tons of cooling and a $300+ GPU, but the majority of my customers are in the sub $150 market with most of those falling in the $50-$100 range and in those categories frankly the Nvidia offerings are just sub par. Too much heat, too much power, not enough performance, that is what I've seen of late from Nvidia and since ASLR is enabled on the only attack vector i ever encounter i really don't see a problem. Feel free to bitch at them though, I have no problem with security getting even better, I just don't think this is as really a big a deal as they are making out. Did they even run any tests on malware with browser enabled ASLR? Because if they did i can't find the figures.

Re:Crappy AMD drivers?!

[hairyfeet]

Well all I really care about is the TDP and how close to overheating the system is. I don't honestly care if they want to use numbers or a red butted baboon, all i care about is to know whether or not a system needs more fans.

So i honestly don't see what the problem is with just giving us some sort of simple "Yes its too hot" or "no its not too hot" since these people DID design the chips after all and know what they are designed to take. Take the HD48xx chips, if you simply looked at the temp you'd go "ZOMFG!" since they tend to idle at around 60c and hit 82-90c under load, but since AMD designed those chips to run hot and go as high as 105c without damage that isn't a big deal, so instead of freaking I simply upped the fan speed to 43% so that it would move a little more air and it tends to stay around 65-70c under load which is fine and dandy and the slightly faster fan lets my case fan pull out the excess heat.

So I honestly don't care if they give me perfect numbers in the slightest, in fact since i hate the speedfan interface i simply compared the two readings and used offset in coretemp to get me a more reasonable report. But frankly you shouldn't have to break out a laser temp gauge just to find out whether a machine needs a fan or not, hell even a green yellow red signal of some sort would give us all the info we truly need to know.

Re:Crappy AMD drivers?!

This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

Yo! Microsoft has been trying to tell the hardware makers how to build their products for a couple of decades now. This issue is related to Windows Operating Systems. All AMD/ATI has to do is put half a million into open source projects for their drivers and also have Universities help build drivers for their products. The real issue is that Microsoft has tons of programmers. Why can't Microsoft write drivers that would provide safety from attackers?

Re:Crappy AMD drivers?!

[Bert64]

Windows was already quite firmly established on x86 by 1993, starting with 3.0 which came out in around 1990...
AmigaOS, VMS, IRIX, MacOS all only ran on their own hardware.
I don't think BeOS was around at the time, and the earliest versions only ran on PPC hardware too.

DOS was the incumbent yes, it came bundled with almost every x86 compatible machine, and windows soon came bundled with dos (it was actually cheaper for hardware vendors to ship both, ms charged a lot more for dos on its own)...

Re:Crappy AMD drivers?!

[hairyfeet]

You are most welcome. I really get sick of the whole religious wars when it comes to Linux, like any criticizing is burning a cross, because frankly we should ALL want things to get better, all want problems to be fixed and better ways of doing things to be explored. hell what would the world be like if Linus said "Minix is good enough" and walked away? If a better idea can make a better OS i'm personally ALL for it.

And as far as Linux and graphics intensive games...I'd argue all the underlying video issues is why most will need to keep Windows to game with. if they could get the subsystem truly stable then porting the games to run natively wouldn't be such a PITA, where you have to target THIS version of the kernel and THAT driver and THIS version of the software. part of what makes Windows great for gaming is there is really only 3 versions (XP,Vista,7) and since the kernel isn't being changed nor the graphics subsystem and audio subsystem constantly being fiddled with one can just "write once and be done". Hell there are many games from the late 90s I can play without compatibility mode on Win 7 X64 simply because they wrote to the APIs instead of using software and hardware hacks, which there are a few games that can't be run on anything other than Win98 simply because they DID use hacks, such as Mechwarrior 3 or i76.

Frankly as for AMD I think the whole TFA is a tempest in a teacup as ASLR IS USED FOR THE BROWSER which running a little PC shop I get to see what is going around and frankly the browser is the ONLY attack vector I've seen, either by using social engineering or browser drive bys. From what I've seen you stop the malware at the browser you are done, its game over for the bad guys. Not saying that some time in the future some nasty might target GPUs, anything is possible, but that just isn't what I'm seeing in the wild, its all security tool or AV201x or drive bys and so far the ONLY bugs I've seen do any harm at all on Win 7 without the user actively helping it was the Firefox bug I wrote about in my journal and that can be traced to Firefox not respecting or using low rights mode which lets the malware pop up an invisible iFrame and spam their yahoo address book, even if they aren't looged in when it hits.

so as long as AMD/ATI give me and my customers the best bang for the buck in the huge $150 and under market i think I'll stick with them, their drivers are damned good on Windows, they have opened their specs on Linux and even went so far as to hire devs to help get the FOSS driver up to speed, and the chips are cheap and powerful. that makes AMD a winner in my book.

AOD

[Kjella]

Acronym Overload Detected. A summary is supposed to summarize but I couldn't tell what this story is about unless I already know.

Re:AOD

[zoward]

Acronym Overload Detected. A summary is supposed to summarize but I couldn't tell what this story is about unless I already know.

Notice that the first reference to ASLR in the summary is actually a link to Wikipedia. If you hover over the link, you get the acronym expansion. While not as effective as expanding it in the text, it's nice to have the full Wikipedia article available in case you want to read up on it prior to digging into the article.

Re:AOD

[BiggerBadderBen]

Seriously, WTF??? How many acronyms can you squeeze into 5 lines of text?

Re:AOD

[cpu6502]

Unfortunately expanding-out the acronyms doesn't make the summary any clearer:

"CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide Address space layout randomization (ASLR).

'Always On' Data Execution Prevention (DEP) combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from the Enhanced Mitigation Experience Toolkit with an 'EnableUnsafeSettings' registry key â" because AMD/ATI video drivers will cause a Blue Screen Of Death on boot if 'Always On' ASLR is enabled."

What?

Re:AOD

[Obfuscant]

Notice that the first reference to ASLR in the summary is actually a link to Wikipedia.

And the reference to EMET is a link to a microsoft page that has at the top this warning:

This article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

I'm reading this on a linux system, but I manage several windows boxes. It's very useful for microsoft to refuse to diplay content it decides I don't need to see. Thank you.

Re:AOD

[Belial6]

I see what you did there.....

Re:AOD

Turn in your geek card. All these should be familiar enough by now.

Re:AOD

If you don't know these things, go read some Wikipedia. These are the basics, 101 stuff. The summary would quickly turn to a book if all these things were explained.

Re:AOD

[hawguy]

Unfortunately expanding-out the acronyms doesn't make the summary any clearer:

"CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide Address space layout randomization (ASLR).

'Always On' Data Execution Prevention (DEP) combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from the Enhanced Mitigation Experience Toolkit with an 'EnableUnsafeSettings' registry key â" because AMD/ATI video drivers will cause a Blue Screen Of Death on boot if 'Always On' ASLR is enabled."

What?

Actually that helps. I didn't recognize the ASLR and DEP acronyms since there wasn't enough context to know what they were talking about, I didn't immediately recognize the term "Address Space Layout Randomization", but when I saw "Data Execution Prevention" it became much more clear what they were talking about.

But a little explanation would have been nice. Something like "DEP and ASLR are security mechanisms used to make it more difficult for malware to execute code or to predict memory addresses where programs and their data are located"

Re:AOD

Actually, that's the second reference. Given /.'s rather broad appeal, the acronym shouldn't be "expanded" in the text, it should be added after the full text: "AMD/ATI video drivers are incompatible with system-wide Address Space Layout Randomization (ASLR)." After that, the acronym alone is fine. A brief explanation would be nice as well, but a wikipedia link will do.

