Now that Stop Killing Games is actually being taken seriously - maybe we need to take a look at Stop Fucking Around In Our Kernels

I haven’t really been personally affected by it before - I don’t play any competitive multiplayer games at all. But my wife had her brother over, and he’s significantly younger than us. So he wanted to play FortNite and GTA V, knowing I have a gaming PC. FortNite is immediately out of the question, it’ll never work on my computer. Okay, so I got GTA V running and it was fun for a while, but it turns out all of those really cool cars only exist in Online. But oh look, now they’ve added BattlEye and I can no longer get online.

While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot), it’s really not. Even if I wanted to install Windows ever again, I do NOT want random 3rd party kernel modules in there. Anyone remember the whole CrowdStrike fiasco? I do NOT want to wake up to my computer not booting up because some idiot decided to push a shitty update to their kernel module that makes the kernel itself shit the bed. And while Microsoft fucks up plenty, at least they’re a corporation with a reputation to uphold, and I believe they even have a QA team or 2. CrowdStrike was unheard of outside of the corporate world before the ordeal and tbh nobody has ever heard of it afterwards again.

So I think this would be a good angle to push. That we should be careful about what code runs in our OS kernels, for security and stability reasons. Obviously it’d be impossible to just blanket ban 3rd party kernel modules to any OS. However, maybe here in the EU at least we could get them to consider a rule that any software that includes a component running in the OS kernel, MUST justify how that part is necessary for the software to function in the best possible way for the user of the computer the software is running on. E.g I expect a hardware driver to have a kernel module, and I can see how security software needs to have a kernel module, but I do NOT see how a video game needs to have an anti cheat with a kernel module. How does that benefit me, the customer paying to be able to play said video game?

  • Passerby6497@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    7 days ago

    That’s the thing, you’re never going to catch everything. But anything important can be sanity checked by the server when the client checks in, all without opening a vulnerability in your customers’ systems.

    So much kernel level anticheat is about offloading the processing power to the customer, and unreasonable desires for control over the systems involved and overall game environment (and probably a decent amount of data mining).

    • ampersandrew@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 days ago

      A lot of cheats send completely legitimate information back to the server, and that’s what they’re seeking to stop with the client side implementation; I don’t think it has anything to do with costs. I haven’t heard of any data mining happening, and surely someone would have caught it with wire shark by now, but there are enough things that we know for sure about kernel level anti cheats to make it offensive.

    • NuXCOM_90Percent@lemmy.zip
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      7 days ago

      That’s the thing, you’re never going to catch everything

      The problem is that the things that aren’t caught? People don’t say “Ugh. Easy Anti-Cheat suck”. they say “Ugh, fucking Battlefield is un fucking playable. BOYCOTT IT!!!”

      There are alternative methods that may be even more effective (I personally think this is a genuinely great use case for “AI” to detect things like tracking players through walls and head snapping). They also have drawbacks (training and inference would get real expensive real fast since it needs to be fairly game specific).

      Whereas kernel level bullshit? It clearly works well enough that the people who have the data (devs and publishers) are willing to pay for it.

      And if it reduces the risk of a particularly bad exploit hurting the reputation of the game and tanking it harder than Concord?

      Which is why “fighting back” is so difficult. We, as players, are asking for the devs/publishers to trust us. But we have also demonstrated, at every fucking step, that we won’t extend even an iota of trust back and will instead watch thousands of hours of video essays on why this game sucks because of a bad beta.