The one implication that I (the author) should highlight for the extra paranoid - this exploit extends to ISP's and cloud vendors that traffic is routed through. Anywhere in the trace route can MITM. It depends on how much you trust those parties.
tried in some communities of gamedev to talk about security but i gave up. i think the main sentiment is not to care at all. so many games have or had trivial exploits. enabling mass cheating, harasment of other players (DOS) and more nefarious stuff. for people whwo think the mitm wont affect them... thats a silly stance. people hack home routers on massive scales. (another domain who doesnt seem to give shits about security)
Their's a really good argument for having a "gaming" os, Windows, and a serious OS , Linux on the same computer.
If League of Legends needs super admin mode, it's no longer my computer. I'm sharing it with Tencent. I can't trust them ( specifically a disgruntled employee) to not install key loggers and other really nasty things.
This is essentially my Windows box. I use it for gaming, and RDP in from one of my other computers (all of which run GNU/Linux), when I need to run a Windows program away from the house.
I treat it as though there's a random russian dude watching my every move through RDP keylogging all my inputs (and for how many one-off cracked programs have been installed on there over the years, it's not impossible).
I can't imagine keeping my password manager and primary accounts logged-in on the same computer I have rootkits like Riot Anticheat and technical disasters like Marvel Rivals installed on.
> Their's a really good argument for having a "gaming" os, Windows, and a serious OS , Linux on the same computer.
This is a terrible idea if you think this will keep you secure. Windows provides direct access to update motherboard firmware and CPU microcode/management engine.
dònt need to jump into bios/uefi, but a) secureboot is often off, so uefi app or driver will do.. its not hard. theres ways around sb too if needed. b) ppl dont use FDE or use a broken one. so u can just mount the disk of the other os.. c) can find a lot of other places to hop between oses on a system which have glaring holes.
saw the latest m microcode update debacle. rip my ryzen cpu hah :')
u can allow linux to do it, u can also not allow it.. depends on what u allow really :'). tho, ofc vuls exist and ppl might yet find a way. also u can edit ur kernel etc. to stop certain features. disalow kmods being loaded etc. etc. its not as easy to find holes on a properly configured system as windows. tho its quite hard to do a proper config especially if u want to do gaming and want wine to run etc.
Firstly that a game developers main concern is getting their product functional, keeping that way, and that they can make money on it to make the whole endeavour worthwhile. There's already a lot of game releases where it comes across getting their idea working out the door is a lot higher up the list than the 'details' and attention to working great on the PC platform. Then that gamers will come in a wide range of skill/knowledge levels for their PCs, from those that treat them as glorified consoles to others that know every detail of their workstation.
Dual booting adds more admin and complexity, and in a way it's admitting that the trust level in software is so low your OS can't sandbox things out, that stuff you're running is taking liberties or just enough effort to fulfill its task, and you're going to the extent of running a console in a separate partition but running it is mutually exclusive with the serious OS. I'd guess a lot of people who felt strong enough would just have 'serious OS' be another device, most likely a phone but alternatively laptop, which would seem to marginalize what they use the windows install for.
The data breach Disney had last year is reported to be caused by downloading a malicious mod in a work computer, which then fetched the Slack credentials and downloaded everything available. Many a cryptocurrency wallet is emptied out with similar attack vectors.
We might have better computer security than with Windows 95, but the level of isolation we need to have a semblance of security is very rare and it's very easy for people to slip.
It's the endgame of cheats. If it's not supreme over all programs, you can cheat by chaining things when it isn't looking or before the anitcheat starts. By running a service from startup with maximal privilege, they can prevent cheats at the expense of running a service from startup as low at maximal privilege.
Arguably they could have already gotten all sensitive user data without that privilege if their program was hacked
I have a Windows partition that I haven't booted into for ages. Originally I would first try to run a game on Linux, and fallback to Windows if it has problems. Some live service AAA games are still impossible to run on Linux due to anticheat, but it's otherwise a pretty good time for Linux gaming in the era of the Steam Deck.
this is also a good argument. the anti cheat is impossible to implement in usermode, but you can hardly trust developerd with kernel mode drivers that trace all things.
im not sure if a gaming os would help there.
it would be helpful if OSes wouldnt allow things like malicious drivers but this is an extremely hard problem in light of people loading known vulnerable drivers and exploiting those...
you could argue that a lot of drivers could live in ring 1 or 2 rather than ring0, but that no OS implements.
working on an OS to try and think of solutions to this types of issues, but u know... if u can wait like 40 years maybe it will be done (and likely it will be vulnerable in different ways :(( )
custom hardware is nice, like a ps5 or something, but this is usually built up from somewhat known component. a lot of hardware is not too bad, but the software has the main issues. i dont see gaming companies develop custom security hardened hardware quickly due to extreme costs related in making very advanced and fast chips.
ultimately a combination would be best, hardware tailored to be secure and allow secure software to be developed for it, but the same can be said for phones and pc's etc .
most modern cpus have quite a lot of hardware security features which are often not ideally implemented or not used. they also offer features that can allow software to enhance security, bit that is also rare.
for example you _could_ use certain extended cpu registers to allow for taint tracking etc, but this likely kills game performance, and is not even done for trivial applications despite being proven to mitigate entire classes of vulnerabilities. (its quite complicated to implement too as the hardware isnt taking into account such features for such purposes)
Separate computers. Windows gaming PC on a VLAN that can only access the internet, and nothing else on your network. This should really be the standard for home networks today.
>If League of Legends needs super admin mode, it's no longer my computer. I'm sharing it with Tencent. I can't trust them ( specifically a disgruntled employee) to not install key loggers and other really nasty things.