Whether anything appears when hovering over the link is browser-dependent and shouldn't be relied upon.

Organization names that are acronyms are fine, but the AMD/ATI thing is ridiculous. There is no such organization as AMD/ATI. ATI is gone. The cards aren't even branded under that name anymore. Sure, there are older drivers to which this article probably also implies and you can still buy older ATI cards, but adding "/ATI" is just adding noise.

DEP isn't explained even via a link. Nor is BSOD. EMET requires you to actually click the link to even get what the acronym stands for.

It's just a mess. I think the submitter spent more time trying to come up with a clever title than making a summary that made sense to the average slashdotter.

 

Re:AOD

[noh8rz3]

aslr = a way to secure your memory so it's harder for malware to run attacks.
EMET = a bunch of tools that windows uses to secure the machine. aslr is one of these tools
bsod = blue screen of death. your computer is frozen
AMD = a company that was formerly known for making computer chips, but is now in the graphics card business
ATI = a graphics card manufacturer that AMD bought.
DEP = another tool in the EMET toolkit.
cert/cc = an organization that is viewed as an authority on computer stuff.

in short, AMD drivers suck so much that microsoft has to override its own computer protections to keep AMD from crashing your machine. so the drivers are not just unstable, they make your machine more vulnerable to malware. cert says, "epic fail".

Re:AOD

tldr ("too long, didn't read")

Re:AOD

[Mitchell314]

While I do find unexplained industry-specific acronyms annoying, if you read /. and don't know what BSoD is . . .

But a link should be good enough.

Re:AOD

[PRMan]

So? You're a Linux admin! Change your browser string.

Re:AOD

[JamesTRexx]

Change your browser string

Why would I have to do that just because someone else decides for me what I need or not need to read.
I'd like to decide for myself what's relevant or not. Having to change the browser ID every time to XP, Vista, 7, 2003, 2008, etc. to look up information on microsoft.com is not an option.

Re:AOD

Yep these 2 things is why it makes sense to leave XP behind and migrate to Windows 7. MS really is trying hard to secure Windows

Re:AOD

AAMOF it is IMHO that we avoid acronyms AMAP. While INAL, the overuse of acronyms could cause the AAAAA to sue you.

http://www.gaarde.org/acronyms/

Re:AOD

[ocdscouter]

Turn in your geek card. All these should be familiar enough by now.

If we were real geeks, we'd refer to a "BSoD", when it occurs in an NT-family Windows OS, as a STOP Error (unless it's a "Hardware Error", or an "NMI Parity Check"). But clearly I'm just being +1 Pedantic Asshat. (On that note, I really wish Slashdot would let me change my nickname)

Re:AOD

It's not refusing to display content. It's refusing to enable certain configuration applets.

If this offends you, ok, good to know.

Re:AOD

[drinkypoo]

Now look, I don't want to be a pissy elitist, but this is slashdot, news for nerds. If you don't know what ASLR or DEP are then you probably don't belong on this site at all; if you can't figure out how to use google to figure out what they are then you definitely don't belong here. These are not new technologies and there have been probably a dozen articles discussed here on slashdot about the relative merits of various operating systems' ASLR implementations (Windows best, MacOSX worst) and even highly detailed explanations of how ASLR works and why one implementation might be better than another.

Re:AOD

[Mr+44]

Uhh, no. Windows DLLs have always been relatively addressed, and are capable of being loaded at different locations in the virtual address space (google "rebasing"). However, for performance reasons, most DLLs specify a preferred address the loader will attempt to slot them into. All system DLLs specify this, which results in their routines being loaded at predictable addresses (even across machines).

ASLR means that, on boot, a different location is chosen in the virtual address space to load DLLs into, so that system routines are not always at the same location, making certain types of security exploitation significantly harder.

Re:AOD

[Darinbob]

Yes I was baffled completely by the summary. But eventually after a few decades I'm sure Slashdot will get around to actually having editors.

Re:AOD

I keep reading DEP as DERP.

derp indeed.

Re:AOD

Acronyms: A way of making technobabble even less intelligible.

Re:AOD

[ChunderDownunder]

Sounds like an idea for a browser extension. Dynamically change user agent based on domain.

Re:AOD

They have one. It is called UAControl. I use it with a related addon refcontrol

Re:AOD

[RivenAleem]

I think it has something to do with analogue single-lens reflex. I'm not sure. I was quite as lost as you after that point.

Re:AOD

[cpu6502]

>>>If you don't know what ASLR or DEP are then you probably don't belong on this site at all;

Piss off. If I started rattling off acronyms from my trade (FCU,LSEQ,VHSIC) you'd probably have no idea what I'm talking about either. Not everyone is a software engineer so to expect people to know those SW-specific acronyms is bullshit.

AMD's proprietary Linux driver is secure...

[GerbilSoft]

...because it crashes before any malware can do any damage.

Re:AMD's proprietary Linux driver is secure...

[Beorytis]

Maybe that is by design... From TFA: "Application crashes that could otherwise be exploited to run an attacker's code are reduced to crashes that may just cause a denial of service. "

Re:AMD's proprietary Linux driver is secure...

Doesn't crash on my computers. /nvidia doesn't have drivers for all graphic cards so you'll have to use nouveau driver

Re:AMD's proprietary Linux driver is secure...

[TeknoHog]

$ lsmod | grep fglrx; uptime
fglrx 3029147 144
agpgart 26120 3 intel_gtt,intel_agp,fglrx
22:41:37 up 76 days, 4:30, 8 users, load average: 0.00, 0.01, 0.05

Re:AMD's proprietary Linux driver is secure...

[Trogre]

Dammit, why did AMD buy ATi? The parent post could be misinterpreted as a jab at AMD CPUs, rather than ATi GPUs.

Re:AMD's proprietary Linux driver is secure...

...because it crashes before any malware can do any damage.

Even if it was secure, aren't you still in trouble using Xorg?

There is nothing in this story connecting ATI/AMD!

[SenseiLeNoir]

The story is about DEP and ASLR effectiveness at blocking exploits. IT has nothing to do with the title or the ATI/AMD aspect.

OOps.

[SenseiLeNoir]

Oops, My mistake, ignore that post.

Re:OOps.

cool story bro

ALHA DYT?

A Little Heavy on the Ancronyms Don't You Think?

Re:Everything is insecure

Nothing is secure. Man can make it, man can break it. This is yet another proof of that concept.

That is patently WRONG.

Software is in the realm of mathematics - you know, area where things can be *proven* to be correct and that can be *proven* to never fail.

Software can be made 100% secure assuming it is the only attack vector.

Re:Everything is insecure

[Khyber]

"Software can be made 100% secure assuming it is the only attack vector."

No way in hell. If software could be made secure, we'd not need laws for DRM.

Sounds ominous

[IT]

As a long time AMD/ATI user of CPU/GPUs, this sounds ominous.
If true, either AMD/ATI has to kill it, or we will have to kill AMD/ATI.

Re:Sounds ominous

As a long time AMD/ATI user of CPU/GPUs, this sounds ominous. If true, either AMD/ATI has to kill it, or we will have to kill AMD/ATI.

FUD FTW!

Re:There is nothing in this story connecting ATI/A

[tlhIngan]

The story is about DEP and ASLR effectiveness at blocking exploits. IT has nothing to do with the title or the ATI/AMD aspect.

