• Serinus@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    47
    ·
    5 months ago

    I don’t think you understand how code works. What are you worried about it doing, and why does it need admin permissions to do that?

    “Kernel” anticheat isn’t really any more dangerous than any other executable you run on Windows. Code from untrusted devs isn’t safe whether it has admin or not. Games made by small devs are much more dangerous than anything put out directly by Riot or Valve.

    There’s a lot of hullabaloo that’s seeded and encouraged by those who make money on botting and cheats. It’s kind of valid, but it’s not a larger risk than installing pubg or among us or any other small game.

    If you really want to be secure, you have to separate your gaming and personal machines, at least the OS and drives.

    The Windows limitation might even make it more secure in that way, if you’re willing to limit Windows to games and use Linux for personal stuff. Even then, keeping drives isolated is difficult.

    • CileTheSane@lemmy.ca
      link
      fedilink
      English
      arrow-up
      70
      arrow-down
      1
      ·
      5 months ago

      “Kernel” anticheat isn’t really any more dangerous than any other executable you run on Windows. Code from untrusted devs isn’t safe whether it has admin or not. Games made by small devs are much more dangerous than anything put out directly by Riot or Valve.

      Remember when Sony automatically installed a rootkit on customers’ computers if they put in their legally purchased music CD to listen to, that was a security vulnerability that hackers quickly found and exploited? Pepperidge farm remembers.

      Incompetence is just as dangerous as malice, and big companies have shown they don’t bother to take the care needed to protect your device.

      • Pika@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        26
        ·
        5 months ago

        I’ve seen this posted before, this is the first time I’ve actually read the whole thing. I knew what it was, and what it did, but I never knew about the “uninstaller” part of it.

        The fact that they doubled down and made an uninstaller for it that didn’t actually uninstall it and ADDED ANOTHER root kit + a backdoor to the system, blows my mind.

    • Fushuan [he/him]@lemm.ee
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      1
      ·
      5 months ago

      I don’t think YOU understand how code works. Having a program that you can’t verify being run as the highest priority level in your system is a stupid idea. You don’t know how secure it is or if it has vulnerabilities because again, it’s not open source. They are not even security experts, they are a game development company (which will hire security experts, sure, but the main focus not being security is important) and riot is not know for having a super robust game.

      Do you really trust them to release a program that can’t be hacked into, which then would give the hacker a way to elevate privileges into the highest security level? Even if you trust them not to harvest and sell private data, you have to also trust them to make an unhackable program.

      • Serinus@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        15
        ·
        5 months ago

        Yeah, I trust Riot and Valve more than I trust Sony or the developers of Lethal Company or Among Us. Even with higher privs than those other companies get.

        Because if PubG is compromised, I’m just as vulnerable as I am if Riot is compromised.

        I get the technical difference, but when you combine it with practicality, it doesn’t make much difference on one hand. On the other, it does remove cheaters from my games.

        If I cared that much I’d have ALL my games on a separate OS anyway. Maybe I will at some point.

        • Nibodhika@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          ·
          5 months ago

          What are you talking about!? It makes all of the difference. I know a game can’t break my system, I know a game can’t erase files I keep under root user, I know a game can’t write outside of a very limited set of folders my user has write permissions, the moment you allow games to run on root all of these go out the window.

          On the other, it does remove cheaters from my games.

          Sure, because games that do this have no cheaters… What bubble do you live under? Do you think that games like Dota or CS have more cheaters than Ghost of Tsushima? Literally games that have a competitive scene which is so big that’s televised in sports channels don’t need root access, but a co-op map on a game does!?

          And that’s without getting into the fact that client side anti-cheat is a losing battle, you could even have full control of the hardware and software and still wouldn’t be 100% secure.

          • Serinus@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            8
            ·
            5 months ago

            a very limited set of folders my user has write permissions

            On Windows?

            files I keep under root user

            On Windows? That’s not common practice.

            a game can’t break my system

            Is this like how you can’t get viruses without granting root?

            • Fushuan [he/him]@lemm.ee
              link
              fedilink
              English
              arrow-up
              8
              ·
              edit-2
              5 months ago

              Without root/admin access, on windows programs can’t write in several important folders. By root user they meant program files, system 32 and all those “system files”, which, surprise, are root files.

              A hacked kernel level program can modify system files and set up a keylogger that doesn’t even register on the program monitor, and it can send your information and you wouldn’t even notice it without monitoring your outbound packets, so you won’t.

              Any other program would ask you admin/root access and if that’s weird behaviour you can deny it and investigate, kernel level programs have it by default so if they have an exploitable vulnerability, you are fucked by default. It’s a huge difference and the fact that you are not acknowledging it makes me feel like you really don’t understand how code works.

              Also, don’t put riot and valve in the same bag. PLEASE.

              • Serinus@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                9
                ·
                5 months ago

                I guess you’re right as long as you don’t mind sharing your entire My Documents folder to the world.

            • Nibodhika@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              1
              ·
              5 months ago

              No, on Linux, like the Steam Deck that OP mentioned. Windows was never mentioned here until you brought it up, and even there you’re wrong, kernel level anti-cheat doesn’t have the same level of access than any random game, even on Windows. Even Windows, with it’s janky security measures, has some level of containment around users, even on Windows regular users can’t edit system files or other users files, even on Windows a virus without root has a lot less access than a virus you give root access, and by having an interface that allows games to gain root access you’ve given viruses a new path to privesc. I recommend you read some more on cyber security and programming before saying something like “userspace == kernel level”, because that’s the same as someone attempting to discuss astrophysics with people who have masters on it while claiming the earth is flat. There’s a whole field of study into how security can be compromised to go from userspace to kernel level, handwaving it away because you think your user’s documents are the important part of a system is reductive at best and malicious at worst.

                • Nibodhika@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  5 months ago

                  Yes, an example of which is someone pointing at a game not working on Linux and someone else ignoring the Linux part and attacking the argument as if it were on Windows. And doing a poor attempt at that, because even on Windows kernel level anti-cheat is invasive and leaves to privesc possibilities.