| ▲ | Valve removes free game from Steam after players discover it contains malware(pcguide.com) |
| 64 points by gpi 2 hours ago | 49 comments |
| |
|
| ▲ | malkia 22 minutes ago | parent | next [-] |
| There is a game - Beyond The Darkness - released few weeks before the name change "Beyond the Darkness" was released on Nov 14 2024 -
https://store.steampowered.com/app/1728610/Beyond_The_Darkne... "Beyond the Dark" (the malware) was released (ahem, renamed) on Dec 28 2024 |
|
| ▲ | galad87 an hour ago | parent | prev | next [-] |
| Games are an almost perfect type of software to be run in a sandbox. The question is, why aren't they already run in a sandbox? |
| |
| ▲ | ux266478 38 minutes ago | parent | next [-] | | SteamOS leverages namespaces via pressure-vessel already. The problem exists exclusively on Windows. Paravirtualized drivers introduce API incompatibility issues and decades of cumulative engine infrastructure made for Windows using the Win32 API means nobody wants to swap over to using UWP and thus AppContainers are a non-starter (and that's without getting to sacrificing Wine/Proton compatibility). The native isolation mechanisms like silos are things that require wrangling by professional sysadmins, I didn't even know they existed until I started writing this post. The real question to be asking is why is sandboxing so bad on Windows? Despite some searching, I still have no conclusive answer as to how to go about filesystem isolation in Win32-space, or if it's even possible. | | |
| ▲ | malkia 19 minutes ago | parent [-] | | Sandboxing is quite easy (user-wise), once you install the sandbox system. By default it allows only a single sandbox, and with small `.wsb` file you can drive what's visible from the host, whether the GPU should be active, etc. - https://learn.microsoft.com/en-us/windows/security/applicati... It's great for testing, and Sandbox is just the tip of the iceberg of what Windows Containers support - e.g. maybe someone can come up with "launcher" that goes through it (somehow). |
| |
| ▲ | allthetime 6 minutes ago | parent | prev | next [-] | | They often are on macOS now. https://developer.apple.com/documentation/security/accessing... | |
| ▲ | Aerroon 31 minutes ago | parent | prev | next [-] | | They are? Games need pretty much all the performance they can possibly get. Can you sandbox them without having a performance impact? Consider that people pay a $300 premium to get ~10% better performance (buying an RTX 5080 instead of a 5070 Ti). Personally I know that sometimes closing the web browser in the background makes my game run better - that web browser doesn't even interact with the game! Would a sandbox have a smaller impact? | | |
| ▲ | blueg3 4 minutes ago | parent [-] | | It certainly could. Buying a better GPU improves your graphics performance and that's basically unrelated to the area where a sandbox impacts performance. Killing your web browser is probably just lowering memory pressure? Sandboxes add overhead to syscalls. It's kind of similar to running under Wine, which also adds significant syscalls overhead. Wine also has a much more impactful DirectX translation layer, so your sandbox performance would be probably be much better than the Wine performance. |
| |
| ▲ | pjc50 38 minutes ago | parent | prev | next [-] | | PC games tend to be the reverse: they demand control over the machine, in order to try to detect or prevent being run alongside various forms of cheating software. They also need low-latency access to the GPU, which I suspect is a fertile vector for privilege escape exploits. | | |
| ▲ | blueg3 29 minutes ago | parent [-] | | Only a relatively small (but popular) subset of games use anticheat. Most games -- including the one in this article -- could theoretically run in a sandbox. |
| |
| ▲ | 1bpp an hour ago | parent | prev | next [-] | | Every Xbox game runs in a HyperV container, maybe it's not a crazy idea for PC | |
| ▲ | wao0uuno an hour ago | parent | prev | next [-] | | Running games on Linux via Proton provides some isolation. It’s not technically a proper sandbox though. | | |
| ▲ | parasense an hour ago | parent | next [-] | | Proton is just emulation, and it will happily expose the underlying host system to the running game software. In particular the filesystem and some peripheral devices. However, Valve is moving towards sandboxing in Steam. You can already run the whole thing with a flatpak sandbox, and valve themselves are using ostree. With srvio is possible to run the whole thing in a throwaway windows vm while the graphics card is passed through | | |