The CERT article mentions it, and it mentions it in that you cannot use the DEP/ASLR protections (in the kernel) because ATI/AMD make an incompatible driver. And since graphics drivers are kernel things, loading them means the kernel must disable DEP/ASLR, making your machine just that much less secure because of it.

Re:Everything is insecure

[Bengie]

DRM is logically insecure. Still waiting for you to disprove him.

Re:You shall use...!

Sorry to hear about that. Sounds like you could have saved yourself a lot of trouble by using ASLR compatible drivers.

Oh, and by the way, your mom called. She says she didn't stretch her Vag all out of shape so you could grow up and be a forum spammer, and that you should find something new to do with your life.

Re:Everything is insecure

That is patently WRONG.

Software is in the realm of mathematics - you know, area where things can be *proven* to be correct and that can be *proven* to never fail.

Do you hear that knocking? It's Godel telling you that you're an idiot:

http://en.wikipedia.org/wiki/G%C3%B6del's_incompleteness_theorems

It's basically a mathematical proof that if man can develop software, man can break software. (There was an article on exactly this subject in one of the recent Communications of the ACM.)

Re:Everything is insecure

[Khyber]

Software can NEVER be 100% secure. Why? Because there's always hardware flaws, and HUMAN FLAWS.

And since humans make both hardware and software, it can't be infallible. Hence why we have branch prediction, error correction, and more. And even then, stuff still screws up.

Not insecure

Insecure means not confident, not safe is unsecure.

Re:Not insecure

[psmears]

Insecure means not confident, not safe is unsecure.

Not according to the dictionary. One word can have more than one meaning :)

THIS AIN'T NO CORVAIR !!

But it's damn close !!

Re:Everything is insecure

[MtHuurne]

DER and ASLR don't make a system secure though. But they do make holes much harder to exploit.

Re:Everything is insecure

[fuzzyfuzzyfungus]

Proving the existence of unprovable statements within logically consistent systems doesn't prevent there from being provable ones... If you are very lucky indeed, the ones that are provable and the ones that you care about might even overlap...

call the next ati card the pinto.

call the next ati card the pinto.

Re:Everything is insecure

[bmo]

Software can be made 100% secure assuming it is the only attack vector.

1. That's assuming too much and ignores reality (humans) so this is automatically bunk. But I'll take this as "credible" to discuss the next point.

2. People, like you, have claimed that you should be able to write a mathematical proof for your code, and if you can, it's secure (because supposedly it's only going to do what you tell it without error).

This totally ignores the concept of Complexity - complex (and even unexpected) behaviours arise from simple rules. People don't write proofs for code because the complexity grows exponentially as the lines of code get more numerous. Mapping it simply becomes impossible. Sure, you can write a proof for a 10 line algorithm. What do you do when you have a code base like the size of Windows 8? Or how about something much smaller? Let's take Conway's Game of Life. You have simple rules. You go ahead and map the output for every single set of values. Before the heat death of the Universe, please.

How much do you really want to pay for your software? What features are you willing to give up because it was too expensive to write the proofs? Do we *really* need *all* software to be subject to the same scrutiny as the software that runs a CAT scanner or a medical cyclotron?

It is said that the making of laws and sausages is similar, and you really don't want to watch it happening in real time. I believe we can add "writing software" to this. That's just reality, man. Deal with it.

--
BMO

Re:Everything is insecure

[Your.Master]

Branch prediction isn't about fallibility or security.

ASLR

[Jeremiah+Cornelius]

Preventing yesterday's attacks, tomorrow.

Re:ASLR

[blackraven14250]

Better to prevent yesterday's attacks at all than to leave the hole open for all time...

Re:ASLR

[osu-neko]

Given that "yesterday's attacks" compromise 99% of the attacks that occur every day, that seems wise.

Re:ASLR

Better to prevent yesterday's attacks at all than to leave the hole open for all time...

Sounds like a good advice to prevent date rape.

Re:ASLR

Bad moderation.

Re:Everything is insecure

[Your.Master]

No, it isn't. It's a proof that there are unprovable statements. It's not a proof that there are no provable statements, which would be self-contradictory.

Re:Everything is insecure

[Bengie]

Quantum physics makes 100% never a reality for anything. The point is that given enough brain power, one could prove something is secure. Whether or not it's a good idea to assume something is 100% secure is a whole other issue.

Re:Everything is insecure

[Khyber]

"Branch prediction isn't about fallibility or security."

How wrong you are. Ever hear of a Simple Branch Prediction Analysis attack? We covered that back in 2006, if not earlier.

Re:Everything is insecure

[Bengie]

DEP and ASLR are like an ogre, I mean onion... uhggg... They add to security for a cheap price.

It's what fanboys do

[Sycraft-fu]

When a problem with their chosen product is pointed out, they try to deflect it with criticism of the product offered by someone else. Happens all the time with videocards. The two camps have some really rabid fans who cannot accept any criticism of their chosen card and if it happens they instantly start screaming about the other vendor.

Crappy, but not in the way that the Trolls say.

I'd been using AMD cards for years. Most recently a 5850 2GB(Rare, I know) and then a pair of 6870s in a crossfireX configuration.
The complaints about crashes and BSODs are old, guys really. Almost as old as the IBM 'Deathstar' complaints. (You realize that was over a decade ago, right? You also know that IBM no longer makes the drives, right? And still you won't shut the fuck up. God damn people, get a life)

I do, however, have other issues with AMD's drivers and it was one of the reasons I just picked up a new nvidia 670 a few days ago. (That, and the new nvidia kelper GPUS are absolute monsters. You know you've reached a milestone when the latest Elder Scrolls game runs near 120fps on fully cranked settings - Yeah I've got a 120hz display No, I don't use it for 3D)

1. Crossfire - Crossfire is great in theory, and it's great when it works.. But it works inconstantly, and suffers performance problems in certain situations on certian systems and absolutely no one can tell you why. It's also often takes months after a game release, and updates from both AMD and the game dev to get things working properly. Not worth the trouble. The clincher for me was Skyrim and Max Payne 3 at launch day. When turning off crossfire and dropping to a single card triples your performance, you know something is wrong.

2. Driver installer - Whoever writes the core of the drivers is doing fine. The installer, however, is just plain braindead. Most enthusiasts recommend a manual clean-out of old driver files-settings every time you update. For good reason.

3. UI - The control panel is just a bad UI experience, and does not have many useful controls anyway. Most serious tweaking happens in third party unities.

4. Connectivity features. Nvidia's devices just have better handling of various settings for video out. You have finer grain control over port settings, refresh rates, display settings, HDMI settings, etc. AMDs' drivers also completely shit themselves if you've got a device that reports bad EDID information (Lots of HDTVs), whereas Nvidia drivers can hack around it by forcing an output setting.

All of the above issues really aren't about the drivers themselves, but the installer, UI, and configuration tools. The userland end of the experience.

Re:Crappy, but not in the way that the Trolls say.

[Jeng]

I haven't really kept up with the using two video cards in combination issues since I have not had a system that uses more than one video card yet so I have a question.

Is Nvidia's SLI set up better, and if so in which ways, and how much better?

Re:Crappy, but not in the way that the Trolls say.

