Now that Stop Killing Games is actually being taken seriously - maybe we need to take a look at Stop Fucking Around In Our Kernels

I haven’t really been personally affected by it before - I don’t play any competitive multiplayer games at all. But my wife had her brother over, and he’s significantly younger than us. So he wanted to play FortNite and GTA V, knowing I have a gaming PC. FortNite is immediately out of the question, it’ll never work on my computer. Okay, so I got GTA V running and it was fun for a while, but it turns out all of those really cool cars only exist in Online. But oh look, now they’ve added BattlEye and I can no longer get online.

While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot), it’s really not. Even if I wanted to install Windows ever again, I do NOT want random 3rd party kernel modules in there. Anyone remember the whole CrowdStrike fiasco? I do NOT want to wake up to my computer not booting up because some idiot decided to push a shitty update to their kernel module that makes the kernel itself shit the bed. And while Microsoft fucks up plenty, at least they’re a corporation with a reputation to uphold, and I believe they even have a QA team or 2. CrowdStrike was unheard of outside of the corporate world before the ordeal and tbh nobody has ever heard of it afterwards again.

So I think this would be a good angle to push. That we should be careful about what code runs in our OS kernels, for security and stability reasons. Obviously it’d be impossible to just blanket ban 3rd party kernel modules to any OS. However, maybe here in the EU at least we could get them to consider a rule that any software that includes a component running in the OS kernel, MUST justify how that part is necessary for the software to function in the best possible way for the user of the computer the software is running on. E.g I expect a hardware driver to have a kernel module, and I can see how security software needs to have a kernel module, but I do NOT see how a video game needs to have an anti cheat with a kernel module. How does that benefit me, the customer paying to be able to play said video game?

  • atrielienz@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 hours ago

    Anti-viruses flag a lot of things. It is called a False Positive (or sometimes a “Someone didn’t pay us for an exception” Positive but…). It has nothing to do with something hooking into a kernel or just being a program you run in userspace.<<

    Aalayman who doesn’t know why the program was flagged and doesnt necessarily know the name of the Anti-cheat program or just hits delete all (which is probably thousands and thousands of people), you’re telling me you wouldn’t be extremely upset if a game you spent $60+ on suddenly wouldn’t start or your account go auto banned because the anti-cheat software has been deleted by an antivirus program by mistake?

    Genshin Impact’s anti-cheat was literally used to stop anti-virus programs running on people’s computers and mass deploy ransomware,

    I assume you are referring to https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html<<

    You don’t have to assume. I linked the article.

    Which… I’ll just raise you https://www.polygon.com/22898895/dark-souls-pvp-exploit-multiplayer-servers-remote-code-execution which allows for ridiculously dangerous RCEs without needing any kernel level hooks at all. So…<<

    You have failed once again to establish what this has to do with the original complaint, which is that kernel level anti-cheat allowed this security breach vector. And it has everything to do with the quoted text just below this from one of my previous comments:

    and the gaming industry as a whole is extremely lax about the security of their users.<<

    . I choose not to spend my money at companies that enable this kind of crap in their games.

    I mean this in the most inflammatory and blunt way imaginable:

    Nobody gives a shit about you. Nobody gives a shit about me either.

    We are two people. We don’t fucking matter. What matters is the people who play every single Riot game ever made for thousands of hours each. THEY spend money.<<

    This doesn’t explain regulating industries. It doesn’t explain why so many companies (including game development companies) spend so much money lobbying for the right to be free of regulations that should be covered by privacy law but aren’t because these companies don’t want that. And if you can’t see the correlation here then you’re a bit far gone because if they can lobby so can we. It has to start somewhere.

    Like I said before: it is about accepting risk. Knowingly or unknowingly, it doesn’t matter any more than telling your parents that you must have gotten a virus from that pokemon cheat code rather than the hardcore pornography that came in exe form for some reason.

    You don’t want to compromise your security more than you already do. Cool. Most people playing these games are fine with that if it reduces the odds that they have their free time ruined for them by aimbots and wallhacks. And… clearly there is merit to this approach if studios are willing to pay for it.<<

    I would argue that the vast majority don’t know. People like to act like gamers are in some way really tech savvy and they just know all the ins and outs of all that goes into the game and what is installed on their system. But the opposite is true for most people. They buy a game or program from a source they don’t have a reason to distrust and they install it and give it whatever permissions it asks for. This is the main reason I’m arguing that people absolutely should be educated and they won’t get that education from game developers because for the most part those devs prefer it this way.

    Because, at the end of the day? We’ve been through this. Back then it was DRM. DRM was bad and DRM was horrible and EVERYONE had a super obscure russian (?) cd rom drive that Starforce would brick. And the same arguments of “ideologically this is bad and it could ruin things for a very small percentage of people” came up. And the answer was always “I refuse to buy anything”

    And… everyone else DID buy things. The genuinely bad shit like starforce went away in favor of activation model DRMs (which continues to this day) but also… alternatives were actually presented. Steam is basically a variation of GOO (which is also basically what GoG does) but Steam has the added benefit of people being scared shitless of getting caught by Uncle Gabe and having their account taken away.<<

    People bought things with DRM because they didn’t know. And DRM was a significant thing even before the internet was a widespread thing which is why once it got it’s foothold it kept it. The average consumer didn’t know and wasn’t intending to pirate anything so they didn’t care.

    And that is what we need here. Not asinine requests for politicians who understand nothing to solve this for us. We need actual alternatives that work better AND are less invasive.<<

    Why is it asinine to tell the government I want a public industry regulated to protect my right to privacy? Because that’s what it comes down to. It’s my right to not just privacy but security of information. This would never be a question if a company were requesting it but when people do it it’s somehow problematic?

    As an aside: I increasingly notice that you say very inflammatory things based on a misunderstanding or misconception of the thing you are criticizing. That is a bad habit in general but it is a REALLY bad thing when it comes to cybersecurity (which this basically is). Because it gives you a false sense of security when you think you are following best practices but are actually spewing nonsense and ignoring all your other risk vectors.<<

    Education wasn’t your goal as far as I can tell because you’re extremely combative. You make a lot of statements that you don’t back up with anything. You assume a level of knowledge that you probably shouldn’t. And you get upset when the other person doesn’t understand, completely ignore their questions and points in favor of whatever crusade you happen to be on, and then double-down while ignoring the clarifying questions they ask.

    There’s not going to be a discussion between devs and consumers if we don’t educate people on what’s going on. That’s literally what we’re talking about. And you seem to assume that I’m just adverse to that without taking into account that I think we should have both things. We as consumers should have open dialog with the industries that rely on us to buy products. But we should also very much expect that our government that we pay taxes to regulates industries accordingly.

    Because we’ve had so many data breaches in every industry but the ones in gaming have been pretty abundant and that’s not okay. You seem to want to act like nothing is connected to anything else and that’s a good way to go through life without getting anything done and with a giant target painted on your back.

    I can’t assume that every consumer is like me. You shouldn’t either. And just because they got rid of other DRM that you view as worse doesn’t mean that we’re in the clear.