| ▲ | sophrosyne42 30 minutes ago | parent [-] | | This is why it was foolish to give a new name to it. It was originally called Wine Is Not an Emulator. |
| |
| ▲ | q3k 43 minutes ago | parent | prev | next [-] | | You can just use Linux syscalls from an .exe executed by Wine. There is no sandboxing. https://gist.github.com/q3k/e5952111283ea59ee78a7699919a055b | |
| ▲ | SuperNinKenDo an hour ago | parent | prev [-] | | Anything that wants to traverse your filesystem could do so trivially from a wineprefix, but stuff like sniffing your browser extensions might be harder depending on the technique. |
| |
| ▲ | sph 20 minutes ago | parent | prev | next [-] | | I run Proton in Steam flatpak, as well as itch.io from flatpak. That is reasonable enough isolation for my use case. | |
| ▲ | blitzar 22 minutes ago | parent | prev | next [-] | | Is this not just an artifact of windows not sandboxing anything meaningfully and that itself is an artifact of punch cards? | |
| ▲ | nubinetwork an hour ago | parent | prev | next [-] | | Some anti piracy is already a sandbox. | |
| ▲ | SuperNinKenDo an hour ago | parent | prev [-] | | I've formally studied gamedev, but haven't done anything in over a decade, but even before you get to the thorny issue of anti-cheat sustems, games rely on running at a(n often very) low level and doing unconventional things. I imagine they're one of the hardest things there are to sandbox without causing massive levels of breakage. But someone more knowledgeable about either side of the equation (sandboxing and/or game development) might be able to shed more light. |
|
|
| ▲ | cassianoleal 2 hours ago | parent | prev | next [-] |
| What about all the other games with malware, like Denuvo and similar? |
| |
| ▲ | giancarlostoro an hour ago | parent | next [-] | | I recommend installing Linux. If it wont play on Linux even with Proton, you shouldn't give them a single penny. | | |
| ▲ | freedomben 25 minutes ago | parent [-] | | I agree, although I've made exceptions for a very small number of games with Denuvo (actually, just Hogwarts Legacy, which in hindsight I'm glad I did even though it still hurts my soul a bit) and they can run on Linux (I have nothing else but Linux). It's mostly kernel-level anti-cheat that won't run from what I've read. | | |
| ▲ | giancarlostoro 10 minutes ago | parent [-] | | If it plays on Linux I don't personally care if its got Denuvo, its isolated by Proton, so not really a big deal. I do think its really pointless, because none of these tools ever truly stop game cheating. |
|
| |
| ▲ | nekzn an hour ago | parent | prev [-] | | "drm is malware" is so 2005. | | |
| ▲ | 4chandaily 32 minutes ago | parent | next [-] | | "We have to stop the nazis" is so 1940s. "Congress is engaged in a witch hunt" is so 1950s. "Civil rights should be applied to everyone" is so 1960s. "Fossil Fuels are destroying the plant" is so 1970s. "Unregulated free trade is dangerous" is so 1980s. "The police are out of control and unduly target minorities" is so 1990s. Something being old doesn't make it less relevant or important. It means we need to say it louder, because for some reason the point hasn't been made clearly enough yet. | | | |
| ▲ | freedomben 23 minutes ago | parent | prev | next [-] | | Every day there are new people coming online and/or of age who weren't aware or even alive in 2005. They too need to know that DRM is malware. | |
| ▲ | wanzg an hour ago | parent | prev | next [-] | | "rootkits are malware" is in fact eternal. | | |
| ▲ | blueg3 27 minutes ago | parent [-] | | Usually when people complain about Denuvo, they're talking about Denuvo Anti-Tamper, which (perhaps surprisingly) is not a rootkit. |
| |
| ▲ | mschuster91 37 minutes ago | parent | prev | next [-] | | Well, Riot Games just today (!) admitted to hard-bricking cheating hardware [1]. This kind of stuff definitely is malware, and your comment aged like milk. [1] https://videocardz.com/newz/riot-games-on-valorant-dma-cheat... | | |
| ▲ | nekzn 18 minutes ago | parent [-] | | You are confusing drm with anti cheats. In any case, good for Riot, and good especially for their players! | | |