From what I understand it is. It offers better scaling and better compatibility. (Adding more cards is not 1:1 scaling in all cases.. It generally works best for making extremely high resolutions, multi monitor setups run reasonably)

Of all the reviews I've read, it appears that Nvidia puts more development time in to their muti-gpu solutions and that they work better in un-optomized situations. (All multi-gpu solutions have a list of known game titles, and load custom settings for each. Very new games, or less common games may not have optimized settings yet)

Still, I have a hard time recommending it. If you play a few popular games a lot then it will work fine for you. If you play lots of different games, especially ones from small developers, then managing all the quirks is more trouble than it's worth. Get one big powerful card instead of two slower ones. Even if, in theory, the 2 card setup should be more powerful overall.

Re:Crappy, but not in the way that the Trolls say.

Shame it's the other way around... AMD has had better multiGPU scaling for over 2 years now...

Re:Everything is insecure

Build the prover into the compiler and make the computer do it for you whenever you accept input or pass values.

You don't have to prove every value, merely every edge case, which you can design by contract. It isn't physically impossible, merely fiscally improbable.

Why don't you want to pay for perfect software? I think all software should be subject to MORE scrutiny than medical devices, because medical devices still kill people on occasion.

Breaks an already broken security standard

[Jeng]

As the MS blog in the second link stated, DEP + ASLR is already being exploited and that blog post is two years old at this point.

Still wish AMD/ATI would improve their drivers.

Re:Breaks an already broken security standard

[Billly+Gates]

It is pretty hard to do if you have a 64 bit version of Windows. In 32 bit you can spray until you hit something good as the address space is so much smaller assuming you make it past the sandbox of the non FF browser.

Still I have seen it work with my own eyes cut down malware in any organization that leaves XP behind. YOu can exploit it but then a patch from MS will fix it. It is not an exploit where it is useless forever and simple to get around. IT may not be perfect but it is very effective if you keep your 64 bit system patched and do not run flash. I think the latest flash maybe sandboxed.

Re:Breaks an already broken security standard

[shutdown+-p+now]

DEP and ASLR is not a "security standard", and it cannot be exploited. It is a technique to mitigate a software exploit such that the chances of successfully executing an attack is much smaller. It's not foolproof, but then it was never designed to be. It does make things statistically more secure, however (as in, your chances of getting malware through some exploit are reduced, and it takes longer to write malware that can circumvent it).

Re:Breaks an already broken security standard

[cryptizard]

We wouldn't even need ASLR if people would code in safe languages. But around here C/C++ is god and everyone thinks it is impossible for there to be buffer overflows in their code because they are GOOD programmers...

Latest drivers may fix this

[Billly+Gates]

I am using an old laptop with Windows 8 to type this with an ati chipset. I noticed Windows 8 kept freezing and having issues until ATI came out with an experimental driver.

I used Regedit and found nothing with EMIT and UnsafeSettings in the registry as Windows 8 enables this by default. Now I know why it had so many issues before.

I do hope this issue is resolved as I always correct XP loyalists trolls on Slashdot saying how secure Win 7 is for these reasons. ASLR and DEP cut malware in half in any enterprise that migrates ... well except if they have ATI chipsets or cards. THis really blows for me as I refuse to run Metro garbage on my main work desktop and will not void my warranty by ditching my ATI card.

Re:Latest drivers may fix this

[Bigbutt]

Yea, whenever I relate my problems with my 4870 ATI cards and the BSOD on boot just about every time I turn on the computer (I have 50 or so .dmp files from Jan 30 to 1 today) I get jumped on as well. This has been going on through Windows XP Home and XP Pro as well as Windows 7 now. I'm hesitant to update drivers since I've killed the machine in the past with updates forcing me to roll back the version and now the cards aren't supported.

I did check for EMET based on the CERT article but EMET isn't in that location. I'll have to check further and see if I can just add it along with the EnableUnsafeSettings key and see what that does.

[John]

Re:Latest drivers may fix this

[Billly+Gates]

I have never seen a BSOD.

Without the latest drivers in Windows 8 it hangs or freezes up with no dump.
You could have a bad or failing PSU as I had a similar problem with a system with an NVidia card. Look into that. YOu can get last years top of the line GPU for $110. I wonder if your card has bad ram or if the surge in bootup could cause it to BSOD from the PSU?

Run some benchmark to see if it fails. If it doesn't then your issue is not the video card. GOod luck

Re:Latest drivers may fix this

Yea, whenever I relate my problems with my 4870 ATI cards and the BSOD on boot just about every time I turn on the computer (I have 50 or so .dmp files from Jan 30 to 1 today) I get jumped on as well.

Which forums have you gone to to solve your issue?

You may find that it is not the video card on it's own.

http://www.techsupportforum.com/forums/f299/bsod-in-vista-32-bit-possibly-because-of-ati-4870-a-411547.html

Re:Latest drivers may fix this

This has been going on through Windows XP Home and XP Pro

ASLR wasn't available in XP. Unless you installed a third party ASLR solution, your problems have nothing to do with your ATI drivers.

Re:Latest drivers may fix this

[LesFerg]

I am having constant bsod problems also, for about 6 months now, on Windows 7 with a HD4850. It doesn't have any problems running games but there is a random driver error when accessing the PC externally, e.g. using the media services from my tv. Unfortunately I have not been able to find a historical driver to fix this, and the Windows suggested driver has the same problem.

I have to say after many years of being reasonably happy with my ATI card that I will not be buying another one.

Re:Latest drivers may fix this

[Bigbutt]

It only BSODs on boot and 99.999% of the time, no problem after the system finally comes up. I have a nice Corsair 750 watt PSU that doesn't seem to be throwing any other errors during operation for the past four years since I built the box.

I've sent the initial card back to Diamond and they passed it with no problems.

I ran one of the benchmark suites two or three years ago but nothing was thrown as an error.

[John]

Re:Latest drivers may fix this

[Bigbutt]

Google search on the error and the ATI forums. Per the BSOD (I have a pic somewhere; need to locate it), it's always the ati driver and not the network or sound card per your link. There have been suggestions to upgrade the drivers, however I have the most current set. If I go with the Microsoft recommendation (always have the flag in my status bar) and update the driver, the system bails and I have to roll it back.

[John]

Re:Latest drivers may fix this

[Bigbutt]

Actually, I would suspect it has nothing to do with ASLR or EMET as the BSOD always references the ati driver as having the problem.

[John]

Re:Latest drivers may fix this

[Bigbutt]

Unfortunately this has been going on since I assembled the computer in 2008. Since the system works fine after it gets to a login screen, I haven't put much effort after the initial year or so of trying to solve it. Generally I just let it roll through BSOD's until it gets through whatever the issue is and comes up.

I'd like to think it was a heat issue (faulty trace or something) but it does it in the winter and the summer and I'm in the basement so it stays relatively cool anyway.

[John]

Re:Latest drivers may fix this

[Bigbutt]

Most current set that works that is. I can go to the main ATI driver set and get a more current one but I don't think they support the 4870 cards either. There was a suggestion to go to a site that has created a stable driver set but I haven't given it a try yet. Mainly because once it's done BSODing and comes up, it's fine.

[John]

Perfect solution fallacy

[tepples]

The two camps have some really rabid fans who cannot accept any criticism of their chosen card and if it happens they instantly start screaming about the other vendor.

What's wrong with "Sure, my card has problems, but your card also has problems, and here's how your card's problems are more noticeable in practice"? If bad isn't allowed to complain about worse, that's the perfect solution fallacy.

Re:Perfect solution fallacy

[Sycraft-fu]

What's wrong is this isn't a discussion about AMD vs nVidia, it is a discussion about how AMD should fix their shit. To then try and deflect and say "No they shouldn't because nVidia isn't perfect," is stupid.

