Slashdot Mirror

← Back to Stories (view on slashdot.org)

AMD/ATI Video Drivers: Unsafe At Any Speed

Posted by timothy on from the hey-man-we've-all-got-problems dept.

An anonymous reader writes "CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide ASLR. 'Always On' DEP combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from EMET with an 'EnableUnsafeSettings' registry key — because AMD/ATI video drivers will cause a BSOD on boot if 'Always On' ASLR is enabled."

48 of 261 comments (clear)

  1. Crappy AMD drivers?! by LingNoi · · Score: 4, Insightful

    This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

    1. Re:Crappy AMD drivers?! by h4rr4r · · Score: 3, Insightful

      You think their windows drivers suck?
      Check out the linux ones one time. A whole other world of suck!

    2. Re:Crappy AMD drivers?! by Moheeheeko · · Score: 2, Funny

      AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.

    3. Re:Crappy AMD drivers?! by Anonymous Coward · · Score: 2, Insightful

      This isn't very surprising AMD/ATI have always had crappy drivers. I wish their fan base would stop apologising for them and demand AMD put more effort into their products.

      This can't possibly be true. I've been troll moderated to death and beset by ATI fanboys at every turn, for years now, on slashdot in the past, all assuring me ATI not only has awesome drivers on EVERY platform, including Linux, but that NVIDIA is unusable and the choice of the foolish. These trolls can't possibly be wrong, can they? I mean the video quirks and game bugs, rendering problems, and kernel crashes commonly associated with various ATI video cards can't possibly be real can they?

      Seriously, if you are a Linux user who just wants good 3d with quality drivers and don't care about some dumb ideology, NVIDIA is literally the only option in town. Even on Windows their drivers are and always have been top notch. And when ATI was literally laughing and pointing at Linux users, NVIDIA was there to provide quality drivers which ATI has yet to even match in quality. And that's all ignoring the fact ATI has a long tradition of EOL'ing driver support for cards which really are not that old - scratch two laptops.

      Seriously, I don't know why anyone would bother with ATI on Linux. And even on Windows, its still not a "gimme" decision.

    4. Re:Crappy AMD drivers?! by Anonymous Coward · · Score: 5, Funny

      You're absolutely right; AMD's drivers rarely allow you to play games.

    5. Re:Crappy AMD drivers?! by LingNoi · · Score: 3, Insightful

      What has Nvidia got to do with it? Why do you mention the failings of another company to cover for AMD?

    6. Re:Crappy AMD drivers?! by LingNoi · · Score: 5, Insightful

      I never mentioned Nvidia, it's also completely irrelevant as AMD drivers will suck regardless of what Nvidia does.

    7. Re:Crappy AMD drivers?! by Mitchell314 · · Score: 4, Insightful

      Linux sucks, it just happens that everything else is even worse. :D

      --
      I read TFA and all I got was this lousy cookie
    8. Re:Crappy AMD drivers?! by LingNoi · · Score: 2

      I find it a bit concerning that we're now 4 levels deep into this and you still haven't even acknowledged my original point, you've constantly tried to turn this into some kind of comparison between other companies, something I never mentioned, something that isn't at all relevant here.

      Please tell me what the link is between "AMDs drivers sucks and I wish their fans would demand better drivers" and "well Nvidia sucks too!". Congrats you're exactly the reason why AMD are laughing all the way to the bank. Why develop a better product when you're just going to accept whatever shit this company hands you and ask for more? Think about that for a moment.

    9. Re:Crappy AMD drivers?! by jedidiah · · Score: 3, Insightful

      Nope, just ATI drivers.

      Nvidia drivers on Linux seem to even be better than the ATI ones for Windows.

      --
      A Pirate and a Puritan look the same on a balance sheet.
    10. Re:Crappy AMD drivers?! by Skarecrow77 · · Score: 2, Insightful

      this is actually the most honest assessment of operating systems i've seen in a long time.

      to be fair, the phrase "in their own way" should be tacked on to the end, because windows, linux, and osx do not suck in the same ways.

    11. Re:Crappy AMD drivers?! by Bengie · · Score: 4, Funny

      More stable than water anyway.