| ▲ | john_strinlai 16 minutes ago | parent [-] | | anti-cheat is not perfect. they will brick a legitimate user's pc. that is the opposite of "good for their players". and even if someone is cheating on a riot game, bricking their pc is obviously fucked, and will end up biting riot in the ass (i.e. not good for riot, either). |
|
| |
| ▲ | _imnothere an hour ago | parent | prev [-] | | A saying being old doesn’t make it invalid anyway. What’s your point? | | |
| ▲ | nekzn 25 minutes ago | parent [-] | | My point is that this saying is the tritest of the trite, and therefore not worth being posted. |
|
|
|
|
| ▲ | embedding-shape 41 minutes ago | parent | prev | next [-] |
| > What’s interesting is that while the game itself often crashed during launch, the malicious software continued running quietly in the background. Wonder how much longer it could have remain undetected if it actually fired up a shovelware game that could run properly, things like crashing probably gave it away way faster than it could've. |
|
| ▲ | Frieren 2 hours ago | parent | prev | next [-] |
| > However, someone reportedly hijacked the developer’s Steam account and quickly transformed it into Beyond The Dark – changing its name, screenshots, and other store details. As Steam does not fully verify every patch made to a game, the modified version was reportedly able to go live without raising immediate red flags. It is interesting that it seems to easier to take over a legit game than trying to create a new one. I have seen this with youtube channels, inactive during a long period of time and suddenly showing mostly scams. Or the original owner became a criminal, or more probably were taken over criminals. > The malware allegedly searched for cryptocurrency wallet browser extensions, including MetaMask, before connecting to external servers and downloading additional tools. These tools were reportedly capable of stealing browser information, passwords, and cryptocurrency wallet data. Cryptocurrencies are the most insecure currency that we have even invented. It is paradoxical that is being marketed as actually safe. |
|
| ▲ | ChoGGi an hour ago | parent | prev | next [-] |
| Huh. There is the occasional paid game on steam that has a 100% off deal. Guess it's time to start being suspicion of those as well. I'm thinking of the scenario where the original devs sell the game rights off since sales are bottomed out. |
| |
| ▲ | zamadatix an hour ago | parent [-] | | The best place to put malware is wherever people don't think they need to be suspicious of the software they run. Free games, paid games, supply chain - it doesn't really matter so long as they think they can trust it blindly. |
|
|
| ▲ | gorgmah 2 hours ago | parent | prev | next [-] |
| This is bound to become more and more pervasive, with supply chain attacks happening extremely frequently now. My cooleagues and me almost got caught in the latest Shai-Hulud attack due to some tanstack packages. Noone is safe now. |
| |
| ▲ | qskousen an hour ago | parent [-] | | Not sure if it was a typo or not but "colleagues" is a great word, I'm going to start using it. |
|
|
| ▲ | 2OEH8eoCRo0 an hour ago | parent | prev | next [-] |
| Surprised this or malicious games and updates hasn't happened sooner. |
| |
|
| ▲ | dude250711 an hour ago | parent | prev | next [-] |
| I am starting to think that perhaps their fee is not entirely justified. |
|
| ▲ | herpdyderp 2 hours ago | parent | prev [-] |
| And yet games like Subnautica 2 do similar things and nobody stops them because it’s in the EULA. |
| |
| ▲ | therealunreal an hour ago | parent | next [-] | | What does Subnautica 2 have? | | |
| ▲ | john_strinlai 19 minutes ago | parent [-] | | i assume they are referring to denuvo. and, while denuvo and other drm for games is indeed awful, i find it silly to equate it with cryptocurrency stealing malware. |
| |
| ▲ | Cthulhu_ an hour ago | parent | prev | next [-] | | Exactly because it's known - malware is only considered malware if you install it without knowing about it. But if you know about it you have a choice not to buy / install it, like with games like Subnautica 2. | |
| ▲ | butvacuum an hour ago | parent | prev [-] | | Next up in Kim's ChatGPT History: "How to buy sockpuppets?" | | |
| ▲ | skinfaxi an hour ago | parent [-] | | Not for nothing but have we all forgotten the sony rootkit? Actually, that would be a perfect front. Start a game company backed by a nation state, put in rootkit anti-cheat, profit. |
|
|
