The engineering culture behind AAA video games is rotten to the core with regards to security. Everyone thinks they're making Doom 3 and they're really making Windows 2000 Service Pack 1.
TeMPOraL 11 hours ago [-]
The problem in big part stems from the business culture upstream. They're trying to produce a game, but what they're really after is e-sports money. They design multiplayer to be about organized pro play, which brings in all the cheating problems of professional sports, so they end up subjecting every player to e-sports-grade security like those anti-cheat systems, despite 99.9% of the player base not caring about pro play in the first place.
This is the worst possible combination: players are forced to accept first-party invasive rootkits that are disruptive and ineffective, while cheaters still cheat.
IMHO the only sensible solution is to separate out e-sports angle from the game itself. People who want to "go pro" would be free to subject themselves to anti-cheats and drinking verification cans and past some point might as well buy company-authorized computers to play on. Everyone else should just be allowed to play casually and enjoy the game without the anti-cheat nuisance (and a looming threat of false positive).
With main incentive for serious cheating separated out, non-pro players would only have to worry about griefers. Those are a problem too, but they can be dealt with by simpler and less invasive measures than a kernel-level rootkit.
As it is, AAA multiplayer games are basically like if FIFA was to micromanage Town Recreational Leagues and hold them to the World Cup standard, because cheating is a Big Deal so every kid needs to take regular blood tests before the match.
ThatMedicIsASpy 10 hours ago [-]
Nobody wants to play multiplayer (only) games with cheaters. It is that simple.
Esports money...? Micro transactions is the money. Publisher driven esports is advertising.
TeMPOraL 9 hours ago [-]
Microtransactions are a self-inflicted fuckup. They're like a zombie bite - once you add them in, your game will start to transform into a slot machine wearing the skin of a dead game, and there's fuck all anyone can do to stop it.
> Publisher driven esports is advertising.
Yes, of course. E-sports is advertising. All professional sports are advertising. That's what makes money. Sales of tickets, merch, guides, coverage, etc. A successful sport is a self-sustaining money printing machine. Now, traditional sports are "frozen in time" relative to business timescales; meanwhile, in e-sports, it's entirely possible for a company to introduce a new game and turn it into a worldwide phenomenon over a couple of years, and then keep getting a cut from aforementioned money printer for many more years still, all while trying to introduce a new game to keep the money running.
And it's okay, I honestly don't mind. As far as the advertising-driven economy goes, sports (traditional or otherwise) is one of the more benign fields. The problem I see is the relentless focus on building a game optimized for professional play ruins it for vast majority of players, and I fail to see why companies keep doing it instead of bifurcating the multiplayer aspect into "casual play" and "pro play", allowing for the latter while also letting the former have their fun.
> Nobody wants to play multiplayer (only) games with cheaters.
My point is that most of the cheating comes from structuring the game around pro-play. You get a global ladder, which establishes an ordinal ranking that invites cheaters who just want to score higher for less effort. All those cheaters end up ruining the game for regular people, who don't care that much about the ranking. Most of those cheaters would go away if the ladder was removed - but that ladder is critical to the company and wannabe progamers precisely because the top levels of that ladder are a gateway to pro-level play.
You can't eliminate all cheating - there's always some people who, for whatever reason, enjoy ruining the game for others. Fortunately, such people are a very small fraction of the playerbase, and most of them don't enjoy it enough to bother if you throw some small obstacles their way. It's manageable. Competitive rankings, on the other hand, are something cheaters love much more than regular players, so by adding it, you're basically creating the problem.
This is true for all competitive endeavors - the bigger the reward, the more it attracts competitive players, some of which are going to resort to cheating, and attempts at fighting cheating further ruin things for those who don't care about competing in the first place. And yes, it applies to the market economy too.
tpxl 2 hours ago [-]
> My point is that most of the cheating comes from structuring the game around pro-play
This is incorrect. Both selling cheats and cheating are big businesses.
In Escape from Tarkov, cheaters bought the game (50€), cheated to get in-game items, sold in-game items for money, got banned, and bought the game again. It's literally profitable to keep buying a 50€ game after getting banned.
Same happened with Diablo 3 when it had the real money auction house. A mate of mine earned around 10k in 3 months and went through a dozen accounts a week.
Team Fortress 2 basically has no competitive scene, but the casual games are full of cheaters anyway. And you can't even make money through it, unlike the previous two examples.
The bottom line about cheating is, it's relatively easy to prevent with manual moderation. But humans doing stuff dOeSn'T sCaLe, even though banning cheaters that will re-buy the game has a positive RoI.
bilekas 12 hours ago [-]
I don’t work in gaming, I know a few people who do, everyone of them does it for the love of the game. Certainly not for the job security or even the money. This idea that they’re also to handle security is too much. It’s not their fault, they’re writing “art” not secure micro services for multi national companies.
Publishers will pay to have 0level kernel ring on your system but not for software securing their game.
> the game runs with admin privileges for the sake of anti-cheat
Nobody higher than the devs thought “this might be risky?”
Because can assure you, the devs felt it stupid and risky.
Your “Everyone thinks their making doom 3”. As I see this is not the developer fault.
bongodongobob 11 hours ago [-]
I've done IT support for a number of devs across multiple companies and they all expect local admin and admin access to everything. So no, I don't believe they feel it is risky. I believe they don't get it/don't care. It's just not their wheelhouse.
bilekas 11 hours ago [-]
This is a different case, if I don’t have permission to talk to the graphics card, sound card, even ram, I’m a restricted engineer.
> I believe they don’t get it/don’t care.
You’re right, anything that’s not obstructive is never worried about.
To me that says you’re doing a good job giving permissions, it’s also your job to manage those permissions, not the developers..
> It's just not their wheelhouse.
Your absolute bang on. And I can say from experience, it’s good you guys are there.
bongodongobob 11 hours ago [-]
Right and that's the thing, you don't need local admin for that. It can be done granularly or set up a dev env vm etc. It's a pain for everyone to be sure and some routes are easier than others.
maccard 10 hours ago [-]
I use a company managed machine. If my machine is compromised even in user space, my AWS credentials (which AWS stores in %UserProfile%/.aws) are hosed. Source code? Gone. Cookies from chrome? Gone. Files on the network share that everyone has mounted? Compromised.
If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.
bongodongobob 7 hours ago [-]
Yeah, that's why you don't do it that way. You're making my point.
lelanthran 2 hours ago [-]
>>> I've done IT support for a number of devs across multiple companies and they all expect local admin and admin access to everything.
>> If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.
> Yeah, that's why you don't do it that way. You're making my point.
I have to admit, I don't get your point here. If I am correct (and, if I am not, I welcome a correction):
1. Your original point was "Devs want local admin or admin access to everything.
2. GP's response was that even without any admin access of any type, he's hosed if his machine is compromised.
How does #2 above support or prove #1 above?
idiotsecant 11 hours ago [-]
No, it's because the average IT infrastructure is abysmal and getting things done without admin is it's own full-time job filing and following up on tickets and trying to plead your case for the ten thousandth time to the exalted security dieties that you just want to do your job gets old.
Am i bitter? Nah
bongodongobob 11 hours ago [-]
Totally get it dude.
