this post was submitted on 17 Jul 2024
544 points (97.1% liked)
Games
16807 readers
1040 users here now
Video game news oriented community. No NanoUFO is not a bot :)
Posts.
- News oriented content (general reviews, previews or retrospectives allowed).
- Broad discussion posts (preferably not only about a specific game).
- No humor/memes etc..
- No affiliate links
- No advertising.
- No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
- No self promotion.
- No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
- No politics.
Comments.
- No personal attacks.
- Obey instance rules.
- No low effort comments(one or two words, emoji etc..)
- Please use spoiler tags for spoilers.
My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.
Other communities:
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't think you understand how code works. What are you worried about it doing, and why does it need admin permissions to do that?
"Kernel" anticheat isn't really any more dangerous than any other executable you run on Windows. Code from untrusted devs isn't safe whether it has admin or not. Games made by small devs are much more dangerous than anything put out directly by Riot or Valve.
There's a lot of hullabaloo that's seeded and encouraged by those who make money on botting and cheats. It's kind of valid, but it's not a larger risk than installing pubg or among us or any other small game.
If you really want to be secure, you have to separate your gaming and personal machines, at least the OS and drives.
The Windows limitation might even make it more secure in that way, if you're willing to limit Windows to games and use Linux for personal stuff. Even then, keeping drives isolated is difficult.
Remember when Sony automatically installed a rootkit on customers' computers if they put in their legally purchased music CD to listen to, that was a security vulnerability that hackers quickly found and exploited? Pepperidge farm remembers.
Incompetence is just as dangerous as malice, and big companies have shown they don't bother to take the care needed to protect your device.
https://en.m.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
I've seen this posted before, this is the first time I've actually read the whole thing. I knew what it was, and what it did, but I never knew about the "uninstaller" part of it.
The fact that they doubled down and made an uninstaller for it that didn't actually uninstall it and ADDED ANOTHER root kit + a backdoor to the system, blows my mind.
I don't think YOU understand how code works. Having a program that you can't verify being run as the highest priority level in your system is a stupid idea. You don't know how secure it is or if it has vulnerabilities because again, it's not open source. They are not even security experts, they are a game development company (which will hire security experts, sure, but the main focus not being security is important) and riot is not know for having a super robust game.
Do you really trust them to release a program that can't be hacked into, which then would give the hacker a way to elevate privileges into the highest security level? Even if you trust them not to harvest and sell private data, you have to also trust them to make an unhackable program.
Yeah, I trust Riot and Valve more than I trust Sony or the developers of Lethal Company or Among Us. Even with higher privs than those other companies get.
Because if PubG is compromised, I'm just as vulnerable as I am if Riot is compromised.
I get the technical difference, but when you combine it with practicality, it doesn't make much difference on one hand. On the other, it does remove cheaters from my games.
If I cared that much I'd have ALL my games on a separate OS anyway. Maybe I will at some point.
What are you talking about!? It makes all of the difference. I know a game can't break my system, I know a game can't erase files I keep under root user, I know a game can't write outside of a very limited set of folders my user has write permissions, the moment you allow games to run on root all of these go out the window.
Sure, because games that do this have no cheaters.... What bubble do you live under? Do you think that games like Dota or CS have more cheaters than Ghost of Tsushima? Literally games that have a competitive scene which is so big that's televised in sports channels don't need root access, but a co-op map on a game does!?
And that's without getting into the fact that client side anti-cheat is a losing battle, you could even have full control of the hardware and software and still wouldn't be 100% secure.
On Windows?
On Windows? That's not common practice.
Is this like how you can't get viruses without granting root?
Without root/admin access, on windows programs can't write in several important folders. By root user they meant program files, system 32 and all those "system files", which, surprise, are root files.
A hacked kernel level program can modify system files and set up a keylogger that doesn't even register on the program monitor, and it can send your information and you wouldn't even notice it without monitoring your outbound packets, so you won't.
Any other program would ask you admin/root access and if that's weird behaviour you can deny it and investigate, kernel level programs have it by default so if they have an exploitable vulnerability, you are fucked by default. It's a huge difference and the fact that you are not acknowledging it makes me feel like you really don't understand how code works.
Also, don't put riot and valve in the same bag. PLEASE.
I guess you're right as long as you don't mind sharing your entire My Documents folder to the world.
No, on Linux, like the Steam Deck that OP mentioned. Windows was never mentioned here until you brought it up, and even there you're wrong, kernel level anti-cheat doesn't have the same level of access than any random game, even on Windows. Even Windows, with it's janky security measures, has some level of containment around users, even on Windows regular users can't edit system files or other users files, even on Windows a virus without root has a lot less access than a virus you give root access, and by having an interface that allows games to gain root access you've given viruses a new path to privesc. I recommend you read some more on cyber security and programming before saying something like "userspace == kernel level", because that's the same as someone attempting to discuss astrophysics with people who have masters on it while claiming the earth is flat. There's a whole field of study into how security can be compromised to go from userspace to kernel level, handwaving it away because you think your user's documents are the important part of a system is reductive at best and malicious at worst.
Do you know what a "strawman" argument is?
Yes, an example of which is someone pointing at a game not working on Linux and someone else ignoring the Linux part and attacking the argument as if it were on Windows. And doing a poor attempt at that, because even on Windows kernel level anti-cheat is invasive and leaves to privesc possibilities.