    12. Re:Crappy AMD drivers?! by Skarecrow77 · · Score: 4, Insightful

      crying about fanboys while running around fanboying. typical.

      all fanboys suck. end of story. mint vs ubuntu, google vs apple, nintendo vs sega, fuckin coke vs pepsi... if you're on one side of an arguement, and you can't see the cons of your own side as well as the pros of the other side, you don't really understand the arguement and you shouldn't be speaking.

    13. Re:Crappy AMD drivers?! by Skarecrow77 · · Score: 4, Funny

      wow. somehow click on the wrong reply button and reply to myself. so i look like an idiot. bah, i'm going to lunch.

    14. Re:Crappy AMD drivers?! by Skarecrow77 · · Score: 2

      so you're crying about fanboys, while running around fanboying. typical.

      all fanboys suck. end of story. mint vs ubuntu, google vs apple, nintendo vs sega, fuckin coke vs pepsi... if you're on one side of an arguement, and you can't see the cons of your own side as well as the pros of the other side, you don't really understand the arguement and you shouldn't be speaking.

    15. Re:Crappy AMD drivers?! by Skarecrow77 · · Score: 2

      The GTX 400 series was indeed very power hungry, with one GTX480 eating nearly as much power as two of the equivilent ATI cards. I know firsthand, I have two computers with GTX 470s and they heat up the upstairs loft so much the house's AC can't keep up in the summer. put those two computers into sleep mode, no problem.

      The GTX 500 series was a significant improvement on power draw and heat dissapation.

      the GTX 600 series is downright reasonable. go read a few reviews.

    16. Re:Crappy AMD drivers?! by Luckyo · · Score: 2

      The obvious point is that drivers for both premium GFX card vendors have significant problems due to all the chasing of the better performance at cost of everything else, often including system stability and compatibility.

    17. Re:Crappy AMD drivers?! by citylivin · · Score: 3, Interesting

      HAHAHA! I have had so many piss poor nvidia cards in the last few years that I switched to AMD now and havent looked back. IMHO the last good card that nvidia made was the 8800. I have a pile of broken 2xx cards in my desk that I am looking at right now. They seem to last a few months to a year. RMA'd cards from MSI and asus always come back and work for a few more months before failing to POST or creating graphics errors.

      Things change people. ATI drivers are not even that bad anymore. Sure they update a bit much and nag you to update, however they are stable and I have had less problems with my current 6850 then any nvidia card since 8800 was popular. I think the reason was poor solder, or too heavy heatsyncs warping the cards or something on the 2xx series. Perhaps they have fixed it now with there newest cards but fuck if I am switching back till ati lets me down!

      This is how the video card game always plays. Someone starts slipping and someone else takes the lead. For me, reliability is the best benchmark. Nvidia as I said has been shit so they lost me (and everyone i recommend cards to) as a customer. My 6850 has been rock solid since i purchased it. Not even any driver crashes! And yes I am aware that for the last 10 years ATI had crap drivers. This has been mostly fixed with their windows 7 drivers, so thats a few years ago now.

      --
      As a potential lottery winner, I totally support tax cuts for the wealthy
    18. Re:Crappy AMD drivers?! by Eowaennor · · Score: 2

      Actually WoW is very multithreaded and can make use of up to 3 cores. They even make use of some multithreaded OpenGL ( I know little about this).

    19. Re:Crappy AMD drivers?! by sl3xd · · Score: 2

      AMD may not have the best drivers, but I dont recall any AMD drivers that allowed me to play games and fry eggs with the same piece of hardware like Nvidia.

      You don't seem to have looked hard enough at the AMD drivers, or developed software that uses them.

      I write management software for supercomputing clusters - and GPU's are one of the shiny things right now. Mainstream GPU drivers have hooks that let us do things that admins like to know about - monitor temps, fan speeds, voltages, etc.

      Unfortunately, AMD's driver's aren't just bad. I'm not a lawyer, but there's a good chance they are criminally bad.

      Fatal flaws that I know of:
      * It's trivial to write a program that will shut off the GPU's cooling fan with the AMD drivers; as well as disabling any overtemp throttling. I'm honestly surprised malware hasn't been written to do this already. Either way, your eggs will be ready shortly. I hope the building doesn't burn down.

