cross-posted from: https://lemmy.zip/post/8449648
Thinking about installing Riot’s rootkit
If I have an encrypted Linux partition and a Windows partition that I use as a bootloader into Riot’s games, what are the drawbacks of installing their kernel level anticheat?
Another question then: I see it mentioned that other anticheats (Easy, etc.) also run as drivers, they just only run when the game is on. How is possible that we run such anticheats through proton? Is this just a misconception that some users have or did they make exceptions for Linux?
Windows software running in Wine/Proton can bypass the Windows layer and call Linux stuff directly. This is fine; Wine isn’t intended to be a security layer by itself. Some of the Proton bits that Valve made to build a bridge between Windows games & the Linux Steam client does this, as well as pretty much every other bit of Wine internals.
Easy Anti-Cheat detects that it’s running in Wine and if the game dev enabled Wine support, it downloads a binary that knows how to do that. That version of EAC doesn’t run at kernel level, but it does scan your Linux userspace for cheats, or whatever Epic feels like doing today. As with every userland anti-cheat, the company making it can update it more or less anytime you’re playing the game and since it’s running in the context of the game, it has access to everything the game does. Same thing for most anti-cheat software really.