PG & NVIDA

Discussion in 'ProcessGuard' started by Rico, Apr 13, 2006.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    why not just let the drivers have physical memory access?

    problem solved.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    It isn't as easy as that - the application using the drivers has to be given access. When you have to give Physical Memory access to every game, media player and even applications like IE then this drives a rather large potential hole through PG's security.
     
  4. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hello,

    Quote:
    Originally Posted by Rico
    Also I really don't understand fully this thread, other than there's a problem with PG & NVIDIA getting along.

    Problem = lots of applications needing Physical Memory Access to work (PG will report/block repeated access attempts in its log). Physical Access can however allow malware to disable PG. If you need more details, please post in that thread.

    Does anyone know if NVIDIAs current (3/17/2006) version of forceware 84.21 cause this problem with either PG 3.2 or the current PG beta?

    Note: My current Forceware is ver. 77.76 & does not have the above mentioned problem.

    Thanks
    rico
     
  5. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys

    I just left a message with NVIDIA's support, asking them to look in on this thread & to also look at post #1 link.

    Take Care
    rico
     
  6. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Rico

    You know what they say, If it not broken don't fix it. :)

    Take Care,
    TheQuest :cool:
     
  7. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi All,

    TheQuest -
    This was suggested to resolve some issues with video capture VHS to DVD.

    I uninstalled NVIDIA Forceware ver 77.76 & installed the current driver 84.21. So far only one "Physical Memory" request has come up, in PG ver 3.2. And that was for my screensaver plusdavn.scr I allowed it the physical memory. Not sure if this is the right thing to do, PG prior to 84.21 was quite happy with my screen saver. Stay tuned, I'll update.

    Take Care
    rico
     
  8. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi

    Today - I tried to do an Ewido (free) scan, & got a request from PG 3.2 for "Physical Memory" - I did not allow. Previously with NVIDIA Forceware driver 77.76 PG did not ask for Physical Mem, when I scanned with Ewido.

    Thats two apps. now requesting Physical Mem., since NVIDIA 84.21!

    Stay tuned
    rico
     
  9. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi

    The list grows #3, where PG 3.2 requests "Physical Memory" for an application, which previously did not require it. The culprit which makes PG ask about Physical memory is NVIDIA Forceware driver greater than 77.76, I'm geeting this behavior from Forceware 84.21. See pic:

    Summary of apps (so far) where Pg asks "Allow Phys. Memory" & nothings changed except the NVIDIA driver:

    1. plusdavn.scr from Microsoft Plus a screensaver
    2. Ewido
    3. Itunes

    In case DiamondCS reads this be sure to see post #3 also!
     

    Attached Files:

    Last edited: May 23, 2006
  10. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Lets make the list longer!

    Summary of apps (so far) where Pg asks "Allow Phys. Memory" & nothings changed except the NVIDIA driver:

    1. plusdavn.scr from Microsoft Plus a screensaver
    2. Ewido
    3. Itunes
    4. MS Word from Office 2002
     

    Attached Files:

    • word.jpg
      word.jpg
      File size:
      86.7 KB
      Views:
      333
  11. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    The problem is that in order for PG to 'fix' this issue with the new Nvidia driver it would either ...
    1 - have to allow all instances where the previous mode was kernel mode (ie. kernel mode code called the function). This would mean that if another security driver that uses this method is installed above the Phys. Mem protection (ie. gets called before PG) then PGs version will effectivly be disabled (it came from kernel so it must be ok). What if the kernel code calling PG's Phys. Mem protection does not provide security? Also, it is questionable at this stage if it is possible to recognize who requested access (is it the user mode program, or maybe a driver it is using) as is the case with the nvidia drivers
    or 2 - provide another layer of protection to a point that has never been done before. For example, tracing the call stack back to the usermode program (possibly alerting on all modules on the way up) to provide accurate protection (just because the caller is trusted, doesn't mean its caller is trusted).
     
  12. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hello Wayne, Thanks for the timely response. Your post is clear as mud to me. But if I here you correctly, your saying the problem with PG is NVIDIAs fault. If this is correct perhaps DiamondCS could make NVIDIA aware of the issue. Collaboration between (at least notification) DiamondCS & NVIDIA may resolve the issue, after all the problem did not exist in Forceware 77.76 & only starts showing up in the 80's ver.

    What is your suggestion (hopefully temporary work around) in order to maintain PG's integrity:

    a) uninstall Forceware 84.21 & go back to the PG friendly 77.76 ver.?
    b) allow all requests for physical memory?
    c) ignore all requests for physical memory?
    d) buy a new video card, not NVIDIA driver dependent?

    As stated previously an individual users complaint regarding another application does not get the attention of NVIDIA. If you would like a copy of there email response to this issue, I will be happy to provide it to you. I guess this becomes a cautionary notice/thread for PG owners considering a new NVIDIA based video card.

    Thanks
    rico
     
  13. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I think Wayne is saying this is an issue that at this time has no resolution that is feasibly viable. I don't envy DiamondCS in trying to fix this issue which appears to have been very unexpected. PG would have to be called before anything else in kernal mode which would be great but I would think very difficult to do. (I don't really know though as I am just a user so take my comments in this light). I think trying to set up another layer of protection would also be quite difficult and inject all sorts of potential problems.