8 hours ago [-]
Thaxll 13 hours ago [-]
It's not more rotten that your regular backend shop. How many api issues / auth problems / s3 open bucket there are out there exactly?
bobnamob 12 hours ago [-]
s3 open bucket syndrome is basically cured at this point. (Aside from legacy buckets, which should all be exploited by now)
The "yes I really want to do this" confirmations you need to go through when opening up a bucket these days are about 4 deep...
Authn/z issues are real though, they'll never be fixed
maccard 10 hours ago [-]
It’s definitely games that are the problem. There’s no way that websites are still embedding third party code that is just slopped together shit and wildly vulnerable [0]. Or that domain registrars, one of the core points of trust of the internet would lie about their security practices and be sued by the FTC almost a decade after it[1]. Or that an endpoint management system would take down multiple airports due to basic bounds checks missing [2]. How about a massive software company used by huge enterprises for storing their knowledge bases having an RCE [3]. A global CDN definitely wouldn’t break DNS and take down half the internet [4].
Now you might say, those companies are irresponsible and that well maintained open source software doesn’t have this issue. That would mean no 0 days for linux [5], and that the most battle tested libraries in the world are immune from basic issues [6][7].
Software engineering is broken, it’s not just games. (Although, if you think physical construction is any better I suggest you stick a T square in the corners of your house and figure out how many of your walls aren’t square ). You
These are game developers. Not backend developers. Not web guys. Not remotely trained in infosec. They make games. Not security software. And for the longest time this was acceptable.
I think for a GaaS in 2025 it's unacceptable to not have security minded engineers on staff for the backend stuff. Too much money is involved not to. Especially for studios very familiar with shipping online games.
But I'm also kind of disappointed in how much we're forgetting that these people are not infosec nerds. Last year there was a cute fishing game made by a single dude messing around making things. It got popular and a kid found an RCE bug with the multiplayer. The dude got a TON of shit for the flaw, which feels deeply unfair. I don't expect my mom to configure a router correctly. I don't expect video game developers to understand defensive network programming without training.
Maybe I'm just a little frustrated at the Internet largely unable to understand that defensive programming is something that isn't in a game devs trained skills. I would expect better of Netease however
phoronixrly 14 hours ago [-]
Hey, I feel there's some predisposition in infosec-minded people that insecure software must not exist regardless of its purpose or threat model. And also that people who can't write secure code must not write code...
Hackbraten 13 hours ago [-]
People who can't write secure code yet can learn how to write secure code.
chefandy 9 hours ago [-]
For some little indie setup, sure. But AAA studios are like any other software companies— the folks putting their network stack together aren’t the same people that are making the gameplay logic, many of whom probably went to art school and learned how to script and write some less-complex C++, and they’re different from the people working with the low-level graphics programming in the game engine, many of whom probably have PhDs in computer science or other related math disciplines. Having a connection low-latency enough and reliable enough to have fighting game tournaments on servers with many thousands of players isn’t a job for a general purpose game developer.
14 hours ago [-]
supermatt 12 hours ago [-]
They generally make software that runs with (at least) unrestricted user level access on client devices, as opposed to backend guys who have no client access, and web guys whose code runs in a sandbox.
If anything these devs should be more cautious than the others as the risk to the end user is extreme.
gruez 14 hours ago [-]
>These are game developers. Not backend developers. Not web guys. Not remotely trained in infosec. They make games. Not security software.
Why do game developers get a pass but not "backend developers" or "web guys"? Don't the latter only "make CRUD apps, not security software"?
sbarre 13 hours ago [-]
I think for web or "backend for network" people, you are always deploying into a hostile environment (the Internet) and so you really should be at least aware of basic security measures. If you consider yourself a professional in that field, it's table stakes.
If you're a game dev, you were taught to write optimized code that runs locally on a computer.
Not everything you do will run on the network, and networking/multiplayer might not be relevant every single time you ship a game. So it's less relevant (if still important)
Sleaker 12 hours ago [-]
This isn't really true, game devs have had to deal with client-server authenticity issues since the beginning of multiplayer gaming. There's a lot of lessons learned around and why there's whole sets of middleware designed to alleviate/lessen these issues. For as long as multiplayer games have been around this has been an issue.
The impact ie: RCE vs just ruining the game experience may be different but the concepts are all the same- adversarial clients.
The excuses you listed aren't any different for business apps.
ryandrake 11 hours ago [-]
There is nothing special about game development that justifies not knowing/caring about security. It's 2025. Everyone is deploying into a hostile environment (the world). Security is now a horizontal that cuts across all kinds of development: frontend, backend, web, mobile, PC, console. You can't just say "Oh, security is the job of a Security Developer. I am just a Xyz Developer."
sbarre 9 hours ago [-]
Hey I'm with you... I literally have a talk I give at my company about security being every developer's job (it's called "Developers are bad at security" and it's very popular).
I'm not arguing that it's "not their job", I'm saying they are less likely to have been trained in security because of the nature of their job...
skeeter2020 12 hours ago [-]
There are no triple A games today that doesn't run in a networked/internet environment, and your code lives on the hostile user; this seems like an even bigger risk than a web app.
sbarre 9 hours ago [-]
AAA game are a small fraction of the whole games market though (and there are still plenty that don't have multiplayer - Cyberpunk 2077 comes to mind, or the Horizon games, lots of mobile games, etc).
Like I said in the other reply, I am not arguing against the need for security, I am saying a lot of game developers don't get, or seek out, security training because single player local games don't have the same network-driven risks.
devmor 14 hours ago [-]
Why would there be a strong engineering culture behind AAA video games at all? Game developers are underpaid, overworked and constantly told they can be replaced at a moments notice.
I wouldn't expect anything but code that "ships" out of them, and its understandable why.
pyrolistical 12 hours ago [-]
There needs to be at least 1 person to figure out why the game isn’t hitting the performance target. That is real engineering
DrillShopper 12 hours ago [-]
With DLSS nobody bothers anymore. Just force the punters to buy an overpriced video card and then poor-shame them if they don't
mrguyorama 11 hours ago [-]
In modern gaming you just make every texture max size even though it only covers a tiny surface and will only fill 6 pixels on a large monitor.
Also, half of their shaders are broken on some configurations. Also they used a function call wrong so their game tries to render something a bunch of times instead of once.
A huge portion of NVidia and AMD GPU drivers is literally hacks to make games actually run well. Both Nvidia and AMD patch game shaders at runtime to keep things from being unusable, and hack around broken behavior or wrong usage of APIs. It's exactly reminiscent of the situation Windows 95 had when all sorts of popular programs couldn't even save interrupt flags properly because they straight up did not read the manual which had many sentences and code fragments demonstrating that what they wrote would not work.
Also, Titanfall 1 shipped with like 30gb of uncompressed audio. They did this to "reduce CPU load". In 2014.
maccard 11 hours ago [-]
Hi, I’m a game developer.
> in modern gaming you just make every texture max size even though it only covers a tiny surface
This completely false. Not even hyperbole, just plain false. We have budgets, we have tools. You need higher res textures for things that are smaller because you can get close to them. Is there waste? Sure, but no more so than in any other field. My local newspaper takes 15 seconds to load on gigabit WiFi, and hangs on scroll. Reddit can’t handle more than one tab open. Slack uses more ram than the game im developing sometimes. Even HN still falls flat on its face with a “moderately” popular link, and can’t handle it if you perform too many operations.
> A huge portion of NVidia and AMD GPU drivers is literally hacks to make games actually run well.
This is because nvidia and AMD offer this as service but without access to your codebase. The days of them being required to function are long behind us.
> Titanfall 1 shipped with like 30gb of uncompressed audio. They did this to "reduce CPU load". In 2014.
As I’ve said many times, you might disagree but it was intentional. The Xbox one was an 8x1. 75GHz CPU, and some of that was reserved for system use
All software is shit, and held together by duct tape. All industries have products that we can point at and call a disgrace - it’s not games that are the problem.
lelanthran 2 hours ago [-]
> Slack uses more ram than the game im developing sometimes.
I think this should be said more often: the ratio of content to non-content is absurd in some electron-based apps.
Look at it this way: the average video game probably has about 30GB (uncompressed) of content and uses about 10GB-12GB of RAM.
In a busy slack, with hundreds of messages, we're still only looking at maybe <5MB of content while the app chews up 800MB - 100MB of RAM.
I think the video game devs are doing a much better job at writing desktop software than the Slack/Postman/etc guys.
Additionally, security in video games (it's poorest metric) has, over the last 10 years or so, improved considerably, while efficiency in desktop software (it's poorest metric) has gotten worse!
It's unfair to single out video game developers for poor software considering that they are making gains in their weakest measurement while those doing the criticising are happily using software that is losing points in it's weakest metric.
kcb 9 hours ago [-]
You could decode a 320kbps mp3 on an 83mhz Pentium I.
lelanthran 2 hours ago [-]
> You could decode a 320kbps mp3 on an 83mhz Pentium I.
Only if doing nothing else at the same time!
I was there; I had a 486 that could decode 96kbps mp3.
But, like the P1, if you tried to do anything else while decoding mp3s, the entire computer, including the sound output, would stutter.
I'm not defending 30GB of uncompressed audio (obviously they could have compressed it a little, at least), but to claim that a P1@80MHz could indeed decode mp3s@320kbps is a bit of a stretch.
It could do so only if you weren't doing anything else at the time.
cubefox 13 hours ago [-]
> The engineering culture behind AAA video games is rotten to the core with regards to security.
But it is way ahead with regards to efficient hardware utilization!
0cf8612b2e1e 12 hours ago [-]
And usually with an eye towards good user interface design. Not some white space heavy “clean” look where everything is hidden behind hamburger menus.
tpxl 1 hours ago [-]
Some games, sure, most games, no. There are tons of games out there with dialog options that don't support choosing with numbers, a ton of games where you can't quickloot/drop with shift-click, comparing equipment is a chore, confirmation screens don't have y/enter to confirm or n/esc to cancel, missing/useless tooltips, custom fonts that are unreadable...
These things are _trivial_ to implement, it's just nobody thinks about the UI as long as it 'works'.
ykonstant 12 hours ago [-]
Preach. I often point towards games for examples of good balance of density, as well as elements of modern-looking skeuomorphism in UI.
Of course I get all the usual garbage non-arguments in response from designers who don't want to take up a challenge and actually design, and instead fall back on a "tried and true" (except it is shit) fashion.
creaturemachine 12 hours ago [-]
I dunno, lately they're more interested in pointing you to the store page for skins and loot boxes.
ykonstant 11 hours ago [-]
True, but even the most vile loot box filled triple A slop game has better UI than the atrocities the OP refers to. At least there you can see some decent density of information and a hint of three-dimensionality, which is more than you can say about the "clean UI" desert landscape.
Xunjin 14 hours ago [-]
Great commentary, today the industry is focused on delivering free game with tons of cosmetics (which gives a ton of money) but forgetting about performance and security.
TonyTrapp 12 hours ago [-]
Your average networked game these days is probably a bazillion times more secure than one from 20 years ago. It was super common that there were cheat tools to crash all game clients in a match. It was super annoying, we can just be glad that it was usually not used for anything more nefarious.
Xunjin 12 hours ago [-]
Excellent point, how do you see today the industry, security wise?
agentultra 14 hours ago [-]
I was literally thinking about this the other day. There are a ton of games using kernel modules for anti-cheat and... just load and interpret data payloads. Certainly some of those payloads could manipulate the funny machines inside of a game executable if they're not careful about their parsing and validation.
Nice PoC!
Update: yes, most game client processes don't run in the kernel. My b. I was just thinking that updates and content payloads might be an interesting vector for langsec.
Liquix 13 hours ago [-]
Yes. For example world of warcraft's anticheat (warden), although it runs in userspace, has been exploited multiple times to gain RCE/server root after receiving malicious payloads from clients.
agentultra 13 hours ago [-]
Also, if you see content distribution networks the way we've been looking into package managers as a vector distributing poisoned payloads... seems fruitful.
mavhc 12 hours ago [-]
Imagine if security software did that, but also ran on boot and took down a million critical machines
kibwen 12 hours ago [-]
I bought a Steam Deck with the sole purpose of having a cheap, airgapped PC to run games on. Game devs just don't have the incentives or discipline to be trusted with security.
I wish Steam offered a console format of the deck, essentially the same thing, but with better specs, HDMI out and bluetooth for controllers. Would be a massive hit I wager.
oxygen_crisis 12 hours ago [-]
The deck already has bluetooth for controllers and HDMI out if you get a standard USB3/HDMI dongle (or their expensive dock).
Essentially all you're asking for them to add is better specs.
In December their revised branding guidelines added a "Powered by SteamOS" badge so presumably 3rd-party boxes with various specs in set-top form factors will be coming before too long:
> The Powered by SteamOS logo indicates that a hardware device will run the
SteamOS and boot into SteamOS upon powering on the device. Partners /
manufacturers will ship hardware with a Steam image in the form provided by and/or developed in close collaboration with Valve.
ThatPlayer 11 hours ago [-]
Better specs would also be interesting, because Steam's current "Steam Deck Verified" does check if games run well on the Steam Deck's hardware. There's another check for text size on the smaller 7" screen too.
jamie_ca 12 hours ago [-]
They tried some years back https://en.wikipedia.org/wiki/Steam_Machine_(computer) but it didn't really hit big. That said recent updates to SteamOS and agreements around logo/branding use hint that we're likely to see a few other options in the coming year or two (alongside some 3rd-party handhelds running SteamOS).
kibwen 12 hours ago [-]
This is what I do, I rarely use it in handheld mode (but I do appreciate the ability to). Valve sells a dock with HDMI out (along with ethernet, USB, etc), and I can confirm that it works wirelessly with Xbox controllers.
I thought SteamOS was just some layers on top of Arch.
To not go full Dropbox, but I think if someone wants a Linux PC to run games, it is within the realm for a home PC builder to accomplish. It would otherwise be a tough market to sell, “Buy this gamer PC, less great specs than you would likely pick for yourself and not compatible with the most popular games that have onerous anti-cheat root kits”.
aprilnya 8 hours ago [-]
According to leaks, “Steam Deck TV” has been in the works for a couple years now iirc
LordDragonfang 10 hours ago [-]
> Would be a massive hit I wager.
I strongly doubt it. Steam already tried releasing a console alternative, Steam boxes, and they massively flopped. By and far the main reason for the Steam deck's success is its portable form factor, not the fact that it's a linux machine that runs games. It succeeded in spite of the software, not because of it.
