News AMD Confirms Its GPU Drivers Are Overclocking CPUs Without Asking

Toggle sidebar Toggle sidebar
Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.
 
  • Like
Reactions: Why_Me
JamesJones44 said:
Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.
Click to expand...
Which would only be a problem if a malicious actor managed to get AMD's private key that's used to sign the drivers. Otherwise, it's very hard to install an untrusted driver.
 
  • Like
Reactions: Deleted member 14196 and King_V
JamesJones44 said:
Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.
Click to expand...

if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded
 
Last edited:
JamesJones44 said:
Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.
Click to expand...
... and he'd what. Make the system crash? Unless one of the safety mechanisms is faulty the PC would freeze or shutdown. Phishing or ransomware is much more dangerous. CPU/mobo you can replace. Your life's savings... not so much.
 
I'm not managing my CPUs overclock and am having zero stability issues for the last year while updating Adrenaline each time, while using both an AMD processor and GPU.
 
wifiburger said:
if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded
Click to expand...
Even if this is true (and I have no idea if it is), I'm going to assume that the malicious software would need administrative privileges to do that. And if you have malware running with admin privileges then you're already screwed, regardless of whether it can modify BIOS settings.
 
wifiburger said:
if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded
Click to expand...

That's even worse, loading and calling a DLL at runtime is trivial, someone with no coding experience could do that with simple StackOverflow searches.
 
drea.drechsler said:
Except that's precisely what RyzenMaster was created to do. And as well the Radeon Settings app...and Nvidia's control panel...have been doing the same for GPU's for a long, long time.
Click to expand...
Ryzen Master didn't used to have the ability to change the actual BIOS. It would just run the overclock in Windows, similar to Afterburner.
It would take priority over the BIOS settings once Windows booted, but it couldn't change them.
 
How is it possible for an app running in Windows to have control over the BIOS? Windows itself should not be allowed that level of access to the hardware, and it is extremely troubling if it does. Your BIOS is embedded in the motherboard and runs independently of the OS, and it is very important for it to stay that way.

If a Windows app can make these changes, then what exactly is supposed to be stopping a virus from flashing itself permanently into the motherboard?
What is preventing Windows from, for example, forcing your motherboard to brick itself if you try to install linux? It should be fundamentally impossible for any OS to be allowed that level of control over your hardware.
 
Giroro said:
How is it possible for an app running in Windows to have control over the BIOS? Windows itself should not be allowed that level of access to the hardware, and it is extremely troubling if it does. Your BIOS is embedded in the motherboard and runs independently of the OS, and it is very important for it to stay that way.

If a Windows app can make these changes, then what exactly is supposed to be stopping a virus from flashing itself permanently into the motherboard?
What is preventing Windows from, for example, forcing your motherboard to brick itself if you try to install linux? It should be fundamentally impossible for any OS to be allowed that level of control over your hardware.
Click to expand...
Every OS allows you to directly update the firmware from it. I get occasional firmware updates for my laptop from ASUS through Windows update and firmware updates from Dell for my XPS 13 from Ubuntu's apt repo. You can't expect everyone to be able to update their firmware by sticking it on a thumb drive, going into the firmware settings, and updating from there. Especially in a corporate setting when people don't normally have access to the motherboard firmware and IT can't access the computer unless an OS is running. And you can't expect people to turn in their computers for a firmware update since that means downtime.

The only thing that's preventing something wrong from happening is it requires admin privileges to do this. Which you know, I hope you're not blindly clicking OK on the UAC prompt every time it comes up.

EDIT: Additionally digital signatures make it hard for people to spoof the firmware. This is why Microsoft has been pushing the TPM requirement hard. So even if you uploaded malicious firmware, if it doesn't have the right digital signature, the computer's going to fail to boot.

And hopefully there's a back-up on the motherboard it can fall back to.
 
Last edited:
  • Like
Reactions: TJ Hooker
Giroro said:
Ryzen Master didn't used to have the ability to change the actual BIOS. It would just run the overclock in Windows, similar to Afterburner.
It would take priority over the BIOS settings once Windows booted, but it couldn't change them.
Click to expand...
That's also what I thought made the original RM behavior so good too...if your OC demonstration went south it would ALWAYS restart in stock, "safe", settings because the BIOS wasn't changed.
 
drea.drechsler said:
LOL...Yes, I think many of us do! Pavlovian conditioning being what it is. That why it's gets to be increasingly worthless when more and more of what you do requires a UAC click-through.
Click to expand...
I wish Microsoft would update to what macOS and Linux do: require you to enter a password. Then it slows you down and you'll think why you're getting that prompt.

But running as a Standard User account does the trick just fine.
 
hotaru.hino said:
I wish Microsoft would update to what macOS and Linux do: require you to enter a password. Then it slows you down and you'll think why you're getting that prompt.

But running as a Standard User account does the trick just fine.
Click to expand...
I've tried running as a bog-standard User account... can't stand it. I realize I like fiddling with things too often. It's my machine, I know how to flatten the OS and fresh install if I go too far so I'll deal with it. I'm way more likely to just completely disable UAC than do that now.

I'd be a lot different about that if running a network server or shared machine with several user accounts who also use it.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom