Getting a Steam Deck has done wonders for my piece of mind. I don't need to worry if whatever games I'm installing are malicious, because the machine is airgapped from anything critical.
Ultimately, this is why we have consoles. We can have rootkits, or we can have cheating. Nobody has solved cheat prevention without rootkits. If you can, you’d make millions, if not billions. It’s not like the game creators want to have software on your system that has the potential to brick your system.
The real solution is games designed for playing with friends and treat all non-friend players as potentially malicious.
Early first-person shooter games had this figured out (small servers with 20-30 regular players, the server admin could choose to ban you), RTS games have this figured out, many MMOs have this figured out (interact with non-friends sometimes, but they have to 'join your party', etc.)
Playing with random strangers on the internet who may want to grief/destroy your game, be incredibly toxic, or cheat against you in general.. that's the cost of playing with random people in a completely public forum.
But people largely want matchmaking. They don't want to deal with having to find a server of like-minded players, they want to hop in a lobby with maybe a few friends, pick a map pool, and go.
Nah. Consoles were a decade late to the online gaming party, and online gaming on consoles (counting Xbox Live as the first concerted attempt) has only been around half as long as consoles as a product segment have existed.
Running games in a VM appliance or an immutable container type of environment could be neat. Or some kind of hardware device. Like a console on an expansion card that could enable a secure environment while still letting you use your hardware.
This is a false dichotomy. Genshin is single player. Some people play multiplayer only with friends. The only legit use for anti-cheat is competitive multiplayer with strangers.
Not sure if you're referencing it but there was a recent scandal where it was suspected someone playing against Magnus might have had a wireless butt plug to enable some cheating...
The sibling comment makes a point about anonymity, I find these discussions interesting in comparison with the only online competitive game I play these days. It's Tekken, and neither the current rendition nor the previous one had any real form of anti-cheat. For the current Tekken 8, supposedly some players have been banned after manual review from the company of replay data, which of course doesn't scale. But at the same time it doesn't really matter. Cheaters don't seem to be that prevalent, their ability to spoil the experience of a match is limited by the fact that matches are short, and people can spoil the experience in non-cheating ways like plugging, lag switching, using a weak computer, and for some sensitive players they'll get unreasonably upset by ki charging/teabagging/taunting/continuing an attack after KO. The status of the highest rank is also not that much -- the most status comes from performing well at the big in-person tournaments, where it's going to be harder to cheat and players are somewhat de-anonymized. If the positive incentives to cheat are minimized in the first place, you don't need so many negative incentives like rootkits.
(It always amazes me how custom controllers and even keyboards are allowed in fighting game tournaments, officially certain macros are banned and at least for Street Fighter certain modes of leverless controllers got banned, but it'd be hard to perfectly enforce. And it's been hilarious to see the increasing use of fake buttons or controller-hiding covers/jackets because it was assumed some players were able to see inputs out of their peripheral vision before they were registered in-game and adjust.)
Hmm, here’s a thought I’ve never had (but might be obvious to others).
Could I run windows as a VM guest under Linux and play Fortnite in that (with good GPU performance)? I don’t mind their rootkit running on some dedicated VM - I’ll just consider it my Fortnite unikernel.
(I’m also ok with the host OS being Windows or MacOS).
Running a VM gives the parent the ability to read/write arbitrary memory without [even rootkit] anticheat being able to detect, which can facilitate cheating, and therefore can earn you bans. The whole point of the rootkit is that the game can confirm that you don’t have any way to read/write arbitrary memory.
Isn't Windows running under a hyper-v hypervisor these days anyway?
In practice, I'd settle for a peer Windows OS, like the WSL2 kernel, with the rootkit seperate from my main work one. Can I run two copies of Windows simultaneously as peers?
If you've already put a piece of hardware into your computer made by nvidia, installing a kernel driver also made by nvidia does not increase your risk at all.
Installing some random anti-cheat kernel driver is not the same thing, at all.
But you are not installing a random anti-cheat kernel driver, you're installing anti-cheat kernel driver provided by a game you've already put on your computer. It's very much the same thing.
User space applications can't access hardware or physical memory. They can't bypass permissions enforced by the OS. None of that applies to hardware or kernel drivers.
> This isn’t giving us any surveillance capability we didn’t already have. If we cared about grandma’s secret recipe for the perfect Christmas casserole, we’d find no issue in obtaining it strictly from user-mode and then selling it to The Food Network. The purpose of this upgrade is to monitor system state for integrity (so we can trust our data) and to make it harder for cheaters to tamper with our games (so you can’t blame aimbots for personal failure).
Where did I say they are the same? We have a kernel-space thing (anti-cheat or gpu driver) and a user-space thing ((a game actually talks to both) that talks to a kernel-space thing.
I understood that you were making an analogy between installing a piece of hardware and its associated kernel driver with installing a game and its associated kernel anticheat.
When you install a hardware device you are trusting the manufacturer with full access to your machine, so installing a driver does not give them any more powers. You have already "unlocked the door".
When you install a game that runs on user space you are not trusting the vendor nearly as much as you are trusting a hardware manufacturer. Installing a kernel anti cheat is granting them a level of trust and access to your machine that they didn't have before.
> Most people do install Nvidia’s out‐of‐tree graphics driver
Most people that use Nvidia. I specifically don't buy Nvidia graphics cards or laptops that use them in my Linux computers because they're not in-tree.
- This is an abnormal case. Most hardware will work with in-tree drivers. Indeed, few vendors provide out-of-tree drivers for Linux.
- Nvidia is an established and reputable source. We aren't talking about some small hardware developer who doesn't have the resources to create secure drivers.
- Most Nvidia cards have in-tree drivers. There is a loss in performance, but the option usually exists.