A discussion (a real discussion, not fanboy screaming) about the merits of the two cards is useful if someone is looking at which they might want to buy. However responding to a problem in AMD drivers with "But, but one time nVidia produced a bad driver that caused overheating!" is not productive. Trying to act like AMD should juet get a pass because The Other Guy(tm) isn't perfect is dumb.

Re:Perfect solution fallacy

[tqk]

A discussion (a real discussion, not fanboy screaming) about the merits of the two cards is useful if someone is looking at which they might want to buy. However responding to a problem in AMD drivers with "But, but one time nVidia produced a bad driver that caused overheating!" is not productive. Trying to act like AMD should [just] get a pass because The Other Guy(tm) isn't perfect is dumb.

I'm an admitted AMD "fanboi." I'm having a difficult time understanding wtf everyone's complaining about. Is this about Win* gaming performance, or basic video chip performance? Proprietary drivers? Perhaps this whole discussion is irrelevant for me, because I don't do that crap.

I eschew Intel and Nvidia, mostly for political reasons. I like AMD because (overall through the years) they IMO appeared to be trying to "do the right thing" when the others decidedly were not.

I don't do Win* gaming; I do Linux/FLOSS. On my secondary box, I'm running Debian stable. It plays DVDs in xine, surfs with Firefox 3.5.16 (Iceweasel), Fluxbox wm, emacs, mrxvt, xscreensaver (Flame), GKrellm, nm-applet, xconsole, and xman. When I'm not using it, it's crunching Distributed.net's dnetc (100% CPU usage). This's a Gateway laptop with an AMD Sempron 32 bit CPU and Radeon XPRESS 200M 5955.

Uptime 24 days, CPU temp currently 50C. It reboots when I reboot it. It's never crashed.

My primary box is an HP dv4 64 bit Turion, and though it's quite a bit snappier than the Sempron and the fan comes on quite a bit easier, I don't see a great deal of difference between the two boxes if they're doing the same things (though one's 32 and the other's 64 bit).

WTF is this about AMD sucking? It sure the fuck doesn't for me.

Re:Everything is insecure

[bmo]

You don't have to prove every value, merely every edge case

Then you haven't even written a proof, have you? You've pretended to.

Why don't you want to pay for perfect software?

Because Man, in his thousands of years on this spinning rock, has never /ever/ created anything perfect.

Perfect software doesn't exist and neither will it ever. If someone claims they can, make sure you know where your wallet is. It's like the koan, "If you meet the Buddha, kill him."

--
BMO - I like ice cream koans.

Re:There is nothing in this story connecting ATI/A

[Billly+Gates]

Yes it does.

ATI's drivers to me are lower quality but there hardware is higher quality and it is a tradeoff as I have had NVidia cards fail before going all ATI at home. It is part of the product whether you like it or not.

I am an AMD fan too, but I am glad it is brought up as I am irritated at this and need to know this to make sure work pcs do not come with ati products that can raise TCO and increase malware. DEP and ASLR is the main and pretty much only reason why I can justify a Windows 7 migration over XP. If the desktops have this disabled then what is the point?

AMD's latest driver for Windows 8 does not have the issues as I just checked the registry. Maybe the driver can be backported to Windows 7 ... hopefully.

I am not trying to be a troll here but to me this is serious. I am sick and tired of malware and this erases years of progress at Microsoft.

Most interesting statements are unprovable

[tepples]

It's not a proof that there are no provable statements, which would be self-contradictory.

Yes, that would be self-contradictory, but a statement that "most interesting statements are unprovable" would not be self-contradictory. Most statements about computer programs, for example, are undecidable as a consequence of the halting problem's undecidability.

Re:Most interesting statements are unprovable

[psmears]

"Undecidable in general" != "unprovable for any program". Or rather, just because it's not possible to write a general purpose algorithm that will tell you whether any given computer program {terminates, crashes, is secure against a particular threat} doesn't mean that, for any program I'm ever likely to write, there doesn't exist a proof. Or in other words - there exist billions of programs where it's difficult to know for certain whether they terminate - but those programs aren't relevant to determining whether my program terminates - and if I've got any sense I'll write my program in such a way that I can prove that it terminates (if that's the behaviour I want).

Old Story

ATI has had broken drivers since the 90's. And they made it as hard as possible to find and download the correct drivers for the multiple versions of their cards. Even today AMD/ATI doesn't make it easy to update. I got as far away from them as soon as I could once the nVidia Riva 128 came out. Even with memory tricks it smoked any ATI and most Voodoo cards. And the drivers just worked, every time. nVidia has kept the same philosophy ONE driver for ALL. love that.

Re:Old Story

[LesFerg]

I don't believe you can justify that statement unless you are looking for drivers for something extremely old. The driver support site has been very user friendly for several years now. The quality of the drivers may not have been so great however.

It's relevant.

[Benfea]

The reason AMD's drivers suck is that they only have to be as good as nVidia's, which these days is a very low bar to meet. It used to be nVidia made good drivers and that was the main reason to purchase a nVidia card, but sadly that doesn't seem to be true any longer. Instead of forcing AMD to come up to nVidia's level, nVidia chose to sink to AMD's level.

Re:It's relevant.

[EvilBudMan]

We'll nVidia still makes good drivers for their high end CAD stuff but point taken on everything else.

Re:It's relevant.

[Mashiki]

Instead of forcing AMD to come up to nVidia's level, nVidia chose to sink to AMD's level.

Well there's a reason, because some braniac at nvidia decided to move their entire driver team from the 400/500 series drivers to the new 600 series drivers. And their secondary polish team is now doing the main driver writing. It gets worse though, as the driver writing itself has occasionally been outsourced to other companies.

There was a huge thread about this over on the evga forums. And Nvidia went nearly 6mo without anything even approaching a solid driver. Though the new 300's seem to be more or less stable, I've only had one driver restart with them on my 560ti.

Re:It's relevant.

I would love to read that thread if you can link it. I looked myself but didn't have any luck.

Re:It's relevant.

[TheRaven64]

ATi's drivers sucked back when there was competition for video cards too. It's not a new thing.

Amazing how slasdot takes nvidia's money and then

suddenly all these anti AMD stories get run, funny that ain't it.

Re:Everything is insecure

Why not like a parfait? I know I do.

MS should just deny them WHQL certification

[PingXao]

Microsoft is constantly telling people that they won't sign their drivers unless they pass strict quality and certification standards. MS should just deny that to drivers as buggy as these are reported to be.

Oh wait... that would mean MS Is actually committed to quality as opposed to just needing an excuse to deny the little guy who wants to write some driver-level code.

Re:MS should just deny them WHQL certification

Microsoft is constantly telling people that they won't sign their drivers unless they pass strict quality and certification standards.

In the post-Flame era, anyone can sign drivers on behalf of Microsoft, so that's luckily no longer an issue!

Re:Everything is insecure

[psmears]

"Branch prediction isn't about fallibility or security."

How wrong you are. Ever hear of a Simple Branch Prediction Analysis attack? We covered that back in 2006, if not earlier.

Your original comment said:

And since humans make both hardware and software, it can't be infallible. Hence why we have branch prediction, error correction, and more.

... which implies that you consider branch prediction to be a form of mitigation against errors, similar to error correction — i.e. that the reason branch prediction exists is to improve security.

