bit-tech.net

AMD accused of poking holes in Windows security

Published on 8th June 2012 by Gareth Halfacree

AMD accused of poking holes in Windows security

According to US-CERT, AMD's graphics drivers are responsible for a serious hole in Microsoft's Windows security systems.

AMD has been accused of making Windows unsafe, thanks to graphics drivers that fail to operate when Address Space Layout Randomisation (ASLR) is enabled.

Introduced by Microsoft to guard against code execution through buffer overflow attacks, ASLR works by shuffling the memory map and storing critical resources in a pseudorandom location. The result: if an attacker attempts to overwrite a specific section of memory with a buffer overflow or similar attack, that memory location will be different on each targeted system.

Combined with Data Execution Prevention (DEP), which marks sections of memory containing program data as non-executable to minimise the risk of a buffer overflow writing to an area of memory which can then be executed as a program, ASLR is an effective defence against many forms of attack.

Unlike DEP, however, ASLR is disabled by default and only activated by manually toggling a registry key marked 'unsafe' or using Microsoft's optional Exploit Mitigation Experience Toolkit (EMET) add-on. Doing so on systems with AMD graphics cards, however, has an unwanted side-effect: system crashes.

According to a vulnerability notice published by the US Computer Emergency Readiness Team (US-CERT) late yesterday, AMD's graphics drivers are incompatible with ASLR and cause blue-screens when the functionality is enabled. Drivers for graphics boards from rival Nvidia, and those designed for Intel's integrated graphics systems, work fine with ASLR.

According to US-CERT's analysis, the result is that systems are ill-secured against attack. Worse, a feature which should be activated by default in order to provide the most security is disabled and hidden - leaving Microsoft with the blame for security breaches it has already coded protection against.

US-CERT's advice is clear: for server systems with AMD graphics hardware, where video performance is a non-issue, users should consider moving to generic VGA drivers which fully support ASLR. For other users, who specifically bought the AMD graphics board for 3D tasks and intend to use it to its full advantage, US-CERT has only one suggestion: 'If the video adapter on your system is not compatible with EMET "Always on" ASLR, consider using a different video adapter that has ASLR compatible drivers.'

20 Comments

Discuss in the forums Reply
Griffter 8th June 2012, 13:19 Quote
interesting... but how can anyone blame another company for not being compatible with a company that decides one day they want something else.. so all others must change to support it?
dicobalt 8th June 2012, 14:17 Quote
Wow this is pretty serious. How could ATI go so long with this problem? Is it only recently a problem? I can't believe nobody has noticed yet. Anyways I am amazed AMD would knowingly release software like that.
Alecto 8th June 2012, 14:21 Quote
"Wow this is pretty serious. How could ATI go so long with this problem? Is it only recently a problem? I can't believe nobody has noticed yet. Anyways I am amazed AMD would knowingly release software like that."

It is a problem with a feature that is disabled by default. This is not to say that AMD's drivers aren't crappy - they are, but blaming them for incompatibility with somthing that is disabled by default and apparently isn't used anywhere is like complaining about 3D acceleration not working in DOS version of Tomb Raider compiled for Glide ...
Harlequin 8th June 2012, 15:01 Quote
EMET is not installed by default on any windows machine - and since EMET 2 has been out 2 1/2 years , for retail users its not that big a deal
Flibblebot 8th June 2012, 15:08 Quote
Quite. I think the bigger issue here is not so much AMD's incompatible drivers, but Microsoft including an important security feature that is turned off by default. Is there a reason for this - does it make a system less stable, or does it cause Windows programs to run slower?
Gareth Halfacree 8th June 2012, 15:25 Quote
Quote:
Originally Posted by Flibblebot
Quite. I think the bigger issue here is not so much AMD's incompatible drivers, but Microsoft including an important security feature that is turned off by default. Is there a reason for this - does it make a system less stable, or does it cause Windows programs to run slower?
The reason, according to US-CERT, is AMD's drivers: Microsoft can't turn it on by default, 'cos then (insert AMD's market share per cent) of systems will blue-screen and die.
Harlequin 8th June 2012, 15:53 Quote
the reg key you need to look for is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\EnableUnsafeSettings

and if you dont have the optional and downloaded from MS EMET you dont have the reg key anyway (not present on my GTX 480 system)
yougotkicked 8th June 2012, 18:52 Quote
I get the feeling that ASLR is disabled by default due to a performance overhead, not compatibility issues. I don't know the precise workings of the tech (I doubt anyone without a security clearance does), but based on my understanding of stack discipline and data addressing, I can make some reasonable assumptions. If those assumptions are right, ASLR would add a step or two to certain kinds of instructions. The result could easily be a substantial performance hit.

In order for a buffer overflow attack to happen, you must already be executing some malicious code, which should have been caught by other security measures. Of course it IS reasonable for those security measures to fail, but ASLR still isn't a critical first-level security feature, and it could have observable performance costs, so it isn't enabled by default.