The overwhelming majority of users are going to want either a "real" (read: Windows) PC, or a "real" (read: the same one their friends have) console.
oxygen_crisis 5 hours ago [-]
Steam Deck succeeded where Steam Machines flopped because of nearly a decade of advancement on the Proton compatibility layer, so the catalog of eligible games is orders of magnitude larger than it was in 2015.
When Steam Machines re-launch with the current generation of Proton compatibility it will be an entirely different story.
Etheryte 9 hours ago [-]
This misses why the old Steam Machine was a failure: it was half baked hardware with few games that would run well on it. With the work they've put into the Steam Deck they've largely solved both of those issues, they now have a stable platform and also a sizable library of games that just work, no tinkering required.
lockemx 12 hours ago [-]
Interestingly, the game doesn't run as admin for any good reason. The first thing I did was only let the launcher and game run as the user with RunAsInvoker. The anticheat alone is allowed RunAsAdmin. At the same time, I don't trust any anticheat. It's probably worse than useless, but it is what it is. I thought Microsoft would clean this up after the Crowdstrike incident for all kernel-level code, but I guess there's no incentive for them to only let game companies request runtime analysis / reports rather than run code. As for the anti-cheat industry, they should focus on patterns of user behavior to help game companies moderate the players as much as neccesary.
zwily 12 hours ago [-]
I have a related question for you... my kids like Marvel Rivals, but I also use Microsoft family tools to limit their screen time so they don't have Admin accounts. However, the Marvel Rivals anti-cheat makes me enter my password every time they launch. Is there any way for me to create a shortcut or something so Rivals will launch without my password?
I'm not a Windows guy and trying to figure this out has been extremely frustrating...
voxic11 12 hours ago [-]
You can make a on-demand scheduled task that runs Marvel Rivals as admin then create a shortcut that invokes the task.
I tried to get Microsoft to stop signing kernel mode anti-cheat drivers with no result. Even when a vulnerable driver is found the vendor is given way too much time to deploy a fix while the vulnerable build is out in the wild with a valid signature. The signature should be revoked as soon as an exploit is found, it's an anti-cheat driver for video games not essential business/government infrastructure.
EA-3167 12 hours ago [-]
If anticheat worked then it would be an interesting, perhaps tolerable tradeoff for some. The reality however is that games are absolutely packed with cheaters, there's an international industry in creating cheats for popular games, so what you get is an arms race that as usual only punishes honest users. It's like DRM, pirates don't seem to have much of a problem, but it sure can hurt the rest of us.
Unfortunately both the executives who buy into these things, and the average consumer, are simply too... simple, to understand or appreciate that.
maccard 10 hours ago [-]
> Unfortunately both the executives who buy into these things, and the average consumer, are simply too... simple, to understand or appreciate that.
With all due respect, it’s ironic that you’re calling everyone else simple.
Something doesn’t have to be. 100% effective to be a massive deterrent. Cheat prevention is a game of cat and mouse and anti cheat is one of the levers. Here[0] is an example of a popular game with no anti cheat which was completely ruined by cheaters. Did putting EAC into the game stop every single cheater? No. But it did make the experience better for a significant number of players who were having their games destroyed by cheaters.
The line that stood out for me in that article was: "There is no in-game reporting system." On a somewhat amusing note, I searched for stories about cheating on Fall Guys these days, and one of the first results was... a vendor for cheats. Literally the third result. Another result was a Reddit article from last February talking about the ubiquity of cheaters. There are similar articles in a similar time frame on Steam and elsewhere. TikTok at that same time has collections of videos of them.
While I'm sure that Easy Anti-Cheat is... easier than a reporting system that would require numerous humans working it, I don't think it's the best solution for the player. It's "just enough" at best, and at worst... well see the article we're all commenting under.
bangaladore 15 hours ago [-]
> the game runs with admin privileges for the sake of anti-cheat
"sake of anti-cheat" should be taken lightly here. There is a reason why all the other sane anti-cheats have at least two applications, the anti cheat service which often runs as admin, and the game, which does not. Running the game as admin is quite frankly inexcusable.
The service often does the network comms and communicates to a kernel-mode driver and/or to the application via IPC or similar. Having defined barriers of separation are good things.
In any case, this POC doesn't have huge implications necessarily for most people, but maybe in SEA or China where LAN cafes are more prevalent, it could be a larger concern.
shalzuth 15 hours ago [-]
The one implication that I (the author) should highlight for the extra paranoid - this exploit extends to ISP's and cloud vendors that traffic is routed through. Anywhere in the trace route can MITM. It depends on how much you trust those parties.
sim7c00 15 hours ago [-]
tried in some communities of gamedev to talk about security but i gave up. i think the main sentiment is not to care at all. so many games have or had trivial exploits. enabling mass cheating, harasment of other players (DOS) and more nefarious stuff. for people whwo think the mitm wont affect them... thats a silly stance. people hack home routers on massive scales. (another domain who doesnt seem to give shits about security)
good writeup! thanks!
999900000999 14 hours ago [-]
Their's a really good argument for having a "gaming" os, Windows, and a serious OS , Linux on the same computer.
If League of Legends needs super admin mode, it's no longer my computer. I'm sharing it with Tencent. I can't trust them ( specifically a disgruntled employee) to not install key loggers and other really nasty things.
DaSHacka 14 hours ago [-]
This is essentially my Windows box. I use it for gaming, and RDP in from one of my other computers (all of which run GNU/Linux), when I need to run a Windows program away from the house.
I treat it as though there's a random russian dude watching my every move through RDP keylogging all my inputs (and for how many one-off cracked programs have been installed on there over the years, it's not impossible).
I can't imagine keeping my password manager and primary accounts logged-in on the same computer I have rootkits like Riot Anticheat and technical disasters like Marvel Rivals installed on.
p_ing 13 hours ago [-]
> Their's a really good argument for having a "gaming" os, Windows, and a serious OS , Linux on the same computer.
This is a terrible idea if you think this will keep you secure. Windows provides direct access to update motherboard firmware and CPU microcode/management engine.
999900000999 12 hours ago [-]
Is most malware literally going to embed itself in the BIOS and install itself on Linux ?
Seems like an insanely difficult thing to do to target like .5% of users.
hah yeah ,dont run insecure os nexto secure one :D. good point!
p_ing 11 hours ago [-]
Linux distros can also update firmware and microcode.
hibikir 12 hours ago [-]
The data breach Disney had last year is reported to be caused by downloading a malicious mod in a work computer, which then fetched the Slack credentials and downloaded everything available. Many a cryptocurrency wallet is emptied out with similar attack vectors.
We might have better computer security than with Windows 95, but the level of isolation we need to have a semblance of security is very rare and it's very easy for people to slip.
keyringlight 14 hours ago [-]
I think there's a few angles on this.
Firstly that a game developers main concern is getting their product functional, keeping that way, and that they can make money on it to make the whole endeavour worthwhile. There's already a lot of game releases where it comes across getting their idea working out the door is a lot higher up the list than the 'details' and attention to working great on the PC platform. Then that gamers will come in a wide range of skill/knowledge levels for their PCs, from those that treat them as glorified consoles to others that know every detail of their workstation.
