Steam Deck @sopuli.xyz Fubarberry @sopuli.xyz 4mo ago

Microsoft looking to restrict kernel level access after CrowdStrike incident might help us with our current Anti-Cheat dilemma

www.theverge.com Microsoft calls for Windows changes and resilience after CrowdStrike outage

Microsoft drops subtle hints about the future direction of Windows security.

Kernel anti-cheat systems are currently the bane of Linux/Steam Deck gaming, haven't actually proven to be effective at stopping cheaters (see Valorant for an example), and lead to various security concerns from giving 3rd parties full access to your machine to being used to install ransomware and malware.

Windows tried to restrict kernel access years ago, but backed down under pressure from various companies. However Crowdstrike's outages have shown the sever consequences of leaving kernel access open, and we might finally see kernel access to be cut off.

Linux Gaming @lemmy.ml mudle @lemmy.ml 4mo ago

Microsoft looking to restrict kernel level access after CrowdStrike incident might help us with our current Anti-Cheat dilemma

www.theverge.com /2024/7/26/24206719/microsoft-windows-changes-crowdstrike-kernel-driver

Windows @sopuli.xyz Nemeski @lemm.ee 4mo ago

Microsoft calls for Windows changes and resilience after CrowdStrike outage

www.theverge.com /2024/7/26/24206719/microsoft-windows-changes-crowdstrike-kernel-driver

33 comments

what kills me is we Solved Cheating in the 90s and early 00s. It's called dedicated servers. People would buy a game someone would setup a server and if you were a dick or cheat you would get kicked and each sever was like a community just like it is here.

But the companies want control they want to be able to shut download the game on their timetable and get you to buy the next game. A tool or system is never going to fix this people and breaking communities into manageable chunks can.

Hell back in the day servers were hacked on purpose to create new types of games. Anyone remember CS Surfing and Sniper only maps in TFC.

the point is people can hack away break the game beyond recognition but they can do that off in their own space.

Now I know that breaks global leader boards and other ego driven things but I'm just talking about having fun with games.
- Those were the days for sure. Dedicated servers were fantastic, you'd often run across the same people in the same server as well and get to know folks. A community, like you said.
  
  yeah remember heat.net?
- I mean we have entire genres only because people back in the day modded the shit out of game servers. Team fortress and DotA were both mods before becoming actual games.
- I remember those days, but this was before Microtransactions and battlepasses.
  
  Back then when you bought a game it was complete and you owned it...
- There was global leader boards way back in the day. I think it was called the Quake World League, it was one that would count Counter-Strike. I am not 100% but I think it used gamespy to do much of its work. I remember when it showed millions of people active and I was able to reach a top 20 in Counter-Strike one week. I was able to break the top 100 many times before it changed.
  
  yeah you're right so it was eventually better than I remembered back then
MS had this implemented originally in NT4 then started allowing more drivers direct access for performance.

They tried again with VISTA but McAfee and Symantec cried to the EU and forced MS to back down.

Apparently apple got away with implementing it however.
- Apple implemented a kernel API for security software and made it good enough that they forced their own tools to use the API.
  
  MS’s own tools depended on kernel access but they tried locking out 3rd party vendors without building a replacement like Apple did.
  
  McAfee and Symantec correctly pointed out how this would be using monopolist powers to block competitors.
  
  Microsoft needs to shut up and do the work to make their kernel secure.
  
  Apple implemented a kernel API for security software and made it good enough that they forced their own tools to use the API.
  
  I haven't looked at the Security API in depth but I have looked at the iOS APIs.. Apple gets away with their own apps having MUCH MUCH deeper access than what they give 3rd parties.. I would be SHOCKED if their kernel API is all they use in their own tools.
  
  Microsoft needs to shut up and do the work to make their kernel secure.
  
  The EU ruling is very broad however, if it has just been security tools YES MS could have just built out the APIs and used them for defender, but the EU ruling makes it so open we have wonderful video game anti cheat and DRM drivers from all sorts of providers playing around in driver / kernel space.
- Apple got away with implementing it
  
  I have no idea either way - floating a question.
  
  Did apple previously allow kernel access and then restrict it again? It seems the specific issue with MS vs McAfee etc is due to originally being allowed access, but microsoft restricted it, affecting their products?
  
  Yes, System extensions on macOS Catalina 10.15 or later allow software https://developer.apple.com/support/kernel-extensions/
If stopping any and all cheating 100% perfectly and forever is your only metric on “stopping cheating.” Then you have a distorted view on the effectiveness of current anti-cheat tools.
- I mean Valorant has a lot of cheaters, it doesn't really seem like kernel anti-cheat has been more effective than other forms of anti-cheat. There's also an increasing number of hardware peripherals that offer cheating assistance, and these can't be detected by kernel anti-cheat because the cheating happens on separate hardware.
  
  My point is that kernel anti-cheat has major privacy and security tradeoffs, which is a steep cost to pay. A steep cost is only worth it if it has a significant benefit to the users, and in practice it doesn't.
  
  Have you considered that the reason cheaters have to go hardware level is because kernel level anti-cheats are effective at what they're supposed to do?
  
  I'll also ask this question, what do you are the alternative solutions to client side anticheats?
- go look at some forums for cheating, and you will see that they really do not work very well. it may be a cat and mouse game, but there is constant reverse engineering work and development being done (some of which is even paid work for paid cheats), and there is pretty much always a solution for new anticheat measures that someone finds.
  
  the only unbeatable anticheat is a server side one
  
  Server side is beatable too.
  
  My point is anti cheat will never be perfect, and you just rattled off a bunch of text to say that.
  
  Anti-cheat efforts do make an impact on the pervasiveness and culture of cheating, general hacking and griefing.
- Client side anti-cheat is inherently flawed. These games are asking an untrusted computer whether it is cheating. That's like asking a known liar whether they're lying at that moment. The one way to make it harder for the computer to "lie" is by increasing the permissions the AC has, which comes at the cost of privacy for people with the game, and security for every Windows user (not just the ones with a certain game installed).
  
  Client side anti-cheat can be poked and investigated locally, with no restrictions. All it takes a skilled enough cheater is time, and they will bypass it. The only way to test server side anti-cheat is by hopping in the game, trying to learn how it works, and trying to bypass it. That is a much more time consuming and expensive process.
I read dilemma as diarrhea and didn't think much of it...
if they build a proper API for it, wouldn't we be in the same place as now ?
Finally windows get some kind of improvement after going downhill so much.
roblox on linux?

33 comments