I find it interesting that in their "Should I panic" section, they miss one of the biggest panic-inducing points for me: That a program running in ring 0 has some form of internet access.
They don't go into detail here about how far this goes, but I wouldn't be at all surprised to hear that it is directly sending and receiving data from the internet. That is such a bad idea for obvious reasons.
Why would they do that? They don't need to send the data through the kernel, they can just IPC it to the process and use the existing telemetry stack.
Also, what gives you panic here? What more damage can they do than running in user mode? They can already access all your files, steal all your cookies etc.
well because if an attack vector is found in their anti-cheat driver, attackers could use it to access memory space of other processes and not just user accessible files or launch a privileged process for keeping tab on your system.
They delegate to a userland process for most things and apparently have had multiple audits on this driver, according to what they've said about the same thing that they run in their game Valorant.
"Multiple audits" from Gus over in QA to Bob in accounting. Despite all of their assurances I can't help but to feel that it is only a matter of time until this is exploited.
I did a security audit last week, which was mostly the managers writing a runbook for weaseling out way out of trouble if a data breach happened. Actually looking at overall system architecture, the specific encryption services, etc was not a popular topic.
So are you accusing them of lying when they say they've had external security audits done, or are you commenting without any knowledge of the topic at hand?
Without external confirmation from the firms that did the audit and the details of them, you can trust riot's statements about audits no further than you can trust any of their other statements.
No, I'm pretty sure it's there because installing something that runs at ring 0 can do anything on your system. Look at all your internet traffic, files, make you go bald, etc.
Any sane security-minded person should slightly panic IMHO.
There are gaming consoles, or you can just not run their games, it's not like there aren't literally thousands to choose from. They're also just games, cheating is not a life or death thing, or it shouldn't be.
Alternatively, you could stream a game from a remote server like on Stadia. These anti-cheat systems are only for online games anyway, and you can let Google deal with their kernel driver.
"annoying" when dealing with graphics cards / passthrough if you're talking about virtualization and probably would not be allowed since the hypervisor would be a ring above the kernel module, effectively neutering it.
If you mean dual-boot, sure, that's a very reasonable solution as well. I just don't like to reboot often and would personally have a 2nd computer as it probably takes me an hour or more to go from "booted" to "productive"
Wow that's a shite article. It starts with "This post is kinda tech-heavy" and then never gets tech heavy.
The "I think I'm going to panic" section is super condescending. It obviously does give surveillance capabilities it didn't previously have: I could previously disallowed the user that was running a game from viewing a file, and Windows would respect that. The game might crash, but it would not have accessed the file.
They are being directly misleading in the article and trying to use technical terms to confuse people. Ick.
Yeah. I'd question the motivation of any explanation that obscures the "yes, it does enable all of those BadThings but we promise to do our best not to exploit them and here's why we can be trusted" truth of the matter.
That said, they're writing for multiple gun-jumpy audiences so I don't think they lose all of the benefit of the doubt here. Just that this isn't good enough at the moment/yet.
Here was Valve’s elevator pitch of the situation. If you click the link inside OP, you can crawl down the rabbit hole and literally see the code in question.
What concern do you have because the ethnicity and location of the company is in China?
How does that compare to American or five eyes countries, given what we know about those situations?
What makes, to you, one a higher threat than the other?
Edit: to be clear I'm trying to work out, as someone who is clearly OK contributing and participating in the Chinese economy (gotta get dat new iphone), why is my concern for the morality of the Chinese government in this exact instance higher than, say, the government I actually live under (UK) or their allies (US and the rest of 5 eyes)
The amount of autonomy and legal recourse of a private corporate entity in China compared to the United States. While the US does not have a great track record (Room 641A, National Security Letters, v-chip, putting export controls on strong encryption, etc) entities like the EFF and ACLU, plus corporate entities have successfully and repeatedly pushed back.
I am not an expert on Chinese corporate entities, but my anecdotal observations from working in companies with arms in China has been it's always a very careful process to not annoy the government, as it means losing everything with little recourse.
Edit: The implication is that, if the government of China, was exceptionally interested placing a backdoor in the software of a Tencent system, they may not be able to reasonably object. Where if the FBI came to Apple, (and we know they have) they can say no. [1]
> Where if the FBI came to Apple, (and we know they have) they can say no
I thought the point was they couldn't say no? Hence the warrant canaries and things like that. And the NSA hooking directly into Google's internal fibre etc etc.