Dual booting adds more admin and complexity, and in a way it's admitting that the trust level in software is so low your OS can't sandbox things out, that stuff you're running is taking liberties or just enough effort to fulfill its task, and you're going to the extent of running a console in a separate partition but running it is mutually exclusive with the serious OS. I'd guess a lot of people who felt strong enough would just have 'serious OS' be another device, most likely a phone but alternatively laptop, which would seem to marginalize what they use the windows install for.
daedrdev 13 hours ago [-]
It's the endgame of cheats. If it's not supreme over all programs, you can cheat by chaining things when it isn't looking or before the anitcheat starts. By running a service from startup with maximal privilege, they can prevent cheats at the expense of running a service from startup as low at maximal privilege.
Arguably they could have already gotten all sensitive user data without that privilege if their program was hacked
999900000999 10 hours ago [-]
You can already pipe your video output to another box, and add stuff like hitboxes. I think a few monitors are starting to build this in.
amatecha 8 hours ago [-]
Separate computers. Windows gaming PC on a VLAN that can only access the internet, and nothing else on your network. This should really be the standard for home networks today.
prophesi 14 hours ago [-]
I have a Windows partition that I haven't booted into for ages. Originally I would first try to run a game on Linux, and fallback to Windows if it has problems. Some live service AAA games are still impossible to run on Linux due to anticheat, but it's otherwise a pretty good time for Linux gaming in the era of the Steam Deck.
DrillShopper 12 hours ago [-]
I've removed the rebooting step and instead use a GPU pass-through VM
dfxm12 13 hours ago [-]
Why stop at a separate OS? Why not use separate hardware just for gaming as well?
sim7c00 13 hours ago [-]
custom hardware is nice, like a ps5 or something, but this is usually built up from somewhat known component. a lot of hardware is not too bad, but the software has the main issues. i dont see gaming companies develop custom security hardened hardware quickly due to extreme costs related in making very advanced and fast chips.
ultimately a combination would be best, hardware tailored to be secure and allow secure software to be developed for it, but the same can be said for phones and pc's etc .
most modern cpus have quite a lot of hardware security features which are often not ideally implemented or not used. they also offer features that can allow software to enhance security, bit that is also rare.
for example you _could_ use certain extended cpu registers to allow for taint tracking etc, but this likely kills game performance, and is not even done for trivial applications despite being proven to mitigate entire classes of vulnerabilities. (its quite complicated to implement too as the hardware isnt taking into account such features for such purposes)
sim7c00 14 hours ago [-]
this is also a good argument. the anti cheat is impossible to implement in usermode, but you can hardly trust developerd with kernel mode drivers that trace all things.
im not sure if a gaming os would help there.
it would be helpful if OSes wouldnt allow things like malicious drivers but this is an extremely hard problem in light of people loading known vulnerable drivers and exploiting those...
you could argue that a lot of drivers could live in ring 1 or 2 rather than ring0, but that no OS implements.
working on an OS to try and think of solutions to this types of issues, but u know... if u can wait like 40 years maybe it will be done (and likely it will be vulnerable in different ways :(( )
gruez 14 hours ago [-]
>If League of Legends needs super admin mode, it's no longer my computer. I'm sharing it with Tencent. I can't trust them ( specifically a disgruntled employee) to not install key loggers and other really nasty things.
kernel/root/ring0 might sound super scary, but if there's any sort of code execution on linux/windows, practically speaking it's already game over.
lcnPylGDnU4H9OF 11 hours ago [-]
> This also opens the door up to an entrypoint on PS5.
Does he mean that this is potentially how one could install custom firmware on their console?
Curious because I remember reading somewhat recently that console vendors have locked their consoles down well enough so as to avoid any vulnerabilities which could be exploited to install custom firmware. It would be amusing if that was invalidated by game dev security and I start hearing about ways to install some modded firmware, which include a step of "install one of these games".
IIRC, the web browser on 3DS systems was exploited to install custom firmware rather than a game so it was rather easily patched with a system update (and, indeed, it actually was patched). I wonder if we'll be seeing Sony/Nintendo/Microsoft start to insist on certain security standards as a result of games being exploited to install custom firmware on the devices they sell, presuming the answer to my first question is affirmative.
shalzuth 9 hours ago [-]
PS5 games are sandboxed, so it only allows an entrypoint to run code. For full PS5 exploitation, another chain is needed to go break out of the sandbox.
bakugo 10 hours ago [-]
> Does he mean that this is potentially how one could install custom firmware on their console?
Sort of. It's a userland code execution exploit, which is often the first step, but all games run in a locked down VM specifically to protect against things like this, so you still need a kernel/hypervisor exploit to escape the VM and actually mess with the system in any significant way.
lcnPylGDnU4H9OF 9 hours ago [-]
Thanks for the explanation. That helps complete the picture another comment (https://news.ycombinator.com/item?id=42921799) started about “funny machines”. I do believe the measures they’ve taken to protect against malicious payloads are going to be tested rather relentlessly.
sanktanglia 13 hours ago [-]
Funny enough this engine is based off the same one they used in Diablo immortal which also has this issue
tart-lemonade 11 hours ago [-]
It downloads and executes a Python script to update the store page? Log4j/log4shell, anyone?
Just build a JSON API! It's not that hard! You don't need to RCE your game every time it launches just for microtransactions.
So what part of the game code exactly is able to download a random python script and run it?
sanktanglia 14 hours ago [-]
The patching process sends python byte code for hot fixes
zxilly 12 hours ago [-]
Looks like a typical mitm attack, which confuses me a bit, don't the developers use something like tls or dtls to protect their communications?
The most recent game I analysed was helldivers 2, which uses dtls. i would have thought that would be fairly common knowledge.
shalzuth 9 hours ago [-]
That's the issue - they don't!
But even games like Helldivers 2 have had silly vulnerabilities (just not RCE) - see https://helldivers.io/freesupercredits for some examples.
foco_tubi 11 hours ago [-]
Interesting that the PS5 has been implicated - does this mean that there is an opportunity to jailbreak firmware again?
bilekas 12 hours ago [-]
> Game developers continue to amaze me at their lack of security awareness.
Because game developers are SUPPOSED to be aware of these things?
> It's very hard for security researchers to report bugs to most game dev companies. On top of that, most do not have bug bounty programs
Yet the OP blames the GAME developers…
They already have harder jobs than the majority of us, picking on them for not knowing skills outside of their area is just being mean and OP is targeting frustration at the wrong group.
shalzuth 34 minutes ago [-]
You’re right - I should have specified more explicitly. I am not referring to the game dev that is developing game features or content - I am specifically talking about the “security engineering” organizations within game developer companies. NetEase hired security engineers to specifically do security related tasks (see NetEase AntiCheat @ https://dun.163.com/locale/en?force=true).
NetEase Games doesn’t have an excuse for not conducting a security review on a massive game like Marvel Rivals - and this isn’t some corner case, this is part of the core architecture.
And this is not a story unique to NetEase. I have multiple other examples that I’ll probably talk about in the future.
boricj 9 hours ago [-]
>> Game developers continue to amaze me at their lack of security awareness.
> Because game developers are SUPPOSED to be aware of these things?
If a civil engineer amazed people with their lack of structural integrity awareness, they wouldn't be trusted to build a house of cards let alone a bridge open to the general public. Software developers write defective, bug-ridden and unsafe public-facing devices and services that are open to the entire world and we shrug whenever there's a major cybersecurity or software crash catastrophe.