      * This is a gripe on their Linux drivers, but it's fair game: AMD's own instructions explicitly state that to make GPU monitoring available to a monitoring daemon (or to make GPU crunching available to remote users), it's necessary to run "xhost +" as root.

      Whiskey, Tango, Foxtrot

      For those that don't know - runining "xhost +" as root isn't as bad as having an empty root password, but it's near the top of the list of batshit-stupid things to do. None of AMD's competitors require opening one of the biggest security holes possible just to use their product. What's worse: AMD's response is that they won't be doing anything about it for the forseeable future.

      Other GPU makers aren't without problems - everybody has faults - but it speaks volumes that AMD has no intention of fixing a grave security bug in their drivers.

      --
      -- Sometimes you have to turn the lights off in order to see.
    20. Re:Crappy AMD drivers?! by Skarecrow77 · · Score: 4, Insightful

      depends on your definition of failure.

      if gnu/linux was aiming to become the predominant desktop OS, displacing microsoft, then it certainly has failed

      if gnu/linux was aiming to beocme a major player in the arena, maybe not the overall leader but boasting enough of a market percentage that it couldn't be successfully ignored or neglected by software devlopers and hardware OEMs, then yeah... it's probably failing at that too.

      if gnu/linux was aiming to become a viable alternative to the market leaders for people who care about free software and people who care about being in full control of their own OS, well it has become a rousing success at that.

    21. Re:Crappy AMD drivers?! by Bert64 · · Score: 3, Insightful

      Windows succeeded in a very different market to what Linux now competes in...

      Dos came bundled, and windows was pushed as the natural progression from dos. It had very few competitors, most of which were considerably more expensive both for the software and the hardware required to run it on.

      Linux on the other hand came much later, and is faced with a market already dominated by an incumbent player who has no interest in promoting linux as the natural progression away from their existing product.

      If both windows and linux were introduced new to the market today, i think the story would be very different... Alternative OSs to the incumbents have a very rough time of it, commercial ones outright fail due to not being able to build marketshare fast enough to fund development (look at beos etc), desktop linux would have been considered a commercial failure and dropped years ago if it was a commercial product, only due to being open source and thus not dependent on revenue has it been able to build a user base slowly and steadily.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    22. Re:Crappy AMD drivers?! by RubberDuckie · · Score: 2

      That's called the 'Lovelace Factor': All software sucks, it's just a matter of how much it sucks.

    23. Re:Crappy AMD drivers?! by hairyfeet · · Score: 2

      And I've had 3 Seagates turn to shit whereas the Samsung have never let me down...its called luck of the draw folks. they crank these things out like flapjacks and bad ones get out all the time, which is why I judge a company not by whether or not they put out the occasional dud but what they DO about said dud and what kind of service you get. that is why I use Sapphire and Gigabyte cards, Gigabyte and Asrock boards, and I guess that now Samsung is gone I'll be stuck with WD hard drives. Not because these companies have never handed me a dud, but because when they DID hand me a dud they said "our bad" and worked to quickly replace it and THAT should be what matters folks, not whether a bad one slips through QA.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    24. Re:Crappy AMD drivers?! by sl3xd · · Score: 2

      Verifying temperatures isn't generally that easy - mainly because what most systems are designed to measure isn't what most humans want to hear from it.

      The first law of thermodynamics is we don't talk about thermodynamics.

      Many monitoring packages typically fudge their numbers to some extent. It's a case of "A little inaccuracy can save a great deal of explanation."

      The (vast majority) of people who even look at CPU temps are enthusiasts who think they know something about die thermals, but really have no fraking clue, other than "hot bad". A hard number is easy to understand - even if it's a lie or doesn't tell you anything that's actually useful.

      Die temperatures (as measured by a thermal diode) can vary quite a bit compared to heatsink temperatures. Even then - move the probe to a different point on the heatsink, and the temp measured can vary even more. This means that comparing a thermal diode's temperature (ie. on-die in the GPU) vs. anything you can measure externally (via heatsink) is going to be a lot more trouble than it's worth -- and it's going to be different for every combination of die/heatsink/fan/chassis.

      There are usually entirely different goals in temperature measurement. While a fixed temp is easy for a human to understand, a fixed temp isn't that great of a metric for a CPU's (or it's cooling system's) thermal health.