To be clear I think your points are interesting from the perspective of "the chinese government is morally worse and I'm worried about those implications", I'm just trying to work out as someone who doesn't live there (but is clearly OK participating in their economy, I buy endless chinese goods) how that affects me concretely.
I'm going to side step the morality of the respective governments. I am a US Citizen, I have opinions, bias and an incomplete picture.
My point is, I think it is harder to de-tangle a Chinese corporation's objectives from China (the governments) objectives than say a corporation in the US or EU. There are stronger laws and separation of controls (on the books and in practice) in those regions.
Do I trust the US government? Not terribly. Do I trust the US government more than China as a US Citizen? Yes. Should you? I don't know.
Defending against nation state targeting as an individual may be an impossible task unless you follow in Richard Stallman's footsteps, in which case, the conversation about LoL installing a kernel driver in Windows is very much outside your concerns :)
The crux of capitalism, what will you compromise for revenue.
That's the point though, ownership and exposure to China's influence. Is Apple in a position where they can't say no to China? If not, should I trust their product?
Government mandated backdoors in retail software and usage of those backdoors is a more well known or suspected occurrence with the CPC government than, say, the Canadian government.
But that could just be a matter of publicity goals; of it benefiting China's goals for their citizens to know they are watching, and it not benefiting Western governments the same way.
I think it's natural (not necessarily rational) for people to be more skeptical of the goals of outside nations than of their own. Certainly, other nations with a very different and disliked form of government would engender more suspicion, however irrelevant that aspect may actually be.
> Government mandated backdoors in retail software and usage of those backdoors is a more well known or suspected occurrence with the CPC government than, say, the Canadian government.
So we know (right?) that the US government put backdoors in lots of parts of the backbone of the US internet they had access to that wasn't public knowledge, and that they have data sharing agreements with 5 eyes countries so that, for example, they can use their backdoors to send information about canadian citizens to canadian spy authorities without triggering various laws that would otherwise make that information illegal to obtain, and get the reverse in return.
Yeah, we do know that. Or a reasonable amount of information as to approximate 'know'. This specific topic is about the possible use of a very real potential backdoor in software that a company wants people to download, though.
Five-eyes exploiting infra and pressuring service providers to share info is not as germane to the discussion as the likelihood of the CPC interfering in software that can be argued to be well under their control.
Distrusting Google for their cooperation with government spying in no way precludes avoiding or criticizing Riot's software choices due to the risk and known behaviors of China's government.
> Five-eyes exploiting infra and pressuring service providers to share info is not as germane to the discussion as the likelihood of the CPC interfering in software that can be argued to be well under their control.
> Distrusting Google for their cooperation with government spying in no way precludes avoiding or criticizing Riot's software choices due to the risk and known behaviors of China's government.
Right, so you're saying here that Five Eyes' ability to hack infra isn't comparable to CPC's ability to put backdoors in software? I.e. that while you acknowledge that infra might be compromised, in terms of a collection of bits executing on your computer you trust that software generated by a US company isn't compromised (or is less likely or whatever) compared to software generated by a Chinese company?
It has nothing to do with ethnicity and everything to do with jurisdiction.
There is obviously more transparency when companies must comply with American or British courts vs the Chinese government. At the same time, all three show very little regard for the privacy of their citizens, and seem to have no problem paying off or breaking into domestic industry to gain information or exert control.
For your case in this exact instance, the Chinese government has no disincentives I can think of from pwning your computer through this kernel driver, besides that it is obviously way more effort than you are probably worth, so you probably don't have to worry about it.
Alternatively, were your own government to pwn your computer through this kernel driver, it is possible you could seek legal recourse. Was legal recourse not possible, you could go to the press, who would (I think? I'm not from the UK) be free to print your story.
So yeah, I think its pretty obvious installing a kernel driver from a company under Chinese jurisdiction is less safe than one from a company under American or UK jurisdiction.
Prejudice is an interesting thing. I read your post without blinking. It took a second to sink in.
You seem to object to two separate things: 1) the majority owner is scummy; 2) the majority owner is Chinese.