A Branch Prediction Analysis attack makes use of branch prediction to break security, but that's irrelevant — it doesn't change the reasons why branch prediction existed in the first place, and it certainly doesn't turn branch prediction into a security feature.

Re:Everything is insecure

He did say assuming software is the only attack vector. That doesn't preclude hardware.

Re:There is nothing in this story connecting ATI/A

[EmagGeek]

While that is correct, Slashdot just got a bunch of money from nVidia, so the opportunity to create that appearance just couldn't go unutilized.

double standard

[perles]

When I bought my laptop with ATI Radeon 4 years ago I thought I would have a continuous development of the open source driver, and I was happy to get rid of the nVidia dependence. nVidia stops to develop the driver after some point and you have to live with the open source, which is not supported by the nVidia team anyways and does not have accelaration. You have to either keep an old kernel, move to the open source or trash your ~3 years old hardware. AMD/ATI pretend to have open source drivers at the same time they keep their closed source drivers. The open source drivers will always compile and run in the latest kernel, which is great. This is the spirit of GNU/Linux. But the closed source ones don't. They stop to develop the closed source driver like nVidia does. From that point your driver may or may not run against the latest kernels. It would be great if they open the source code of their drivers, instead they start to develop a new crappy open source with lots of features missing, mainly 3D accelaration, which really sucks. Thanks AMD/ATI for your double standard. I will be moving on to Intel in the future.

Re:double standard

I will be moving on to Intel in the future.

ROFL, and when they fail you are you going to go to VIA?

But it still showed you the article content!

... you failed to mention that. Oh, right. Your goal was to be sensational. Carry on.

Re:But it still showed you the article content!

[drinkypoo]

1) Don't start your post in the subject line, that is fucking annoying. Are you new?
2) What do you mean "the" article content? He doesn't know which content it showed him, and neither do you. But I notice you're anonymous and cowardly, so you're probably a shill as well.

Re:But it still showed you the article content!

The article IS displayed for Linux clients, with an added warning. @Obfuscant implied Microsoft did not show the article to Linux clients.

You can bitch and call him "anonymous and cowardly" but the facts remain.

Re:But it still showed you the article content!

[drinkypoo]

Obfuscant implied Microsoft did not show the article to Linux clients

Wrong, although you may have inferred that. He outright stated that the article says to you that it is being altered for Linux users to contain information Microsoft doesn't think he needs; "It's very useful for microsoft to refuse to diplay content it decides I don't need to see." He didn't say "to refuse to display articles it decides I don't need to see" but you (and some other idiots) just added that word into the sentence as you read it.

Now please, fuck off until you understand English. The writer implies; the reader infers. The writer implied nothing of the sort; you inferred it anyway.

Re:But it still showed you the article content!

Now please, fuck off until you understand English.

Swear all you want but it doesn't make you right.

It's very useful for microsoft to refuse to diplay content it decides I don't need to see. Thank you.

Thats wrong. Microsoft DOES show the article to Linux clients.

Re:But it still showed you the article content!

[drinkypoo]

It's very useful for microsoft to refuse to diplay content it decides I don't need to see. Thank you.

Thats wrong. Microsoft DOES show the article to Linux clients.

Just in case you're not a troll, I shall mock you again. You're attacking a straw man. You're asserting that someone has asserted that Microsoft is not showing the article to Linux clients, which is a lie. No one has said that. What Microsoft has said, and what is being complained about, is that they are [potentially] showing an altered version of the article to Linux clients. Now, until you can understand simple English, again, fuck off.

Re:Everything is insecure

[dissy]

Perfect software doesn't exist and neither will it ever. If someone claims they can, make sure you know where your wallet is. It's like the koan, "If you meet the Buddha, kill him."

Exactly. One of the best examples that comes to mind is the guidance software written for the first space shuttle computer, and even that had bugs. It was also 20x more expensive than the normal going rate at the time, and technically speaking it contained only about one two hundredth less bugs by number of lines of code.

Damn impressive for sure, but far from a zero. It also cost half a billion 1960's dollars!

An interesting read: http://history.nasa.gov/sts1/pages/computer.html

As anyone who has ever used a computer knows, software is seldom error-free. A statistical average for software used in critical systems (flight control, air traffic control, etc.) shows that programs average 10-12 errors for every 1,000 lines of software code. This was clearly unacceptable to NASA for use on the Space Shuttle. As a result, NASA forced one of the most stringent test and verification processes ever undertaken on IBM for the primary avionics system software. 21

The result achieved by the 300 IBM programmers, analysts, engineers, and subcontractors was impressive. An analysis accomplished after the Challenger accident showed that the IBM developed PASS software had a latent defect rate of just 0.11 errors per 1,000 lines of code - for all intents and purposes, it was considered error-free. But this remarkable achievement did not come easily or cheap. In an industry where the average line of code cost the government (at the time of the report) approximately $50 (written, documented, and tested), the Primary Avionics System Software cost NASA slightly over $1,000 per line. A total of $500 million was paid to IBM for the initial development and support of PASS. 22

Re:You shall use...!

Sorry to hear about that. Sounds like you could have saved yourself a lot of trouble by using ASLR compatible drivers. Oh, and by the way, your mom called. She says she didn't stretch her Vag all out of shape so you could grow up and be a forum spammer, and that you should find something new to do with your life.

It's not that badly stretched. Sure, you can get both hands in, but it's not like you can clap or anything. And you have to give her credit for staying in the game. Anyone with a /. uid can get in for free!

AMD/ATI drivers unsafe? Poor quality? Really???

[SMTB1963]

After owning half a dozen ATI cards over the years (currently using an AMD 7970 in my main rig), I had no idea how crappy AMD drivers were. Just because I've had more trouble with nVidia drivers on the 3 GTX275s and 2 GTX570s I currently use for GPU computing doesn't mean a thing, because that's just anecdotal evidence...right?

Luckily I came across this thread with all the hard data on AMD vs nVidia driver quality before it was too late. Thanks Slashdot!

ps - would it be possible for one of you fine Slashxperts to link to documentation on how many times this blatant deficiency in AMD driver quality has been exploited? (shouldn't be too difficult, since it's been 5+ years since ASLR was implemented in MS operating systems)

Re:Amazing how slasdot takes nvidia's money and th

[jakobX]

Heh. my thoughts exactly. This is the second such article in like a week. Something fishy about it all. Im not saying that AMDs drivers are perfect but i cant say ive had any problems with them in the last 10 years. The last time i remember them crashing was like 7 years ago while using the old radeon 8500. Crashed during counterstrike. It wasnt even a BSOD just a driver restart. Miraculously once the picture was back i was still alive. :)

The drivers used to be bad but that was during the rage3d era. Im sure half of slashdot users are too young to even remember that those cards existed.

I dont know why Nvidia is regarded so highly. During the vista era the majority of BSODs were because of their drivers. Thats pretty bad considering the amount of drivers running on a computer.

Cant say ive had much trouble personally with nvidia as well. My old 6600gt worked okayish. BSOD once a month. Annoying but bearable. My Nvidia ION based HTPC also works most of the time. A lot of problems with their HDMI audio drivers. I have to reinstall the damn driver once a month because it just stops working. Since ive figured it out that i should just run the install again and it works then its not much of a problem anymore.

Re:AMD/ATI drivers unsafe? Poor quality? Really???

[ThatsMyNick]

Because of this deficiency in AMD driver, windows kernel cannot use ASLR. So pretty every virus/malware that depends on Address Location could have been prevented. And lot of virus and malware do.

Re:AMD/ATI drivers unsafe? Poor quality? Really???

