Comment on Microsoft is moving antivirus providers out of the Windows kernel. Hopefully anti-cheat will be next
kadup@lemmy.world 1 day ago
This is what, the fourth time a Linux community gets excited about this, but that’s actually not good for us at all. Much like Android’s safety net, or the nightmare that is the Mac equivalent, the entire point will be creating an untouchable chain from the firmware to the final OS being booted, and only allowing some apps to use a specific API to attest this isn’t compromised.
This is horrendous for people trying to modify the OS or, in a more relevant tone, run programs meant for that OS on an entirely different environment. Microsoft has slowly been moving towards making this work on PCs, mostly due to pressure from DRM providers like Netflix or banking apps, but unlike Apple they can’t simply lock everything down at once and say “deal with it” because Windows lives by backwards compatibility. Either way, this is just another step towards this upcoming future.
If your favorite games now start asking Windows if the chain of trust is not tampered with… say goodbye to compatibility with Proton.
I don’t think chain of trust and security through kernel-level access are fighting the same problem.
Usually chain of trust is to prevent app tampering, and kernel-level access is to prevent memory tampering.
I assume Windows is creating a new API for applications to monitor certain regions of memory for tampering without needing kernel access.
There already is a API for this with ebpf for Windows and it is the same API that can be used on Linux (because it originates from Linux).
microsoft.github.io/ebpf-for-windows/
EBPF still runs in Kernel space but in a much more limited and confined way.
Kernel level access is to stop access plain and simple. That includes user access right absolutely.
I’m not sure this will be an issue.
When a piece of software is checking for chain of trust, it’s done primarily for security or DRM reasons. The benefits of verifying this chain of trust would make it a little harder for cheaters to inject code and it would be an extra hurdle for pirates to overcome, but the cost is that everyone that bought your game with the intent of playing it on Linux now has absolutely no way to make that happen. I’m not sure the loss in ~4% of your sales would be worth the benefit.
SaharaMaleikuhm@feddit.org 21 hours ago
And if Windows makes using their system super easy, there will likely be even more games with kernel level anti cheat. Classic embrace, extend, extinguish.