Nvidia nForce 4 "Active Armor" Firewall Damages File Downloads

If files are downloaded by a FTP server and the Nvidia Firewall of the nForce 4 chipset (Active Armor) is active, the files are transferred partly damaged to the local harddrive. As german c't magazine could prove on mainboards of different manufacturers, with both the Intel and the AMD version of the nForce 4 chipset, the driver for the firewall showed problems with FTP connections.

The file transfer protocol (FTP) is often used for the download of larger files as for example software packages. A speciality of FTP is the separation between data and control connection, which requires a special treatment within the firewall software. It seems that mainly the active and less the passive mode is concerned. In tests, files of different size were corrupted starting from 10 KByte. As soon as the firewall, which comes with the current nForce drivers for Windows XP, is active, mutilated data lands on the harddrive sporadically. The file size remains unchanged thereby, a MD5 checksum however indicates the damage. Other protocols such as HTTP or the Windows networking (CIFS / SMB) do not seem to be concerned.

The problem arises only with chips that have the Active Armor Secure Networking engine, which is the naming convention Nvidia calls its support for firewall in hardware. Thus only the Ultra and SLI versions of the nForce 4 chipsets are concerned. Nvidia meanwhile recognized the problem and wants to implement a fix with its next driver release, which is to come within a month.