      For example, Intel's PECI doesn't report absolute temperatures; it reports a negative value which represents the number of degrees until the core is "hot" - which isn't based on any fixed temperature. Some (wrongly) look at the CPU's max temp spec, and figure they can translate that to an actual temp.

      In reality, it's like asking your wife "are you hot?" and then guessing what the temperature is from her reply. The result can vary depending on any of a number of external factors. More importantly, the number doesn't really matter to begin with. What matters is how your wife feels.

      The "external factors" for a silicon die would be things like load, the volume, velocity, and temperature of the coolant air over the heatsink, heatsink size/geometry/material, airflow patterns in the chassis... Manufacturers (be they Intel, AMD, NVIDIA, or anybody else) don't have the luxury of controlling any of those variables, so they either have to design adaptive systems, or throw performance out the window in by throttling the core when they don't really have to.

      --
      -- Sometimes you have to turn the lights off in order to see.
  2. AOD by Kjella · · Score: 5, Insightful

    Acronym Overload Detected. A summary is supposed to summarize but I couldn't tell what this story is about unless I already know.

    --
    Live today, because you never know what tomorrow brings
    1. Re:AOD by zoward · · Score: 2

      Acronym Overload Detected. A summary is supposed to summarize but I couldn't tell what this story is about unless I already know.

      Notice that the first reference to ASLR in the summary is actually a link to Wikipedia. If you hover over the link, you get the acronym expansion. While not as effective as expanding it in the text, it's nice to have the full Wikipedia article available in case you want to read up on it prior to digging into the article.

      --
      "Can't you see that everyone is buying station wagons?"
    2. Re:AOD by Obfuscant · · Score: 5, Insightful

      Notice that the first reference to ASLR in the summary is actually a link to Wikipedia.

      And the reference to EMET is a link to a microsoft page that has at the top this warning:

      This article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

      I'm reading this on a linux system, but I manage several windows boxes. It's very useful for microsoft to refuse to diplay content it decides I don't need to see. Thank you.

    3. Re:AOD by hawguy · · Score: 3, Insightful

      Unfortunately expanding-out the acronyms doesn't make the summary any clearer:

      "CERT/CC has called out AMD for having insecure video drivers. AMD/ATI video drivers are incompatible with system-wide Address space layout randomization (ASLR).

      'Always On' Data Execution Prevention (DEP) combined with 'Always On' ASLR are effective exploit mitigations. However, most people don't know about 'Always On' ASLR since Microsoft had to hide it from the Enhanced Mitigation Experience Toolkit with an 'EnableUnsafeSettings' registry key â" because AMD/ATI video drivers will cause a Blue Screen Of Death on boot if 'Always On' ASLR is enabled."

      What?

      Actually that helps. I didn't recognize the ASLR and DEP acronyms since there wasn't enough context to know what they were talking about, I didn't immediately recognize the term "Address Space Layout Randomization", but when I saw "Data Execution Prevention" it became much more clear what they were talking about.

      But a little explanation would have been nice. Something like "DEP and ASLR are security mechanisms used to make it more difficult for malware to execute code or to predict memory addresses where programs and their data are located"

    4. Re:AOD by noh8rz3 · · Score: 5, Informative

      aslr = a way to secure your memory so it's harder for malware to run attacks.
      EMET = a bunch of tools that windows uses to secure the machine. aslr is one of these tools
      bsod = blue screen of death. your computer is frozen
      AMD = a company that was formerly known for making computer chips, but is now in the graphics card business
      ATI = a graphics card manufacturer that AMD bought.
      DEP = another tool in the EMET toolkit.
      cert/cc = an organization that is viewed as an authority on computer stuff.

      in short, AMD drivers suck so much that microsoft has to override its own computer protections to keep AMD from crashing your machine. so the drivers are not just unstable, they make your machine more vulnerable to malware. cert says, "epic fail".