If software engineers were held to the same standards of accountability and liability as real engineers when they apply their signature at the bottom of a design calculations document, maybe we'd stop shoveling trivially wormable garbage onto the Internet without a second thought.
munchler 12 hours ago [-]
YES. Did you read the part where the game devs use RCE with admin privileges to run patches? Any developer who does that should be aware of the security risks they’re taking.
bilekas 12 hours ago [-]
Any developer yes, but I personally put game developers into a different category, they’re making games and trying to find shortcuts to meet strange management requirements. They don’t know the security side.. I’m admitting there should be some guard before code review is approved from a real security engineer
> Any developer who does that should be aware of the security risks they’re taking.
Developer yeah, someone who’s focused on recreating the game probably not
munchler 12 hours ago [-]
Trying to meet strange management requirements is normal for just about any professional developer. I don’t understand why you think game developers deserve a special exemption.
kevingadd 11 hours ago [-]
If you sell software to millions of people that runs with access to sensitive data you have an obligation to do a good job, sorry. If you don't like that, make it MIT licensed on an open source site instead of $70 on Steam.
bilekas 11 hours ago [-]
The developers don’t have that obligation, the publishers do though.. They are the last in the chain here.. Those gaming agencies have a lot of beuracracy filtered in gaming senses.
I’ll say this, every single game dev I’ve ever met, has no clue how to navigate bureaucracy. I’m not saying it’s a type, but it’s not random, they have other things to worry about.
jauntywundrkind 14 hours ago [-]
For a second I thought this was the Marvel game that got briefly banned along with TikTok, but that's marvel Snap.
It would have been a tiny bit funny if it had been the same company that was just briefly banned that was allowing a remote exploit.
xnx 14 hours ago [-]
Exactly my confusion. This would've made the TikTok ban feel a little more legitimate.
empath75 14 hours ago [-]
To be honest, I would not be surprised if netease the same kind of attention as bytedance.
plagiarist 12 hours ago [-]
I like the other rant at the bottom. But why would game developers care about security when their customers don't care? The customers are fine running anticheat with admin privileges like in this RCE he just found.
kevingadd 11 hours ago [-]
I personally encountered a game anti-cheat driver in the wild (Anti-Cheat Expert) that caused BSODs and data loss. I later discovered there were known exploits in it and the signature still hadn't been revoked. I managed to get the developers of the game I was playing to reconfigure it by kicking up a fuss on the subreddit, at least.
wyldfire 13 hours ago [-]
I'm surprised - isn't this game just a skin on Overwatch? So does Overwatch have an RCE?
Nannooskeeska 13 hours ago [-]
No, Marvel Rivals and Overwatch are not related in any way other than they're both the same genre of game.
wyldfire 13 hours ago [-]
Wow, I was so convinced that it was the case that I thought you were mistaken. They look remarkably similar. But yeah, just another game in that genre like you said.
Rendered at 09:19:16 GMT+0000 (Coordinated Universal Time) with Vercel.
This is the worst possible combination: players are forced to accept first-party invasive rootkits that are disruptive and ineffective, while cheaters still cheat.
IMHO the only sensible solution is to separate out e-sports angle from the game itself. People who want to "go pro" would be free to subject themselves to anti-cheats and drinking verification cans and past some point might as well buy company-authorized computers to play on. Everyone else should just be allowed to play casually and enjoy the game without the anti-cheat nuisance (and a looming threat of false positive).
With main incentive for serious cheating separated out, non-pro players would only have to worry about griefers. Those are a problem too, but they can be dealt with by simpler and less invasive measures than a kernel-level rootkit.
As it is, AAA multiplayer games are basically like if FIFA was to micromanage Town Recreational Leagues and hold them to the World Cup standard, because cheating is a Big Deal so every kid needs to take regular blood tests before the match.
Esports money...? Micro transactions is the money. Publisher driven esports is advertising.
> Publisher driven esports is advertising.
Yes, of course. E-sports is advertising. All professional sports are advertising. That's what makes money. Sales of tickets, merch, guides, coverage, etc. A successful sport is a self-sustaining money printing machine. Now, traditional sports are "frozen in time" relative to business timescales; meanwhile, in e-sports, it's entirely possible for a company to introduce a new game and turn it into a worldwide phenomenon over a couple of years, and then keep getting a cut from aforementioned money printer for many more years still, all while trying to introduce a new game to keep the money running.
And it's okay, I honestly don't mind. As far as the advertising-driven economy goes, sports (traditional or otherwise) is one of the more benign fields. The problem I see is the relentless focus on building a game optimized for professional play ruins it for vast majority of players, and I fail to see why companies keep doing it instead of bifurcating the multiplayer aspect into "casual play" and "pro play", allowing for the latter while also letting the former have their fun.
> Nobody wants to play multiplayer (only) games with cheaters.
My point is that most of the cheating comes from structuring the game around pro-play. You get a global ladder, which establishes an ordinal ranking that invites cheaters who just want to score higher for less effort. All those cheaters end up ruining the game for regular people, who don't care that much about the ranking. Most of those cheaters would go away if the ladder was removed - but that ladder is critical to the company and wannabe progamers precisely because the top levels of that ladder are a gateway to pro-level play.
You can't eliminate all cheating - there's always some people who, for whatever reason, enjoy ruining the game for others. Fortunately, such people are a very small fraction of the playerbase, and most of them don't enjoy it enough to bother if you throw some small obstacles their way. It's manageable. Competitive rankings, on the other hand, are something cheaters love much more than regular players, so by adding it, you're basically creating the problem.
This is true for all competitive endeavors - the bigger the reward, the more it attracts competitive players, some of which are going to resort to cheating, and attempts at fighting cheating further ruin things for those who don't care about competing in the first place. And yes, it applies to the market economy too.
This is incorrect. Both selling cheats and cheating are big businesses.
In Escape from Tarkov, cheaters bought the game (50€), cheated to get in-game items, sold in-game items for money, got banned, and bought the game again. It's literally profitable to keep buying a 50€ game after getting banned.
Same happened with Diablo 3 when it had the real money auction house. A mate of mine earned around 10k in 3 months and went through a dozen accounts a week.
Team Fortress 2 basically has no competitive scene, but the casual games are full of cheaters anyway. And you can't even make money through it, unlike the previous two examples.
The bottom line about cheating is, it's relatively easy to prevent with manual moderation. But humans doing stuff dOeSn'T sCaLe, even though banning cheaters that will re-buy the game has a positive RoI.
Publishers will pay to have 0level kernel ring on your system but not for software securing their game.
> the game runs with admin privileges for the sake of anti-cheat
Nobody higher than the devs thought “this might be risky?”
Because can assure you, the devs felt it stupid and risky.
Your “Everyone thinks their making doom 3”. As I see this is not the developer fault.
> I believe they don’t get it/don’t care.
You’re right, anything that’s not obstructive is never worried about.
To me that says you’re doing a good job giving permissions, it’s also your job to manage those permissions, not the developers..
> It's just not their wheelhouse.
Your absolute bang on. And I can say from experience, it’s good you guys are there.
If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.
>> If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.
> Yeah, that's why you don't do it that way. You're making my point.
