Local root exploit in NVidia driver
Posted Oct 17, 2006 11:29 UTC (Tue) by hein.zelle
In reply to: Local root exploit in NVidia driver
Parent article: Local root exploit in NVidia driver
> Now there's no 100% effective defence against hackers (short of complete
> and permanent disconnection from the network), but this episode shows
> the insanity of installing closed source drivers on any system which
> ever has network access.
I'm sorry, but even though I am not happy with the closed nature of the nvidia drivers (being the owner of several of such cards) I think the above remark is a bit out of bounds.
Calling closed-source drivers on a system connected to the network "insanity" is rather overdone, I'd say. Apart from the fact that at least 80% percent of all computers ONLY run closed source drivers (which I suspect you indeed find insane :-), I don't see the big difference with other closed software. I'd like to see the count of LWN readers that don't have ANY closed source software on their machine, vs the amount of people that run google-earth, for instance. Why would a driver be any more dangerous than a piece of software that is used daily on the internet? I suspect the risk of getting your system broken into through a bug in a popular webbrowser is a lot higher than through a closed-source video driver.
I think the real issue is the fact that you have no control over bugfixes in closed-source software, be it a driver or something else. To many people that will not be acceptable, and to many others it will be as long as the manufacturer responds reasonably well to problems. From this article and the responses I'm neither convinced that NVidia is doing a very good job at it, nor that they are messing it up. It may be interesting to just ask them about it. I think it's only in NVidia's best interest to deal with the issue appropriately, and wouldn't be surprised if they became a bit more informative if told about the impression they've left behind.
to post comments)