For many people these equate to the same thing. But you have broken them out. So perhaps you don't think all Chinese are scummy. What then is your objection to non-scummy Chinese? Also, would you be ok if it was majority-owned scummy Swedish company?
I think your statement as it stands builds prejudice (unintentionally, I hope) against Chinese simply for being Chinese. I can think of a number of characteristics that bother me about some "Chinese" companies. But they aren't really about the geography. They would apply equally to non-Chinese and could be remedied by any company that exhibited those characteristcs. Thus, I think it would be helpful to list specific objections rather than blanket with "Chinese".
For instance, I'm generally reluctant to online order from a "Chinese" webfront because it takes so long to ship. But for some time now, that critism applies equally to Amazon because they have tried to compete with AliExpress, Banggood, etc. by flooding me with direct-from-China merchandise. It takes just as long to reach me whether I order through Amazon or from Banggood. And Banggood is cheaper. For the exact same product from the exact same source.
By listing my exact complaint, I can warn any Chinese or non-Chinese companies exactly which behaviors I find objectionable. They may not be willing to change being Canadian or French or Texan, but they might be willing to work on my true objection.
You might argue that Chinese companies often don't have a choice on some objectionable matter. But it is a lot easier to push back on their government with, "Such-and-such is a specific business-killer. Don't force this" instead of "Being Chinese is a specific business-killer. Don't force this." And it also sends the message you want to USA, Iran, Venezuela, Poland, etc. companies at the same time.
I'd really rather this sort of thing came directly from Microsoft. They're not perfect, but I definitely trust them more than Riot to not create a bunch of security vulnerabilities or spy on all my active processes. Plus, if people are signing kernel extensions who shouldn't be, isn't that a concern for Microsoft in and of itself?
Microsoft also releases games on Windows, though, and also has the cheater problem in them.
It is still odd that in all their gaming pushes on windows with things like the Windows 10 Game Mode ( https://support.microsoft.com/en-us/help/4028293/windows-usi... ) that they haven't just made this a "thing" yet. Have a flag or some way for an application to signal that they want their memory actually restricted. You'd at least stop all user-mode cheats overnight, and can also attempt to impose restrictions on kernel-mode drivers. Or let a game know if there's unsigned drivers installed, and let the game segment off that user population.
But I guess they won't do anything about this until someone's kernel-level driver anti-cheat becomes a PR disaster for Microsoft. The same way they didn't do anything about anti-virus protection out of the box until McAfee & Norton went off the deep end and contributed to the constant perception of Window's horrible slowness.
I wonder how this will play our on the OS X version of LoL. Apple straight killed that Zoom webserver awhile back with an OS update. I wonder if they make a similar move here against Kernel Level anti cheat? Assuming you even pull it off on OS X.
Doubtful. Apple has generally been ratcheting up restrictions on kernel extensions [1] -- currently, kernel extensions must be signed with a developer certificate that has explicit entitlements for kernel extensions, and must be explicitly approved by the user in security settings. [2] A normal Apple developer certificate is not sufficient to sign a kernel extension, and Apple has signalled that they intend to end all support for loadable kernel extensions in the future.
They named this blog post after a component of Unix/Linux (/dev/null); ironically, it doesn't look like their games will ever be available for macOS or Linux, especially when they're doing something like this.
Its an expression for binning something rather than a technical component. However if you want to argue technicalities /dev/null is not a thing on linux either unless you have a posix distro, which comes with windows.
When SR-IOV becomes mainstream do you think it would be a good idea to start virtualising every game in its in sandbox? So each game runs in its own VM and doesn’t have access to the host?
Their most popular game (League of Legends) used to be somewhat playable on Linux through WINE, but that was never officially supported. They've banned Linux users on multiple occasions due to false positives in bot/cheat detection (e.g. [1], [2]), and rolling out this anti-cheat driver is likely to make Linux play completely impossible.
I came to the same conclusion. The tone is incredibly condescending, and there's very little technical substance to the article. (As mjg59 pointed out [1], the Wikipedia infographic they used -- without attribution! -- even implies that drivers run in Ring 1 or 2, which is only true if you're running OS/2.)
https://news.ycombinator.com/item?id=22230168