All AMD is 'guilty' of, is not testing their drivers with an obscure security feature that drastically changes the way system-level addressing works on a tiny fraction of systems, which MS themselves have chosen NOT to require driver makers account for. US-CERT is just being dramatic and accusatory.
l3v1ck 8th June 2012, 19:22 Quote
Quote:
Originally Posted by Gareth Halfacree
The reason, according to US-CERT, is AMD's drivers: Microsoft can't turn it on by default, 'cos then (insert AMD's market share per cent) of systems will blue-screen and die.
Then MS should say "AMD, this is your six months warning. In six months the next Windows update will turn this feature on. You've got that long to sort your drivers".
Shouldn't be an issue. Both AMD and Nvidia release regular driver patches.
Fizzban 8th June 2012, 20:20 Quote
It can't be too vital a piece of protection can it. If it was Microsoft would have told AMD to sort their drivers ages ago. And if the vast majority of us have been getting along fine without ASLR then I don't see the problem.

If you are careful you shouldn't get a virus anyway. Can't remember the last time I got one. Only ever clean them off other peoples computers.
JA12 9th June 2012, 02:23 Quote
"AMD has been accused of making Windows unsafe"
:D :D
Nah - Microsoft does that job very well already. And if they have a bad day, Adobe comes to the rescue.
TC93 9th June 2012, 15:23 Quote
This is nothing but an nvidia fanboy article.
TC93 9th June 2012, 15:26 Quote
And what about all the backdoors our Government (like the FBI) are always trying to get put into everything.
alpaca 9th June 2012, 16:00 Quote
Quote:
Originally Posted by TC93
And what about all the backdoors our Government (like the FBI) are always trying to get put into everything.

That is why everything from planes to fission-powered submarines and hydroelectric dams should run on ATI hardware! Conspiracy! Get the tinfoil hats!
shanky887614 9th June 2012, 21:50 Quote
there are more security holes built into windows than a Colander

i don't see why they are blaming amd

windows is a piece of **** from a security standpoint

dep is useless, so disabled it same as uac. havent had any problems/viruses in over 6 months thanks to my third party security
digitaldave 10th June 2012, 20:18 Quote
makes me laugh microsoft pointing fingers when they "alledgedly" had nothing to do with issuing MS security certs that enabled flame to target whoever they want to.
azrael- 10th June 2012, 20:53 Quote
ASLR isn't something that's merely turned on by setting a registry key. A given application has to actively support it or rather it has to indicate to the OS that it supports it. There's a linker option for this in Visual C++ (or alternatively a project property in Visual Studio projects). The same goes for DEP.

One could argue that AMD has a problem if ASLR support is indicated, yet hasn't been tested to work properly, but I wouldn't call it poking a hole in Windows security.
DbD 11th June 2012, 16:34 Quote
If you can get past all the AMD fanboy nerd rage you'd notice this is a good thing they are doing. The whole idea behind this feature is to make windows more secure. The reason it's not on by default is because it has to be specifically coded into software so until all software supports this it stays turned off.

It is particularly important for low level drivers with privileged access such as graphics drivers. Intel and Nvidia support this, AMD don't. I presume they were asked nicely (standard has been out for a while) but they ignored the requests so they are now being publicly bashed in an attempt to get them to comply.

None of this matters to us of course as we don't have this setting turned on, but it matters in a big way to AMD if they want to sell any PC's with their chips in to the US government who have higher security standards.
Sloth 11th June 2012, 22:28 Quote
Quote:
Originally Posted by DbD
If you can get past all the AMD fanboy nerd rage you'd notice this is a good thing they are doing. The whole idea behind this feature is to make windows more secure. The reason it's not on by default is because it has to be specifically coded into software so until all software supports this it stays turned off.

It is particularly important for low level drivers with privileged access such as graphics drivers. Intel and Nvidia support this, AMD don't. I presume they were asked nicely (standard has been out for a while) but they ignored the requests so they are now being publicly bashed in an attempt to get them to comply.
Typical chicken/egg scenario where two companies try to muscle each other around. MS clearly didn't put in enough leverage to get AMD to move. If you want another company to do extra work for free so that your own features work then you need to put on your big girl panties and wrestle them into complying. Now we get to wait and see if this'll be enough to get AMD to move.
Quote:
None of this matters to us of course as we don't have this setting turned on, but it matters in a big way to AMD if they want to sell any PC's with their chips in to the US government who have higher security standards.
Outside of higher sensitivity branches this likely isn't an issue, if AMD can make a better offer they'll get a deal. On the flip side, private sector business security isn't to be overlooked. As we've seen over the last couple years there's plenty of hacker interest in the personal data of employees and clients, and of course trade secrets can be worth millions.
impar 18th June 2012, 09:47 Quote
Greetings!
Quote:
US-CERT Discloses Security Flaw in Intel Chips

According to The U.S. Computer Emergency Readiness Team, a flaw has been discovered in Intel chips that would allow hackers to execute malicious code on a variety of 64-bit operating systems. The flaw is limited to chips using SYSRET instruction. Intel has made no comment on the disclosure.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums

More About...

Custom PC Issue 117

Custom PC Issue 117

3 Issues for just £1
PC Hardware Buyer's Guide August 2012

PC Hardware Buyer's Guide August 2012

Hardware 29 – We are not Server Admins

Hardware 29 – We are not Server Admins