    5. Re:AOD by drinkypoo · · Score: 2

      Now look, I don't want to be a pissy elitist, but this is slashdot, news for nerds. If you don't know what ASLR or DEP are then you probably don't belong on this site at all; if you can't figure out how to use google to figure out what they are then you definitely don't belong here. These are not new technologies and there have been probably a dozen articles discussed here on slashdot about the relative merits of various operating systems' ASLR implementations (Windows best, MacOSX worst) and even highly detailed explanations of how ASLR works and why one implementation might be better than another.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    6. Re:AOD by Mr+44 · · Score: 3, Informative

      Uhh, no. Windows DLLs have always been relatively addressed, and are capable of being loaded at different locations in the virtual address space (google "rebasing"). However, for performance reasons, most DLLs specify a preferred address the loader will attempt to slot them into. All system DLLs specify this, which results in their routines being loaded at predictable addresses (even across machines).

      ASLR means that, on boot, a different location is chosen in the virtual address space to load DLLs into, so that system routines are not always at the same location, making certain types of security exploitation significantly harder.

  3. AMD's proprietary Linux driver is secure... by GerbilSoft · · Score: 3, Funny

    ...because it crashes before any malware can do any damage.

    1. Re:AMD's proprietary Linux driver is secure... by TeknoHog · · Score: 4, Informative

      $ lsmod | grep fglrx; uptime
      fglrx 3029147 144
      agpgart 26120 3 intel_gtt,intel_agp,fglrx
      22:41:37 up 76 days, 4:30, 8 users, load average: 0.00, 0.01, 0.05

      --
      Escher was the first MC and Giger invented the HR department.
  4. Re:There is nothing in this story connecting ATI/A by tlhIngan · · Score: 4, Informative

    The story is about DEP and ASLR effectiveness at blocking exploits. IT has nothing to do with the title or the ATI/AMD aspect.

    The CERT article mentions it, and it mentions it in that you cannot use the DEP/ASLR protections (in the kernel) because ATI/AMD make an incompatible driver. And since graphics drivers are kernel things, loading them means the kernel must disable DEP/ASLR, making your machine just that much less secure because of it.

  5. Re:Everything is insecure by fuzzyfuzzyfungus · · Score: 2

    Proving the existence of unprovable statements within logically consistent systems doesn't prevent there from being provable ones... If you are very lucky indeed, the ones that are provable and the ones that you care about might even overlap...

  6. ASLR by Jeremiah+Cornelius · · Score: 5, Insightful

    Preventing yesterday's attacks, tomorrow.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
    1. Re:ASLR by blackraven14250 · · Score: 5, Informative

      Better to prevent yesterday's attacks at all than to leave the hole open for all time...

    2. Re:ASLR by osu-neko · · Score: 5, Insightful

      Given that "yesterday's attacks" compromise 99% of the attacks that occur every day, that seems wise.

      --
      "Convictions are more dangerous enemies of truth than lies."
  7. Re:Everything is insecure by Your.Master · · Score: 2

    No, it isn't. It's a proof that there are unprovable statements. It's not a proof that there are no provable statements, which would be self-contradictory.

  8. MS should just deny them WHQL certification by PingXao · · Score: 4, Insightful

    Microsoft is constantly telling people that they won't sign their drivers unless they pass strict quality and certification standards. MS should just deny that to drivers as buggy as these are reported to be.

    Oh wait... that would mean MS Is actually committed to quality as opposed to just needing an excuse to deny the little guy who wants to write some driver-level code.

  9. But it still showed you the article content! by Anonymous Coward · · Score: 4, Informative

    ... you failed to mention that. Oh, right. Your goal was to be sensational. Carry on.

    1. Re:But it still showed you the article content! by drinkypoo · · Score: 4, Insightful

      1) Don't start your post in the subject line, that is fucking annoying. Are you new?
      2) What do you mean "the" article content? He doesn't know which content it showed him, and neither do you. But I notice you're anonymous and cowardly, so you're probably a shill as well.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:But it still showed you the article content! by drinkypoo · · Score: 2

      Obfuscant implied Microsoft did not show the article to Linux clients

      Wrong, although you may have inferred that. He outright stated that the article says to you that it is being altered for Linux users to contain information Microsoft doesn't think he needs; "It's very useful for microsoft to refuse to diplay content it decides I don't need to see." He didn't say "to refuse to display articles it decides I don't need to see" but you (and some other idiots) just added that word into the sentence as you read it.

