this post was submitted on 22 Jul 2024

195 points (97.6% liked)

Asklemmy

43363 readers

1305 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

195

My brother claims that Vanguard for League can do the same to gaming PCs that install it as CrowdStrike did to businesses who installed that, is this true? Does Vanguard have as much access/power? (lemm.ee)

submitted 1 month ago by [email protected] to c/[email protected]

68 comments fedilink hide all child comments

(page 2) 20 comments

sorted by: hot top controversial new old

[–] [email protected] 53 points 1 month ago* (last edited 1 month ago) (2 children)

It's also potentially a infiltration vector for malicious activity.

Genshin impacts anti-cheat has been used to enable ransomware taking over windows computers, and you don't even need to have Genshin installed.

It was a danger to all windows users just by existing, because the ransomware just came with the genshin anti-cheat, which it would install on its own. Because it was a "verified" piece of software windows would just go "oh ok seems cool, go right ahead" and the ransomware would gain complete control of the system through the anti-cheat.

load more comments (2 replies)

[–] [email protected] 227 points 1 month ago (1 children)

Yup, kernel level "anti-cheat" is a rootkit spyware that "pinky swears" it's only spying for a good reason.

[–] [email protected] 84 points 1 month ago (2 children)

oops

load more comments (2 replies)

[–] [email protected] 104 points 1 month ago (4 children)

Yes, and I've seen it happening. Usually it doesn't instantly brick every PC, but it can sometimes brick certain PCs with specific configurations. Then it will be silently patched without acknowledgement for the bug.

I've seen it mess with (and crash) graphics and network drivers, rendering PCs useless until forced reboot. It can also mess up other games, processes, and even updates.

People have been warning gamers about kernel level anticheats since they were introduced, because no userland code should run with that level of privileges, period. However, people still installed those games not really understanding the threat, and that's why we have so many games with a kernel anticheat.

load more comments (4 replies)

[–] [email protected] 38 points 1 month ago (4 children)

Helldivers 2 does the same thing. If this continues it will be extremely advisable to move any non-gaming use-cases to a different computer as you have no idea what the "anti-cheat" is doing with that level of authority over your computer.

[–] [email protected] 26 points 1 month ago (4 children)

Or just dont buy those games.

load more comments (4 replies)

load more comments (3 replies)

[–] [email protected] 72 points 1 month ago (2 children)

Pro tip: don't install rootkits.

[–] [email protected] 21 points 1 month ago (1 children)

That unfortunately means, you can't play a lot of games. And for most people it's practically unknowable what the installer is doing, they don't expect a game to nuke their computer.

There needs to be accountability and a certain level of trust. Microsoft shouldn't allow kernel drivers for crap like anti cheat.

[–] [email protected] 14 points 1 month ago (1 children)

Yet another reason to use Linux. You don't have to know weather the installer comes with a root kit, the installer will just fail 😎

load more comments (1 replies)

[–] [email protected] 35 points 1 month ago (1 children)

I'm less worried about bugs causing boot loops with these kernel anti cheats and more worried about security holes.

I'm sure they test these things thoroughly though and take security extremely seriously.... right?

load more comments (1 replies)

[–] [email protected] -2 points 1 month ago (1 children)

In theory, yes. Vanguard uses ring 0 access; and Failures/crashes on the code that are running on that level will lead to BSOD.

In practice, Riot very likely tests Vanguard on various hardware as parts of their tests before shipping updates on it, as it's used by all players that play Lol and Valorant; and a fuckup like that would mess the trust they've built between the players. Players are trusting them to run ring 0 code on their computer, so they can have a cheatless experience after all.

[–] [email protected] 53 points 1 month ago (1 children)

In practice, CrowdStrike very likely tests Falcon on various hardware as parts of their tests before shipping updates on it, as it's used by a huge amount of enterprises; and a fuckup like that would mess the trust they've built with those enterprises. Enterprises are trusting them to run ring 0 code on their computer, so they can have a malware-less experience after all.

[–] [email protected] 8 points 1 month ago

Welp, they're a good example of what happens if they don't do proper testing.

[–] [email protected] 43 points 1 month ago

Yes, the key difference being that nobody’s playing Valorant on airport displays. Just yesterday I installed a new early access game for two accounts at home and discovered that it just wouldn’t work with the non-admin account because of anti-cheat. All of this is making me consider going back to running games under flatpak.

[–] [email protected] 127 points 1 month ago

Yes, works on the same layer.

[–] [email protected] 104 points 1 month ago (1 children)

Yup.

[–] [email protected] 76 points 1 month ago (1 children)

Yeah really not much else needed to be said here. What happened with Crowdstrike is exactly the sort of exploit Kernel Level Anti-Cheat in general has been critized for enabling on consumer hardware.

[–] [email protected] 25 points 1 month ago

And why most Linux users would rather not play these games than allow that garbage on our PCs.

load more comments