Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
torginus 3 hours ago

All of this is beyond horrific.

Mucking about in the kernel basically bypasses the entire security and stability model of the OS. And this is not theoretical, people have been rooted through buggy anticheats software, where the game sent malicious calls to the kernel, and hijacked to anti cheat to gain root access.

Even in a more benign case, people often get 'gremlins', weird failures and BSOD due to some kernel apis being intercepted and overridden incorrectly.

The solution here is to establish root of trust from boot, and use the OSes sandboxing features (like Job Objects on NT and other stuff). Providing a secure execution environment is the OS developers' job.

Every sane approach to security relies on keeping the bad guys out, not mitigating the damage they can do once they're in.

exyi 2 hours ago | parent | next [-]

Every sane approach to security relies on checking you are doing permitted actions on the server, not locking down the client.

36 minutes ago | parent | next [-]
[deleted]
XorNot 2 hours ago | parent | prev [-]

Which isn't practical for multiplayer action games, so we end up here.

torginus an hour ago | parent [-]

This. Also the client knows more than its allowed to show the user, like the positions of enemy players. You can make aimbots and wallhacks without needing to tamper with the game state.

stavros 2 hours ago | parent | prev | next [-]

Are you saying that the solution here is to sell computers so locked down that no user can install anything other than verified software?

alkonaut an hour ago | parent | next [-]

That’s what I want as a gamer. I want a PC that works as a console. Whether I want that for other use cases or this machine doesn’t matter. I’m happy to sandbox _everything else_, boot into a specific OS to game etc.

The thing about gaming is that it’s not acceptable to leave 5% performance on the table whereas for other uses it usually is.

maccard an hour ago | parent | next [-]

Question for you - why don’t you buy a console? (I agree with you by the way, it’s why I have a ps5)

Fizz43 an hour ago | parent | prev [-]

Mid range hardware can run majority of games at high fps. You can easily leave performance on the table.

pta2002 2 hours ago | parent | prev | next [-]

That’s not really incompatible with this? That’s just how secure boot works. You can re-enlist keys for a different root of trust, or disable it and accept the trade-off there.

charcircuit an hour ago | parent | prev | next [-]

The idea is that it would require a verified hypervisor, and verified operating system for the game, but you could still at the same time be running an unverified operating system with unverified software. The trusted and untrusted software has to be properly sandboxed from one another. The computer does not need to be locked down so you can't run other hypervisors, it just would require that the anticheat can't prove that it's running on a trusted one when it isn't.

The security of PCs is still poor. Even if you had every available security feature right now it's not enough for the game to be safe. We still need to wait for PCs to catch up with the state of the art, then we have to wait 5+ years for devices to make it into the wild to have a big enough market share to make targeting them to be commercially viable.

torginus 2 hours ago | parent | prev [-]

No. I'm saying we should all drink the blood of babies to stay eternally youthful. You didn't read between the lines deeply enough.

2 hours ago | parent [-]
[deleted]
rl3 an hour ago | parent | prev [-]

>All of this is beyond horrific.

Hot take: It's also totally unnecessary. The entire arms race is stupid.

Proper anti-cheat needs to be 0% invasive to be effective; server-side analysis plus client-side with no special privileges.

The problem is laziness, lack of creativity and greed. Most publishers want to push games out the door as fast as possible, so they treat anti-cheat as a low-budget afterthought. That usually means reaching for generic solutions that are relatively easy to implement because they try to be as turn-key as possible.

This reductionist "Oh no! We have to lock down their access to video output and raw input! Therefore, no VMs or Linux for anyone!" is idiotic. Especially when it flies in the face of Valve's prevailing trend towards Linux as a proper gaming platform.

There's so many local-only, privacy-preserving anti-cheat approaches that can be done with both software and dirt cheap hardware peripherals. Of course, if anyone ever figures that out, publishers will probably twist it towards invasive harvesting of data.

I'd love to be playing Marathon right now, but Bungie just wholesale doesn't support Linux nor VMs. Cool. That's $40 they won't get from me, multiply by about 5-10x for my friends. Add in the negative reviews that are preventing the game's Steam rating from reaching Overwhelmingly Positive and the damage to sales is significant.