I have to admit, I don't get your point here. If I am correct (and, if I am not, I welcome a correction):
1. Your original point was "Devs want local admin or admin access to everything.
2. GP's response was that even without any admin access of any type, he's hosed if his machine is compromised.
How does #2 above support or prove #1 above?
Am i bitter? Nah
The "yes I really want to do this" confirmations you need to go through when opening up a bucket these days are about 4 deep...
Authn/z issues are real though, they'll never be fixed
Now you might say, those companies are irresponsible and that well maintained open source software doesn’t have this issue. That would mean no 0 days for linux [5], and that the most battle tested libraries in the world are immune from basic issues [6][7].
Software engineering is broken, it’s not just games. (Although, if you think physical construction is any better I suggest you stick a T square in the corners of your house and figure out how many of your walls aren’t square ). You
[0] https://mrbruh.com/chattr/
[1] https://news.ycombinator.com/item?id=42849632
[2] https://en.m.wikipedia.org/wiki/2024_CrowdStrike-related_IT_...
[3] https://www.csoonline.com/article/2138177/atlassians-conflue...
[4] https://techcrunch.com/2021/07/22/a-dns-outage-just-took-dow...
[5] https://www.indusface.com/blog/rce-zero-day-vulnerabilities-...
[6] https://en.m.wikipedia.org/wiki/Log4Shell
[7] https://heartbleed.com/
These are game developers. Not backend developers. Not web guys. Not remotely trained in infosec. They make games. Not security software. And for the longest time this was acceptable.
I think for a GaaS in 2025 it's unacceptable to not have security minded engineers on staff for the backend stuff. Too much money is involved not to. Especially for studios very familiar with shipping online games.
But I'm also kind of disappointed in how much we're forgetting that these people are not infosec nerds. Last year there was a cute fishing game made by a single dude messing around making things. It got popular and a kid found an RCE bug with the multiplayer. The dude got a TON of shit for the flaw, which feels deeply unfair. I don't expect my mom to configure a router correctly. I don't expect video game developers to understand defensive network programming without training.
Maybe I'm just a little frustrated at the Internet largely unable to understand that defensive programming is something that isn't in a game devs trained skills. I would expect better of Netease however
If anything these devs should be more cautious than the others as the risk to the end user is extreme.
Why do game developers get a pass but not "backend developers" or "web guys"? Don't the latter only "make CRUD apps, not security software"?
If you're a game dev, you were taught to write optimized code that runs locally on a computer.
Not everything you do will run on the network, and networking/multiplayer might not be relevant every single time you ship a game. So it's less relevant (if still important)
The impact ie: RCE vs just ruining the game experience may be different but the concepts are all the same- adversarial clients.
The excuses you listed aren't any different for business apps.
I'm not arguing that it's "not their job", I'm saying they are less likely to have been trained in security because of the nature of their job...
Like I said in the other reply, I am not arguing against the need for security, I am saying a lot of game developers don't get, or seek out, security training because single player local games don't have the same network-driven risks.
I wouldn't expect anything but code that "ships" out of them, and its understandable why.
Also, half of their shaders are broken on some configurations. Also they used a function call wrong so their game tries to render something a bunch of times instead of once.
A huge portion of NVidia and AMD GPU drivers is literally hacks to make games actually run well. Both Nvidia and AMD patch game shaders at runtime to keep things from being unusable, and hack around broken behavior or wrong usage of APIs. It's exactly reminiscent of the situation Windows 95 had when all sorts of popular programs couldn't even save interrupt flags properly because they straight up did not read the manual which had many sentences and code fragments demonstrating that what they wrote would not work.
Also, Titanfall 1 shipped with like 30gb of uncompressed audio. They did this to "reduce CPU load". In 2014.
> in modern gaming you just make every texture max size even though it only covers a tiny surface
This completely false. Not even hyperbole, just plain false. We have budgets, we have tools. You need higher res textures for things that are smaller because you can get close to them. Is there waste? Sure, but no more so than in any other field. My local newspaper takes 15 seconds to load on gigabit WiFi, and hangs on scroll. Reddit can’t handle more than one tab open. Slack uses more ram than the game im developing sometimes. Even HN still falls flat on its face with a “moderately” popular link, and can’t handle it if you perform too many operations.
> A huge portion of NVidia and AMD GPU drivers is literally hacks to make games actually run well.
This is because nvidia and AMD offer this as service but without access to your codebase. The days of them being required to function are long behind us.
> Titanfall 1 shipped with like 30gb of uncompressed audio. They did this to "reduce CPU load". In 2014.
As I’ve said many times, you might disagree but it was intentional. The Xbox one was an 8x1. 75GHz CPU, and some of that was reserved for system use
All software is shit, and held together by duct tape. All industries have products that we can point at and call a disgrace - it’s not games that are the problem.
I think this should be said more often: the ratio of content to non-content is absurd in some electron-based apps.
Look at it this way: the average video game probably has about 30GB (uncompressed) of content and uses about 10GB-12GB of RAM.
In a busy slack, with hundreds of messages, we're still only looking at maybe <5MB of content while the app chews up 800MB - 100MB of RAM.
I think the video game devs are doing a much better job at writing desktop software than the Slack/Postman/etc guys.
Additionally, security in video games (it's poorest metric) has, over the last 10 years or so, improved considerably, while efficiency in desktop software (it's poorest metric) has gotten worse!
It's unfair to single out video game developers for poor software considering that they are making gains in their weakest measurement while those doing the criticising are happily using software that is losing points in it's weakest metric.
Only if doing nothing else at the same time!
I was there; I had a 486 that could decode 96kbps mp3.
But, like the P1, if you tried to do anything else while decoding mp3s, the entire computer, including the sound output, would stutter.
I'm not defending 30GB of uncompressed audio (obviously they could have compressed it a little, at least), but to claim that a P1@80MHz could indeed decode mp3s@320kbps is a bit of a stretch.
It could do so only if you weren't doing anything else at the time.
But it is way ahead with regards to efficient hardware utilization!
These things are _trivial_ to implement, it's just nobody thinks about the UI as long as it 'works'.
Of course I get all the usual garbage non-arguments in response from designers who don't want to take up a challenge and actually design, and instead fall back on a "tried and true" (except it is shit) fashion.
Nice PoC!
Update: yes, most game client processes don't run in the kernel. My b. I was just thinking that updates and content payloads might be an interesting vector for langsec.
Reminder that all three Dark Souls games allowed full RCE to any users connected to the internet: https://flashpoint.io/blog/rce-vulnerability-dark-souls/
Essentially all you're asking for them to add is better specs.
In December their revised branding guidelines added a "Powered by SteamOS" badge so presumably 3rd-party boxes with various specs in set-top form factors will be coming before too long:
> The Powered by SteamOS logo indicates that a hardware device will run the SteamOS and boot into SteamOS upon powering on the device. Partners / manufacturers will ship hardware with a Steam image in the form provided by and/or developed in close collaboration with Valve.
To not go full Dropbox, but I think if someone wants a Linux PC to run games, it is within the realm for a home PC builder to accomplish. It would otherwise be a tough market to sell, “Buy this gamer PC, less great specs than you would likely pick for yourself and not compatible with the most popular games that have onerous anti-cheat root kits”.
I strongly doubt it. Steam already tried releasing a console alternative, Steam boxes, and they massively flopped. By and far the main reason for the Steam deck's success is its portable form factor, not the fact that it's a linux machine that runs games. It succeeded in spite of the software, not because of it.