After owning half a dozen ATI cards over the years (currently using an AMD 7970 in my main rig), I had no idea how crappy AMD drivers were. Just because I've had more trouble with nVidia drivers on the 3 GTX275s and 2 GTX570s I currently use for GPU computing doesn't mean a thing, because that's just anecdotal evidence...right?

Funny, I have the opposite experience.

Using nVidia cards for years which worked mostly fine (the odd shitty release that caused BSODs) but had lots of features and was very fast, easy to use and highly compatible with most games. I switched to AMD after nVidia decided selling resistive heaters as GPUs (Fermi) was the way forward and have been thoroughly disappointed with graphical glitches in games (bad Z ordering, lighting flicker, shader effects only applying every 2nd frame), desktop lag (seriously, the fucking desktop in Windows 7 suffers frame-rate drop), a shitty control panel that is painfully slow (i7-920 CPU, opening Catalyst takes 5 seconds for that pig to page itself in then uses 150MiB RAM, lags an additional 1-2secs when switching pages) and they only just recently added per-application profiles (and the UI for that is horrible, designed by retarded monkeys on a 5 minute deadline apparently).

The best thing I can say is that in 1.5 years, the drivers have only blatantly crashed twice ("Windows detected that the graphics driver was not responding and restarted it"). I get the impression that half the Catalyst team knows what they are doing (good ideas here and there, mostly behind the scenes stuff though) but the rest are morons (especially whoever is responsible for the UI parts) and they're managed by idiots.

ps - would it be possible for one of you fine Slashxperts to link to documentation on how many times this blatant deficiency in AMD driver quality has been exploited?

Constantly. ASLR was designed to disable existing malware and buffer overflow shellcodes, requiring that new, smarter malware be written from scratch. Effectively, disabling ASLR ensures that the legacy of simple Win95-compatible hacks will continue to function correctly on Windows 7.

Re:AMD/ATI drivers unsafe? Poor quality? Really???

[SMTB1963]

Because of this deficiency in AMD driver, windows kernel cannot use ASLR. So pretty every virus/malware that depends on Address Location could have been prevented. And lot of virus and malware do.

I understand/agree with your point, but when I see a headline like the one made in the OP, I think someone's trying to convince someone else that the sky is falling.

I guess what I was trying to get at was: is there data that supports the claim made in the headline? In particular, has it been shown that AMD equipped systems have higher rates of becoming compromised than non-AMD systems? If such a premise was demonstrably proven, I think AMD might move ASLR compatibility up their priority list.

And frankly, I'm sick of people claiming one manufacturer's drivers suck and the other's don't based on their own personal experience. Amazing that so many don't realize how stupid they sound.

Re:AMD/ATI drivers unsafe? Poor quality? Really???

[ThatsMyNick]

TFA basically gives AMD a downmod (consider it a +1 Sucks) because they do not care about supporting simple security features (which some of other posters extrapolate, along with their personal experiences to, they suck worse than Nvidia). Making code compatible with ASLR is not complicated or time consuming at all (I have been involved in linux driver programming), it is just that they have not bothered with it. The result is a simple and effective shield that ASLR and DEP provide is broken.

Re:AMD/ATI drivers unsafe? Poor quality? Really???

[SMTB1963]

Funny, I have the opposite experience.

Which is exactly the point I was trying to make. Your experience or my experience or the sum of /. experience doesn't mean squat. In the end, it's all anecdotal.

ps - would it be possible for one of you fine Slashxperts to link to documentation on how many times this blatant deficiency in AMD driver quality has been exploited?

Constantly. ASLR was designed to disable existing malware and buffer overflow shellcodes, requiring that new, smarter malware be written from scratch. Effectively, disabling ASLR ensures that the legacy of simple Win95-compatible hacks will continue to function correctly on Windows 7.

If you can point me to data showing AMD-equipped systems have higher rates of becoming compromised than non-AMD systems, please do so.

While I would agree that AMD system are more vulnerable to attack because of ASLR incompatibility, I'm certainly not convinced AMD systems are more "unsafe" than others.

Re:AMD/ATI drivers unsafe? Poor quality? Really???

[SMTB1963]

Couldn't agree more. To be clear, I'm not defending AMD on this. They've owned ATI for long enough to have addressed the issue. But IMO, the claim made in the headline doesn't pass my sniff test. Smells like FUD to me.

Sensationalism at its best!

[Zephiris]

EMET is a tool Microsoft releases to enable specific settings, then they hide stuff like the "AlwaysOn" behind a registry setting they term unsafe.

Nowhere does it on any of the linked Microsoft pages say that this "unsafe" is hidden because of AMD, unlike what the article boldly suggests. Microsoft would be unlikely to grant WHQL status to drivers violating something it actually wants on by default.
Nobody gets the EMET settings "by default". You have to download and run it, many options you have to enable per-program, and many programs don't work with it.
The article they link to says Skype, Microsoft's own Silverlight, and World of Warcraft all don't work with the EAF option (everything is enabled by default for a program you select).
Nobody is getting, or would get, any of these protections "by default". So saying that AMD drivers "are making your computer less secure" is ridiculous, given that even if it's still an issue (the only linked mention hasn't been updated in over a year), it's limiting the maximum POSSIBLE security, which you would have to enable and run yourself...turn on settings that Microsoft deems unsafe, and knowingly risk making your machine unbootable. All for having ALSR "potentially" work for binaries that don't deem themselves compatible? Great...

Microsoft's own documentation says that all binaries can opt-in to ALSR (same as they have to opt in to DEP by default), but it has nothing to do with system drivers. Out of all of the processes running on my system, only two (an IM client, and a mouse hook service) don't have ALSR. These days, on VS2010, binaries are compiled with the ALSR and DEP flags set by default. You have to specifically opt out.

EMET's own user manual says that it uses a different, conflicting ALSR implementation than what the system natively does...might explain why fewer things are compatible with it.

TLDR: There is no evidence whatsoever that AMD drivers would make your system "actually less secure". There's one note that it "could" make your system less secure, if Microsoft were pushing a security option that it doesn't support.

People should focus on actual issues, instead of inventing imaginary ones just to try to make themselves more relevant and "in the news". I'm disgusted by CERT's behavior. I would've thought they'd at least stick to the actual facts of the case, instead of acting like the dime-a-dozen "don't need no fact checking" bloggers.

Disclaimer: I currently have an AMD card, have used both Nvidia and AMD cards since the late 90s with varying success.

What article did you read?

Where did you read that AMD drivers make your system "actually less secure" ? Neither the linked article or the summary state this. The blog title is: "AMD video drivers prevent the use of the most secure setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)"
And the conclusion at the end states: "Microsoft Windows systems that have an AMD or an ATI video chip cannot be secured as well as systems with video chips that have ASLR-compatible drivers. "

Both of which very clearly convey the idea that a system that uses AMD drivers cannot be locked down as much (system-wide ASLR) as one with ASLR-compatible video drivers. In other words, the use of an AMD driver limits the maximum possible security settings that a user can enable his or her self.

Hardly seems sensational to me.

P.S. Out of the entire set of modules on your system, what percentage would you say are compiled with VS2010 or later? You don't have to answer that. Just think about it.

Re:What article did you read?

[Zephiris]

My mistake. ALSR enabled by default on VS2008, and was able to be selected on VS2005...and the WDK for Vista and above, also by default.

