cross-posted from: https://lemmy.zip/post/8449648
Thinking about installing Riot’s rootkit
If I have an encrypted Linux partition and a Windows partition that I use as a bootloader into Riot’s games, what are the drawbacks of installing their kernel level anticheat?
So, Benefits: Being able to play their games. Drawbacks : a lot, and it seems like they are not getting talked about a ton.
Here is the deal: Riot doesn’t trust you that you will interact with their entertainment software in a fair way witb other users of the same software. So they demand that you install a kernel level anti Cheat which gives them full control of your system. And then they demand that you trust them not to abuse that power. Because if you try to figure out if you can trust them… They will ban you. It’s the equivalent of having someone demand of you to take NSFW Pictures whenever, wherever, however much they like and telling you that they won’t share those.
Yes they can decrypt everything from your encrypted drive if they wanted to, so not even an encrypted file system that windows can’t even read natively will save you. Remember that they can read and write any file they want to so they can get to your decryption key, figure out your file system and get windows to read if they wanted to. It’s the same with kernel level cheat developers that likely charge money for their cheats. Heck if they wanted, they could use your machine to mine crypto if they wanted to. Or ransom it with encryption of their own. Or get you in legal trouble in so many other ways like putting incriminating files on your machine.
In short they don’t trust you and want full acces while demanding that you trust them with no way of knowing if you can. Which means you can’t have privacy with a kernel lever anti Cheat or rather rootkit because that is what it actually is.
Also consider who owns riot games. And think about how protected or in that case rather how not protected your data is.
And then ask if you want to give a third party that level of control over a machine you own and paid for.
I would worry less about Riot being the one who is gonna be decrypting your stuff and worry more about some malicious actor who manages to get access to your computer. Running anything that communicates over the internet with such high priveleges is a massive attack surface
Well, we don’t need to imagine; Genshin Impact already showed us.
Given that they got hacked multiple times, and every update breaks their client, I don’t think it makes sense to trust they can secure their malware.
I’d like to add that even if you use full disk encryption and have to enter a password to unlock it they could just install a modified loader that captures your password. Though it’s not necessary something I’d worry about from them.
Heck if they wanted, they could use your machine to mine crypto if they wanted to. Or ransom it with encryption of their own. Or get you in legal trouble in so many other ways like putting incriminating files on your machine.
All of that is unfortunately true about any anticheat and pretty much any software you use, really.
Obviously not if you run it unprivileged in a separate OS, but the vast majority of users don’t even use more than a single (usually not password protected administrator) account.
Another question then: I see it mentioned that other anticheats (Easy, etc.) also run as drivers, they just only run when the game is on. How is possible that we run such anticheats through proton? Is this just a misconception that some users have or did they make exceptions for Linux?
Windows software running in Wine/Proton can bypass the Windows layer and call Linux stuff directly. This is fine; Wine isn’t intended to be a security layer by itself. Some of the Proton bits that Valve made to build a bridge between Windows games & the Linux Steam client does this, as well as pretty much every other bit of Wine internals.
Easy Anti-Cheat detects that it’s running in Wine and if the game dev enabled Wine support, it downloads a binary that knows how to do that. That version of EAC doesn’t run at kernel level, but it does scan your Linux userspace for cheats, or whatever Epic feels like doing today. As with every userland anti-cheat, the company making it can update it more or less anytime you’re playing the game and since it’s running in the context of the game, it has access to everything the game does. Same thing for most anti-cheat software really.
I personally wouldn’t… I get if riot had good games, but I personally wouldn’t install a rootkit to play worse dota and worse CS. /s