    I have the latest nVidia card on my new computer (7800 GTX). I also have an nVidia mobo. I wouldn't dream of having any other video card as this is the best there is! I also use the latest nVidia drivers and I had to enable everything just about for physical memory access. I haven't tried the latest beta as I have been away for three weeks and just got back. But it appears to me that PG is not a good choice at present if one has an nVidia card.

    nVidia is not going to lift a finger to try and resolve this. Any nVidia user knows that.
     
  14. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    im not too paranoid, so like mele20, i would allow physical memory access to the necessary programs. of course, not all programs will break without memory access.

    if PG is more important to you, then revert to forceware v77.76 or get an ATI card :ouch: :gack:
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Sorry, but I am a little confused with this,...... nVidia drivers are now asking for memory access, what as this to do with PG. ProcessGuard is simply informing you of this, you accept or deny,.... accepting this memory access may well have the knock on effect of other apps asking for memory access, and you are informed of this by PG,.. again I ask,.. what as this to do with PG.
     
  16. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    You wouldn't be asking this if you had read the link given in the first post in this thread. Here is Gavin's response:

    "Hi Greg,

    It sounds like nVidia's "fault", probably just another optimization taking effect in the newer driver. I wouldn't be surprised if a few apps were faster under the new driver.

    This would put you between a rock and a hard place. If you allow Physical Memory access for all those programs, then yes they could compromise the system. Luckily you know the EXE itself doesn't change (or PG alerts you), so the real danger is plugin programs like IE which accepts BHO's.

    You may be able to deny some of the more dangerous ones such as IE if you even use it ?"

    This issue has everything to do with PG. This is a major dilemma for PG plus nVidia users and a huge headache for DiamondCS. My decision has been to drop the full version of PG entirely until the issue is resolved. I see little point in using PG currently except for the free version. I love PG but it is not compatible with the latest nVidia cards and drivers. It is as simple and profound as that. I also don't forsee a quick fix as a fix will be very difficult.
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    true, but PG could potentially provide a fix as pointed in post 11. until theres a fix from nvidia tho, PG users will either have to

    a) uninstall Forceware 84.21 & go back to the PG friendly 77.76 ver.
    b) allow all requests for physical memory
    c) ignore all requests for physical memory
    d) buy a new video card, not NVIDIA driver dependent

    the obvious answer is b) but not everyone wants to leave a hole in their security.
     
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    But what as PG got to do with a pgm requesting memory access?,..... I am still asking. PG cannot control if a pgm should ask for mem access, only if it should allow or not.

    EDIT
    could you show me where you got the:-
    This issue has everything to do with PG.........

    This was not in the reply from Gavin, or was this extension from yourself,
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    But isnt this a fix/workaround for the extension pgms, not the actual request from the nVidia drivers? nVidia will still request this,.. only nVidia can change to prevent this requested access.

    EDIT

    By the way,.. I use nVidia 6600 GT SLI graphics, but use manufacturers drivers (Asus). No memory access request
     
    Last edited: May 24, 2006
  20. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi

    Yes this does seem to be an NVIDIA problem. However it would be in DiamondCS best interest, to make NVIDIA aware of the problem & work with them to resolve. Regarding issues newer NVIDIA drivers pose for PG owners. Think of it this way suppose PG gets a write up in PC World magazine, the writer states PG's security is compromised when using some NVIDIA video drivers. Potential PG customers could be put off by such a remark & perhaps look elsewhere. DiamondCS in my opinion should be highly motivated to work with NVIDIA!

    Take Care
    rico
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi rico, this is not an issue regarding PG owners, it is just a fact that PG owners know of this due to the protection of PG.

    Security is only compromised if you allow this access, you cannot say it is PG fault if you are telling PG to allow this.

    Regards,
     
  22. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Again

    So suppose later on PG & NVIDIA resolve this issue, now I've said yes to "Physical Memory" for all those apps., that now,would not ask for it (Because they fixed it). Better make a list of applications requesting Phys. Mem. now with the bug, so it can be un-done!

    Take Care
    rico
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Comment only:..
    I would be very surprized if nVidia resolve anything with anybody.
    Having issues many times before with their chipset/firewall/graphic drivers, I would guess they will do as they do.
     
  24. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Since we are talking about graphics drivers, could this not be done (at least partially) by hooking DirectX/Direct3D functions? Then PG could have an option "Allow Physical Memory access for DirectX/3D calls" - though it would probably need another permission for individual applications to allow access to DirectX/3D in the first place. This would be more secure in that Phys Mem access would only be permitted during a DirectX/3D function call, as opposed to allowing an application unlimited Phys Mem access.
    The problem here is that not all programs "break" in an obvious way. Homeworld 2 for example, with 8x.xx drivers and Physical Memory access blocked, will run v-e-r-y slowly - unless you kept a sharp eye on PG's logs, you would have no reason to suspect that this was a PG-Nvidia driver conflict.
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Just a question, would this not go in the direction as :-
    I only understand windows internals to a limited degree (but learning)
     
Thread Status:
Not open for further replies.