The summary claims that "AlwaysOn" ALSR isn't enabled by default "because of AMD". The summary also claims that AMD drivers are unsafe and insecure. TFA claims that it isn't enabled because of "some software, including AMD". The fact is Microsoft declares the forced ALSR unsafe -for a reason-. Forcing it on at that level has no benefit for the things that already support it, and can have consequences for any software or drivers that don't support address randomization clobbering them.

AMD drivers apparently didn't or doesn't support randomizing the base address. There are several reasons why they may not, including for performance. It could also be that there's simply legacy code, or legacy OS support to worry about, since AMD's fglrx supports kernel ALSR on Linux.

If AMD supported this, would Microsoft change the default by Windows 9? 10? Or would there still be other vendors of non-video applications and drivers, some of which may be legacy, that one vendor wouldn't make much of a difference?

AMD's lack of support for a hidden and "marked as unsafe" boot mode has essentially no end-user impact, security, stability, or otherwise. IF the boot mode is required to have randomized driver base addresses, Nvidia would be no more secure by default, or by any reasonable means available to a power user or security professional. If Microsoft changes it to the default (and maybe they have in Windows 8, but I'm certainly not keen on testing recovery mode), I'm sure the driver-signing and WHQL requirements will be changed accordingly, as they have in the past.

Yes, it is sensationalist to suggest specifically and only AMD (rather than Microsoft) has anything to do with a real problem. The summary and article are worded in such a way to suggest blame and danger, which gets people in a furor...over nothing. Anyone with half a brain knows that this is ultimately a Microsoft policy decision, one which the vendors are effectively bound to comply with. Microsoft makes lots of things optional, (in this case, optional, unsupported, and strongly discouraged) so if you think "forced ALSR" is something worth having, you could always write a news story about how "Microsoft makes security optional!!" instead. Just as sensationalist, just somewhat more on-target. Articles like this, including the one on CERT, are getting well into the FUD range.

I'd be surprised if anyone reading this has had "forced ALSR" as described in the article, enabled since WIndows 7 came out. There's not much point in crying over what you never had, and can't really have, at least not yet, according to Microsoft. I don't really care if the few open source, mingw-compiled, programs I'm using use ALSR or not.

Just since people can't seem to keep things straight... The last AMD vulnerability that I can find confirmed was in 2007, a local driver signing workaround, after which they had major overhauls (including on performance). Nvidia had two last year, one of which was a remote denial of service.

By the way, are you the same "anonymous coward" that submitted the article? :p

sorry what?

[issicus]

what exactly does this mean for me and my radeon hd?

sometimes it's not AMD or NVIDIA it's YOU

I have had so many piss poor nvidia cards in the last few years that I switched to AMD

Wait. You're basing build quality on the designers?!?

I have a pile of broken 2xx cards in my desk that I am looking at right now. They seem to last a few months to a year.

Now you're basing build quality on 1 persons experiences (and from these explanations I'm guessing that person isn't very competent).

RMA'd cards from MSI and asus always come back and work for a few more months before failing to POST or creating graphics errors.

Really? That's quite the exceptional experience. How many BBB cases do you have? Which consumer protection agencies did you contact? How many lemon-law refunds did you get? Did you go to small claims court?

Or did you do none of those things because in all likelihood you are the source of your own problems?

Re:AMD/ATI drivers unsafe? Poor quality? Really???

[Fuck_this_place]

No one gives a fuck about your bitcoin mining problems. You must be a special kind of retard to have problems with nvidia drivers, nothing could be simpler. Don't buy shit motherboards perhaps? I don't know....except that I do. Zero problems here, ever, going all the way back to the original TNT. The same can not be said about ATI/AMD. You want to talk about heat/power problems? Fine, explain the Thunderbird to us all.

Re:Everything is insecure

[Khyber]

"... which implies that you consider branch prediction to be a form of mitigation against errors, similar to error correction — i.e. that the reason branch prediction exists is to improve security"

You very clearly fail to understand my consistently paradoxical (and laced with hidden humor) statements. Well, I guess I can't help that. Old timers like yourself just don't understand this younger generation.

Re:AMD/ATI drivers unsafe? Poor quality? Really???

[SMTB1963]

No one gives a fuck about your bitcoin mining problems. You must be a special kind of retard to have problems with nvidia drivers, nothing could be simpler. Don't buy shit motherboards perhaps? I don't know....except that I do. Zero problems here, ever, going all the way back to the original TNT. The same can not be said about ATI/AMD.

I don't mine bitcoins. If I did, I certainly wouldn't use nVidia GPUs. nVidia's architecture just isn't well suited for that type of workload. I participate in GPUGRID (CUDA) and World Community Grid (CPU/OpenCL). Please consider volunteering some of your excess CPU/GPU capacity to these worthy BOINC based projects.

As far as motherboards go, I'm currently running 6...all of which have been crunching DC projects 24/7 for about the last 2 years. Doesn't that indicate my motherboards aren't shitty? Or am I still being retarded?

You want to talk about heat/power problems? Fine, explain the Thunderbird to us all.

Uh, no...no I don't want to talk about heat/power problems. But you seem to, and I'd love to read your musings on the topic. I would only read, because I would never presume to engage in a debate with someone of your intellectual capacity. In any case, thanks for taking the time to grace me with your wisdom and experience. I truly feel smarter after reading your post. You must be part of Slashdot's special retard enlightenment task force.

Linux and graphics intensive games

[Lonewolf666]

Right now, you have two choices in AMD/ATI drivers on Linux:
-Catalyst (closed source, fast, but has the aforementioned problems with the changing kernel interfaces and a general reputation for crappiness)
-and the open source driver (much less complaints from users, but much weaker performace).

I'm following the Linux graphics driver development via Phoronix.com, where Michael Larabel frequently publishes benchmarks of the latest open source driver versions. And progress is definitely there, but so far it is mostly in the "correctness" department:
Up to maybe a year ago, many benchmark results were incomplete because the open source driver would crash on some games. Or significant parts of the graphics were missing. Today, such gaps in the results are rare. But progress on the performance front is slow and when a new optimization comes in, it is usually like "great, instead of 25% of Catalyst performance we have now 30%"

Re:Linux and graphics intensive games

[hairyfeet]

Well I think that is because they are having to work on both the GPUs and APUs and since APUs is a MUCH bigger market i think they have been more of the devs time. hell it wasn't too long ago that Fusion APUs didn't have any support at all and now there are plenty of distros OOTB supporting the APUs and OpenELEC even has a Fusion build so you can take that $150 E350 kit and make yourself a pretty badass XBMC HTPC on the cheap.

If what I heard was true, not saying it is, just what i heard, the reason the closed source Nvidia driver works well is it basically guts X and some of the underlying GPU subsystem and replaces it with proprietary code designed to better interact with their GPU models. if so it would explain a lot and also explain why Nvidia has a whole dev team just for Linux drivers, because keeping all that working must be a nightmare. whether you are happy with AMD performance or not you have to admit AMD is doing exactly as the community asked them to, giving up their specs as fast as they can pass them through legal and beyond by hiring extra devs for the FOSS team. I have a feeling in the long run this is gonna turn out to be a better strategy, at least until Linux gets a proper ABI, because it will mean that you will be able to support pretty much ANY distro with ANY card by AMD and have it "just work".

In the end I don't suppose it will affect me all that much as my customers buy Windows and at the crucial sub $150 price point AMD pretty much stands alone. the amount of bang per buck is just insane so while I'm often trying new distros just to see they are nearly always in VMs so the AMD GPU performance really isn't even in play there.