Nvidia driver and physical memory access??

Discussion in 'ProcessGuard' started by greg32, Feb 1, 2006.

Thread Status:
Not open for further replies.
  1. greg32

    greg32 Registered Member

    Joined:
    May 30, 2005
    Posts:
    47
    Hi,
    a while back, PG all of a sudden required me to allow all programs that use/display video access to physical memory. I thought this was very strange at the time, looked around could not find anything, and decided to let them. I searched the forums today, and the nvidia drivers were mentioned to have been the problem in some cases. Surly lots of people are having this problem. I tried today the latest drivers with the same prob. So I rolled back the drivers to 77.72, and all requests are now gone. This resulted in 14 programs not requiring mem acc any more! Now I have read that allowing acces to mem is dangerous, and could even allow PG to be terminated. So isn't this a security concern that trivial recreational programs used in day to day activities, viewing media downloaded from net/friends....... so basically suspect material, required access to memory with the current drivers from nvidia? Can PG handle this differently somehow, or is this nvidia's fault? Am I a limited case, or do many other people have the same difficulty? It applied to everything from thumb views in explorer, wmplayer, power dvd, digitv, burning software that has previews of the work.....etc.
    For now, I have reverted back to older drivers so as I don't have to have these programs allowed access, but eventually, with newer hardware, I will need to use the newer drivers, so I would like some advice please.
    Thanks
    Greg
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi Greg,

    It sounds like nVidia's "fault", probably just another optimisation taking effect in the newer driver. I wouldn't be surprised if a few apps were faster under the new driver.

    This would put you between a rock and a hard place. If you allow Physical Memory access for all those programs, then yes they could compromise the system. Luckily you know the EXE itself doesn't change (or PG alerts you), so the real danger is plugin programs like IE which accepts BHO's.

    You may be able to deny some of the more dangerous ones such as IE if you even use it ?
     
  3. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I have 78.01 (not the latest, which is 81.98, because I am lazy and I have a new Dell arriving tomorrow and this one goes back). I allow 9 programs access to physical memory. The computer coming tomorrow has the latest and greatest nVidia card (7800GTX) so it might need even more applications to have this access. Explorer doesn't need access to physical memory but Power DVD does. The others are ones I would expect to need access whether I had an nVidia card or not.
     
  4. greg32

    greg32 Registered Member

    Joined:
    May 30, 2005
    Posts:
    47
    Yep, I hear ya gavin. Problem is, when I have to all of a sudden allow a huge number of programs with access to phys mem, the main concerns being windows media player, windows explorer, and a couple of online games, with the ability to install plugins and stuff makes me worried. I don't use IE, prefer FFox, but they both do not need access to phys mem as a result of the drivers from nvidia. There does not seem to be a speed issue with using the older drivers, BUT, one day I will need to use them on a newer system, and then I will be back to square one with a tonne of apps set with a less than desirable flag for mem access. :)

    Cheers for the response guys, mele20 will be interesting if you find you end up with more programs flagged when you install PG on your new system. Lets us know if they affect you the same way. The reason I want to know, is it might also only be certain graphics cards that cause the driver to act this way. Maybe a new card, with new driver does not do this. I am using an old Ti4200. So, for that reson I am not unhappy to just stick with 77.72 drivers for now.

    Thanks Greg

    CHeers Greg
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    The computer isn't here yet (noon). I use WMP 6.4 on this Dell 8300 Dimension (bought Nov 2003). I ripped out versions 10,9,8 which left me with the "hidden'" 6.4 so that might be why it doesn't want to access physical memory. I will be upset if Explorer or IE (which I seldom use) needs access to physical memory. Currently I have the 5200 GeForce card so it will be interesting to see what happens with this latest nVidia card. I was going to leave WMP alone on this new computer but if it wants access to physical memory....I guess I will have to rip it out also. I'm a Winamp user and seldom need WMP.

    I'll let you know what I find. It wil not be until this weekend most likely as I probably will have to reformat this new computer and won't have time for a few days.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    For most routine stuff IE doesn't need physical memory access, but if you ever go to Microsoft, game page and use it's test your computer function it does for that. Leave it blocked and see what happens. Worst that can happen is you have to give it permission to what you want, and then turn off permission.

    Pete
     
  7. greg32

    greg32 Registered Member

    Joined:
    May 30, 2005
    Posts:
    47
    Peter,
    if I do not allow access to physical memory, for anything like playback of dvd's, mpg, avi/divx, games, mousing over a movie file, dvd burning, dvd authoring, watching/capturing television........ the programs simply do not display an image. To try and manage permissions on a case by case basis, and then to un-enable when done, would be an absolute nightmare. I have now, including the orriginal 14 programs, removed permission for another 3, so that is 17 out of 23 programs that had it enabled, now not requiring it.
    Also, not trying to make a big deal of it, but is it TRUE or FALSE, that programs that have permissions to access physical memory are a high security risk, compared to not being allowed? Or is this something that people have made more of a deal out of then reality. This is why we run PG isn't it. Now, if I look at it this way, I have 76 programs in my protection list. Prior to backdating the drivers, 30% of the programs in there had access to phys mem. Now that is reduced to 6 programs, or more like roughly 12%.
    Mele20, if your system ends up behaving like mine, winamp, wmp, explorer and all that crap needs phys mem access, does not matter what the program is, if it is video related, then it will ask.

    Cheers Greg
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Well, I'm on the new computer. Wow, I have a gigantic wide box to type in. I just installed Fx. I haven't installed PG yet. I spent an hour uninstalling the incredible amount of junk Dell installs now. Unbelieveable.
    I am not happy with the nVidia card. There is no Desktop Manager!!! I can't live without that!

    Anyhow, I'll let you know what I find when I get PG installed. I have to call Dell first. The optical drives are not working nor are my speakers (2 of them). I also can't get any Windows Updates as this computer won't validate...I don't know what that is about.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Hi Greg

    I was referring specifically to IE. If programs need to access physical memory, then you have to either allow it or not run them. As to the more risk issue. Yes it is true there is more risk, but if you feel 95% safer with PG installed as opposed to not having it, then this risk is one that isn't that bad. Bare in mind without PG they had this permission. The only 100% sure security, is what I jokingly posted in one of the polls: The on/off switch.

    Pete
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I'm also seeing this behaviour after upgrading to Forceware 81.98 - interestingly though, System Safety Monitor (which also blocks physical memory access) doesn't give any Physical Memory alerts. So is this a case of PG being overly sensitive or of SSM not being sensitive enough?
     
  11. some made up name

    some made up name Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    60
    Seeing that we are talking about security software here, is there such a thing as overly sensitive (unless you can't deactivate it)??

    I mean, would you rather be told that an app is trying to access PhysicalMemory (even if via the driver) or have an app you don't want to have access silently access it via the already installed driver?
     
Thread Status:
Not open for further replies.