      Now please, fuck off until you understand English. The writer implies; the reader infers. The writer implied nothing of the sort; you inferred it anyway.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  10. Re:Perfect solution fallacy by Sycraft-fu · · Score: 2

    What's wrong is this isn't a discussion about AMD vs nVidia, it is a discussion about how AMD should fix their shit. To then try and deflect and say "No they shouldn't because nVidia isn't perfect," is stupid.

    A discussion (a real discussion, not fanboy screaming) about the merits of the two cards is useful if someone is looking at which they might want to buy. However responding to a problem in AMD drivers with "But, but one time nVidia produced a bad driver that caused overheating!" is not productive. Trying to act like AMD should juet get a pass because The Other Guy(tm) isn't perfect is dumb.

  11. Re:AMD/ATI drivers unsafe? Poor quality? Really??? by ThatsMyNick · · Score: 2

    Because of this deficiency in AMD driver, windows kernel cannot use ASLR. So pretty every virus/malware that depends on Address Location could have been prevented. And lot of virus and malware do.

  12. Re:AMD/ATI drivers unsafe? Poor quality? Really??? by ThatsMyNick · · Score: 2

    TFA basically gives AMD a downmod (consider it a +1 Sucks) because they do not care about supporting simple security features (which some of other posters extrapolate, along with their personal experiences to, they suck worse than Nvidia). Making code compatible with ASLR is not complicated or time consuming at all (I have been involved in linux driver programming), it is just that they have not bothered with it. The result is a simple and effective shield that ASLR and DEP provide is broken.

  13. Re:What article did you read? by Zephiris · · Score: 2

    My mistake. ALSR enabled by default on VS2008, and was able to be selected on VS2005...and the WDK for Vista and above, also by default.

    The summary claims that "AlwaysOn" ALSR isn't enabled by default "because of AMD". The summary also claims that AMD drivers are unsafe and insecure. TFA claims that it isn't enabled because of "some software, including AMD". The fact is Microsoft declares the forced ALSR unsafe -for a reason-. Forcing it on at that level has no benefit for the things that already support it, and can have consequences for any software or drivers that don't support address randomization clobbering them.

    AMD drivers apparently didn't or doesn't support randomizing the base address. There are several reasons why they may not, including for performance. It could also be that there's simply legacy code, or legacy OS support to worry about, since AMD's fglrx supports kernel ALSR on Linux.

    If AMD supported this, would Microsoft change the default by Windows 9? 10? Or would there still be other vendors of non-video applications and drivers, some of which may be legacy, that one vendor wouldn't make much of a difference?

    AMD's lack of support for a hidden and "marked as unsafe" boot mode has essentially no end-user impact, security, stability, or otherwise. IF the boot mode is required to have randomized driver base addresses, Nvidia would be no more secure by default, or by any reasonable means available to a power user or security professional. If Microsoft changes it to the default (and maybe they have in Windows 8, but I'm certainly not keen on testing recovery mode), I'm sure the driver-signing and WHQL requirements will be changed accordingly, as they have in the past.

    Yes, it is sensationalist to suggest specifically and only AMD (rather than Microsoft) has anything to do with a real problem. The summary and article are worded in such a way to suggest blame and danger, which gets people in a furor...over nothing. Anyone with half a brain knows that this is ultimately a Microsoft policy decision, one which the vendors are effectively bound to comply with. Microsoft makes lots of things optional, (in this case, optional, unsupported, and strongly discouraged) so if you think "forced ALSR" is something worth having, you could always write a news story about how "Microsoft makes security optional!!" instead. Just as sensationalist, just somewhat more on-target. Articles like this, including the one on CERT, are getting well into the FUD range.

    I'd be surprised if anyone reading this has had "forced ALSR" as described in the article, enabled since WIndows 7 came out. There's not much point in crying over what you never had, and can't really have, at least not yet, according to Microsoft. I don't really care if the few open source, mingw-compiled, programs I'm using use ALSR or not.

    Just since people can't seem to keep things straight... The last AMD vulnerability that I can find confirmed was in 2007, a local driver signing workaround, after which they had major overhauls (including on performance). Nvidia had two last year, one of which was a remote denial of service.

    By the way, are you the same "anonymous coward" that submitted the article? :p

    --

    "A Goddess rarely smiles for she is forced by others to be an island unto herself." - Zephiris