It's a risk, but a very minor additional one - if you trust their hardware with direct access to your PCIe bus, you have already given them the metaphorical keys to the vault.
Can't wait to find out what China hid in Riot's Vanguard rootkit for all their games. It's 100% a conspiracy theory, but nobody can convince me it's perfectly clean, or if it is, that there isn't an easy way to add some power to it quietly.
China's national security assistance law came up in the TikTok hearings. There's no reason to believe that the CCP doesn't have the legal authority to compel Riot to push an update with a backdoor to a few select high value targets.
If it is written in C you can always introduce a buffer overflow or something similar by just adding a little bit of line noise here or there and nobody can prove it was deliberate.
The vanguard drivers are signed by Microsoft, the procedure for which includes a safety audit by Microsoft.
The driver is just what the developers say it is (as with all other anti-cheat). It provides an untempered interface for the userland anti-cheat to use to get info from the kernel. Because modern cheats tend to alter the output of kernel syscalls by running in the kernel themselves.
I really don't see why anyone needs to think it's anything more than that.
If Tencent needed to spy on you so badly there's no reason kernel anti-cheats need anything to do with it...
It says something about Microsoft when they OK a known harmful bootkit that expects your computer to act like an XBox with a fancy keyboard (but not too fancy), requests invasive changes to UEFI that have broken systems, and have an overall opacity that rivals an Arthur C. Clarke Monolith.
Drivers are generally not audited by Microsoft to be signed, you only need to register your EV cert to get it signed. Cheat developers have registered their own/gotten their hands on EV certificates to create a kernel driver cheats. Anti cheat like Battleeye also download anti cheat modules at runtime to obfuscate what they do.
MS usually don't bother with driver audit... They mostly rely on EV certificate to check driver dev is a proper legal entity.
If they audit properly, they should not let the Asus AuraSync driver certified at the first time. (basically opens PORT instruction to every userland app, unristricted)
The level of sophistication that can go into a hack when sponsored by a nation-state is incredible. Just remember Stuxnet all the way back in '06 or whatever it was. Tech was a lot less advanced nearly two decades ago. It's not right, imo, to leave your safety up to this process.
EAC and other kernel-level anticheat software will dynamically load and execute signed payloads at runtime. Does Vanguard do this? If so, does Microsoft check these payloads?
If I wanted to deploy a trojan horse then the last place I would try to hide it is in an anti-cheat driver that will without any doubt be exhaustively analysed by people attempting to bypass it.
There's a ton of gamers that like to figure out how the game itself works. There's a ton of them trying to figure out how anti cheats work, sometimes to cheat, but more often because they're curious, resourceful teenagers taking it as a challenge.
Oh, I know. That's how my career was started. I made invitational in CS: Source (CAL) and then sold cheats to pay for college. My first Real Job was through a teammate.
Far more would have accepted a RAT and been deprived money than expressed genuine interest. Some did... not many. Most wanted the acclaim without the effort.
But also there's parties there with a big interest in circumventing these securities, and have done so for decades. The new release of RDR for PC (shamefully asking $50 for a 14 year old game) was cracked within days, if not earlier, of its releae.
How much shit, and how does it compare to the risk profile of, say, not wearing a five points seat belt and motorcycling helmet while driving, or a bulletproof vest when going to school, or an N95 mask literally everywhere?
Security theorists are always ready to tell us about the horrifying risks of installing kernel-level code from a vendor, but can they actually quantify the likelihood times damage those billions of installations have inflicted on Joe Random's life?
And contrast them to other risks that we regularly take in the name of comfort and convenience?
Funny that you initially used "Joe Ransom" as your example name (before your edit), as that describes one of the possible situations our friend Joe can end up in: malware that encrypts all his data and asks for a ransom to get it back.
I'm not really that interested in chasing this, but a point I do want to make: it isn't just risk.
If you want to participate in a lot of these multiplayer games that place cheating far too highly, you can't use a hypervisor. You must have gaming device and computing device. They cannot be the same.
That's fine for most, but I consider it shit. VFIO makes it possible for a big computer to make a smaller gaming one. Ask me how I know.
My greater point is I don't care if I get cheated out of a finals match. I can actually speak from experience. I prefer autonomy over my devices. I kind of want to eat poop with them. A little.
What do you mean? They burned several high value 0days on a high value target. Why wouldn't China burn a high value backdoor on a target they deem valuable enough.
I mean, they're not rootkits. Rootkits are either to gain root access (thus the name) or to hide something from a user. Anticheats don't do either of these.
They expose a kernel API to allow games to verify the state of the system, and they're knowingly installed by the user.
I'm already counting down the days for eBPF to blow up in our face.
But admittedly, it's the cheapest way of gaining more capabilities and privileges than you need, thus it's here to stay.
That's not really possible as long as the kernel allows the loading of arbitrary user-provided modules. Because the cheater will certainly run the cheat that requires kernel mode. If it's run in kernel mode, the API call can be intercepted.
How does the anticheat then work? Corewars. It's a cat and mouse game between the cheat provider and the game developer.
One would need a secure base layer, where also the MS anti-cheat lives, and all drivers can only run in a layer between this base layer and userland. I think that's already done for most of the graphics stack.
On the other hand, I am not convinced I want a system where I cannot load arbitrary kernel mode code if I choose to do so.
Windows only loads arbitrary modules if you enable some debug mode no? If not they need to be signed. But not a big hoop for cheat developers, they can get an EV cert to sign their own cheat kernel module or abuse a vulnerable kernel module.
Riot games use theirs (Vanguard) to improve detection of cheating software. basically the idea is by being on from the moment the computer is booted up it can validate the environment better.
Here's a recent blog post by riot detailing their recent deployment of the system for league of legends, the biggest online multiplayer game in the world