nVidia Active Armor

[Adcadet]

Does anybody have experience with the nVidia Active Armor Firewall?
Link: http://www.nvidia.com/object/feature_activearmor.html

It's a kind of firewall that is built into my network hardware on my Asus P5N-E SLI motherboard. I initially installed it, then disabled it because I didn't think it was doing anything, but then noticed that apache.exe was running which I tracked down as being part of the firewall. Will this firewall add anything worthwhile beyond the Windows Firewall? Will I see any performance hit?

 

[Sol]

My only experience was with an earlier version of it. Used it for about 10 minutes and then turned it off and removed all traces of it from my PC... Massive performance hit, no idea if it was doing any good, couldn't have been worth it though.

 

[Will Rickards]

I had problems with either that corrupting my network traffic or the nvida ethernet port being bad. If I used it, it seemed to randomly scramble downloads. A binary comparison revealed all the data was there but not in the correct order. I switched to using the other network port which isn't nvidia's and then uninstalled the activefirewall.

 

[ddrueding]

Same. I installed it once, lost any sort of useful network connection, and removed the whole thing. Not needed.

 

[sechs]

It's a piece of crap. There are plenty of complaint threads around the 'net about it.

 

[LiamC]

It's a piece of crap. There are plenty of complaint threads around the 'net about it.

What sechs said. That's my understanding as well. And every reference I've read says that ActiveArmor corrupts downloads.

Yet another instance of NVIDIA being crap. VIA had a bad reputation five or six years ago, but NVIDIA seems to have inherited it. They have a lot of "check box" items on there products--Firewall, IDE accelerators, HD Content playback in hardware etc, but none of them actually work...

 

[ddrueding]

None of them actually work, but the base product is fine. This is unlike VIA used to be and AOL still is. There is/was no way to get the functionality you actually wanted. There is/was no way to opt-out of bells and whistles that didn't work; or the basic functionality didn't work well/at all.

 

[LiamC]

Cool. I'll sell you a car that does 127mpg, has 400bhp and seats seven in comfort with class leading active and passive safety features*

 

[LiamC]

* May not actually have any of these features, but is is a car**

 

[LiamC]

** well, we use that term rather loosely as well.

See what I mean?

 

[sechs]

None of them actually work, but the base product is fine. This is unlike VIA used to be and AOL still is. There is/was no way to get the functionality you actually wanted. There is/was no way to opt-out of bells and whistles that didn't work; or the basic functionality didn't work well/at all.

If you can figure out how to let me turn this damn nVidia "firewall" off in the BIOS and still have the ethernet install in any operating system correctly, let me know.

 

[ddrueding]

I don't make any changes in the BIOS. When the OS first installs, and I install drivers for the first time, it asks me whether I would like to use their firewall. I answer with the obvious "hell no" and it never bothers me again. No corruption, no added latency.

 

[sechs]

The "firewall" runs in the hardware, the advantage of which is that you have "protection" from power-on. This means that, even though you don't install the software to control it, the "firewall" is still there.

I have an option in my BIOS to turn it off, but then I get no network.

 

[ddrueding]

All I can say is that when I installed their crap, it screwed my network connection. When I didn't install their crap, my network connection works fine. This includes many motherboards (most from Gigabyte) and many installs of XP and Server 2003.

 

[sechs]

You may have confused "screwed my network connection immediately" with "screwed my network connection later."

Even though I haven't installed all the "firewall" crap, I still have problems which others have attributed to the "firewall" features in the hardware. Generally, resetting my computer fixes these, but it's a step that I shouldn't have to take.

 

[ddrueding]

While I can't rule out any potential data corruption, my current primary system has not exhibited any issues, and I have a number of servers deployed that use the same chipset without issue.

I wonder if this "feature" is enabled when you first install the driver, and cannot be disabled? I seem to recall resetting the BIOS after making the mistake of installing it the first time.

 

[Sol]

I assumed I got rid of the problems by un-installing but ultimately I did end up chucking in a realtek based NIC and just disabling the on-board in the bios due to corruption issues (System just froze sometimes accessing SMB shares)...

I figure when in doubt NICs are ~$10-$20... Assuming you have a spare PCI slot.

 

[sechs]

In my case, resetting the BIOS certainly has not made any difference is the umpteen times that I have done it. I still randomly get networking issues.

I do keep a spare NIC around and have had to use it when the onboard was recalcitrant; but I don't like to pull my PCI-X bus down to 33MHz just to use it.

 

[Adcadet]

My experience with Active Armor seems to have been much more benign. I installed it, decided it wasn't really doing anything, and then disabled it. I then noticed two copies of apache.exe running all the time, and tracked it down to the Active Armor web-based config, which is rather nifty. I couldn't find a way to not start apache.exe, which I really don't want running all the time, but after uninstalling the nVidia network manager software through the add/remove applet, it no longer launched at boot.

 

[ddrueding]

Interesting. I don't think I ever disabled it before uninstalling, I guess it makes sense that this would be required to actually turn it off (if it really is hardware based).