The overwhelming majority of users are going to want either a "real" (read: Windows) PC, or a "real" (read: the same one their friends have) console.
When Steam Machines re-launch with the current generation of Proton compatibility it will be an entirely different story.
I'm not a Windows guy and trying to figure this out has been extremely frustrating...
Full instructions https://chatgpt.com/share/67a13960-c1b4-8002-a699-7b547c759c...
You can also skip the UAC prompt without editing the registry, by adding the following to the game's launch options in Steam:
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start "" %command%"
Unfortunately both the executives who buy into these things, and the average consumer, are simply too... simple, to understand or appreciate that.
With all due respect, it’s ironic that you’re calling everyone else simple.
Something doesn’t have to be. 100% effective to be a massive deterrent. Cheat prevention is a game of cat and mouse and anti cheat is one of the levers. Here[0] is an example of a popular game with no anti cheat which was completely ruined by cheaters. Did putting EAC into the game stop every single cheater? No. But it did make the experience better for a significant number of players who were having their games destroyed by cheaters.
[0] https://www.pcgamer.com/fall-guys-adding-anti-cheat-in-the-n...
While I'm sure that Easy Anti-Cheat is... easier than a reporting system that would require numerous humans working it, I don't think it's the best solution for the player. It's "just enough" at best, and at worst... well see the article we're all commenting under.
"sake of anti-cheat" should be taken lightly here. There is a reason why all the other sane anti-cheats have at least two applications, the anti cheat service which often runs as admin, and the game, which does not. Running the game as admin is quite frankly inexcusable.
The service often does the network comms and communicates to a kernel-mode driver and/or to the application via IPC or similar. Having defined barriers of separation are good things.
In any case, this POC doesn't have huge implications necessarily for most people, but maybe in SEA or China where LAN cafes are more prevalent, it could be a larger concern.
good writeup! thanks!
If League of Legends needs super admin mode, it's no longer my computer. I'm sharing it with Tencent. I can't trust them ( specifically a disgruntled employee) to not install key loggers and other really nasty things.
I treat it as though there's a random russian dude watching my every move through RDP keylogging all my inputs (and for how many one-off cracked programs have been installed on there over the years, it's not impossible).
I can't imagine keeping my password manager and primary accounts logged-in on the same computer I have rootkits like Riot Anticheat and technical disasters like Marvel Rivals installed on.
This is a terrible idea if you think this will keep you secure. Windows provides direct access to update motherboard firmware and CPU microcode/management engine.
Seems like an insanely difficult thing to do to target like .5% of users.
https://github.com/google/security-research/security/advisor...
We might have better computer security than with Windows 95, but the level of isolation we need to have a semblance of security is very rare and it's very easy for people to slip.
Firstly that a game developers main concern is getting their product functional, keeping that way, and that they can make money on it to make the whole endeavour worthwhile. There's already a lot of game releases where it comes across getting their idea working out the door is a lot higher up the list than the 'details' and attention to working great on the PC platform. Then that gamers will come in a wide range of skill/knowledge levels for their PCs, from those that treat them as glorified consoles to others that know every detail of their workstation.
Dual booting adds more admin and complexity, and in a way it's admitting that the trust level in software is so low your OS can't sandbox things out, that stuff you're running is taking liberties or just enough effort to fulfill its task, and you're going to the extent of running a console in a separate partition but running it is mutually exclusive with the serious OS. I'd guess a lot of people who felt strong enough would just have 'serious OS' be another device, most likely a phone but alternatively laptop, which would seem to marginalize what they use the windows install for.
Arguably they could have already gotten all sensitive user data without that privilege if their program was hacked
ultimately a combination would be best, hardware tailored to be secure and allow secure software to be developed for it, but the same can be said for phones and pc's etc .
most modern cpus have quite a lot of hardware security features which are often not ideally implemented or not used. they also offer features that can allow software to enhance security, bit that is also rare. for example you _could_ use certain extended cpu registers to allow for taint tracking etc, but this likely kills game performance, and is not even done for trivial applications despite being proven to mitigate entire classes of vulnerabilities. (its quite complicated to implement too as the hardware isnt taking into account such features for such purposes)
im not sure if a gaming os would help there.
it would be helpful if OSes wouldnt allow things like malicious drivers but this is an extremely hard problem in light of people loading known vulnerable drivers and exploiting those...
you could argue that a lot of drivers could live in ring 1 or 2 rather than ring0, but that no OS implements.
working on an OS to try and think of solutions to this types of issues, but u know... if u can wait like 40 years maybe it will be done (and likely it will be vulnerable in different ways :(( )
relevant: https://xkcd.com/1200/
kernel/root/ring0 might sound super scary, but if there's any sort of code execution on linux/windows, practically speaking it's already game over.
Does he mean that this is potentially how one could install custom firmware on their console?
Curious because I remember reading somewhat recently that console vendors have locked their consoles down well enough so as to avoid any vulnerabilities which could be exploited to install custom firmware. It would be amusing if that was invalidated by game dev security and I start hearing about ways to install some modded firmware, which include a step of "install one of these games".
IIRC, the web browser on 3DS systems was exploited to install custom firmware rather than a game so it was rather easily patched with a system update (and, indeed, it actually was patched). I wonder if we'll be seeing Sony/Nintendo/Microsoft start to insist on certain security standards as a result of games being exploited to install custom firmware on the devices they sell, presuming the answer to my first question is affirmative.
Sort of. It's a userland code execution exploit, which is often the first step, but all games run in a locked down VM specifically to protect against things like this, so you still need a kernel/hypervisor exploit to escape the VM and actually mess with the system in any significant way.
Just build a JSON API! It's not that hard! You don't need to RCE your game every time it launches just for microtransactions.
I agree that a JSON API is a better approach, but it's possible for AAA game developers to screw that up too: https://arstechnica.com/gaming/2021/03/developers-to-update-...
Because game developers are SUPPOSED to be aware of these things?
> It's very hard for security researchers to report bugs to most game dev companies. On top of that, most do not have bug bounty programs
Yet the OP blames the GAME developers…
They already have harder jobs than the majority of us, picking on them for not knowing skills outside of their area is just being mean and OP is targeting frustration at the wrong group.
And this is not a story unique to NetEase. I have multiple other examples that I’ll probably talk about in the future.
> Because game developers are SUPPOSED to be aware of these things?
If a civil engineer amazed people with their lack of structural integrity awareness, they wouldn't be trusted to build a house of cards let alone a bridge open to the general public. Software developers write defective, bug-ridden and unsafe public-facing devices and services that are open to the entire world and we shrug whenever there's a major cybersecurity or software crash catastrophe.
If software engineers were held to the same standards of accountability and liability as real engineers when they apply their signature at the bottom of a design calculations document, maybe we'd stop shoveling trivially wormable garbage onto the Internet without a second thought.
> Any developer who does that should be aware of the security risks they’re taking.
Developer yeah, someone who’s focused on recreating the game probably not
I’ll say this, every single game dev I’ve ever met, has no clue how to navigate bureaucracy. I’m not saying it’s a type, but it’s not random, they have other things to worry about.
It would have been a tiny bit funny if it had been the same company that was just briefly banned that was allowing a remote exploit.