this post was submitted on 11 Apr 2024
294 points (97.4% liked)

Linux Gaming

15335 readers
3 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

Resources

WWW:

Discord:

IRC:

Matrix:

Telegram:

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] JimboDHimbo@lemmy.ca 7 points 7 months ago (1 children)

Dude... That's fucked. They should really go a little more in depth on rootkits in the CompTIA A+ study material. I mean, I get that it's supposed to be a foundational over view of most IT concepts, but it would have helped me not look dumb.

[–] Barbarian@sh.itjust.works 7 points 7 months ago* (last edited 7 months ago) (1 children)

Please don't walk away from this feeling dumb. Most IT professionals aren't aware of the scale of the issue outside of sysadmin and cybersecurity. I've met programmers who shrug at the most egregious vulnerabilities, and vendors who want us to put dangerous stuff on our servers. Security just isn't taken as seriously as it should be.

Unrelated, but I wish you the best of luck with your studies!

[–] JimboDHimbo@lemmy.ca 3 points 7 months ago* (last edited 7 months ago) (1 children)

Good morning! If anything this was a great example of not being able to know everything when it comes to IT and especially cybersecurity. Thank you for your well wishes! I earned my A+ last month and I'm currently working on a Google cybersec certificate, since it'll give me 30% off on the sec+ exam price. I really appreciate your insight on rootkits and it's definitely going in my notes!

[–] Barbarian@sh.itjust.works 4 points 7 months ago* (last edited 7 months ago) (2 children)

Glad to hear it!

Just as another thing to add to your notes, in ordinary circumstances, it's practically impossible for non-government actors to get rootkits on modern machines with the latest security patches (EDIT: I'm talking remotely. Physical access is a whole other thing). To work your way up from ring 3 (untrusted programs) all the way to ring 0 (kernel), you'd need to chain together multiple zero day vulnerabilities which take incredibly talented cybersec researchers years to discover, keep hidden and then exploit. And all that is basically one-use, because those vulnerabilities will be patched afterwards.

This is why anti-cheat rootkits are so dangerous. If you can exploit the anti-cheat software, you can skip all that incredibly difficult work and go straight to ring 0.

EDIT: Oh, and as an added note, generally speaking if you have physical access to the machine, you own the machine. There is no defence possible against somebody physically being able to plug a USB stick in and boot from whatever OS they want and bypass any defences they want.

[–] yggstyle@lemmy.world 2 points 7 months ago (1 children)

Cheers to the note as to why the anti-cheat is basically satan in software form. This is the real reason that riot isn't open to community discussion on this topic. It's indefensible... and if the userbase understood more they wouldn't have any users left.

[–] mitchty@lemmy.sdf.org 2 points 7 months ago

It’s the same reason stuff like antivirus is a huge vector for attack. It runs at elevated permissions generally and scans untrusted inputs by default. So it makes for a great target to pivot into a system. These anti cheat kernel modules are no different in their attack profile. And if anything them being there is a good reason to target them you have a user that has a higher end gpu so the hardware is a known quantity to be targeted.

[–] JimboDHimbo@lemmy.ca 2 points 7 months ago

Hell yes I'm adding this to my notes as well, thank you!