I find it interesting that in their "Should I panic" section, they miss one of the biggest panic-inducing points for me: That a program running in ring 0 has some form of internet access.
They don't go into detail here about how far this goes, but I wouldn't be at all surprised to hear that it is directly sending and receiving data from the internet. That is such a bad idea for obvious reasons.
Why would they do that? They don't need to send the data through the kernel, they can just IPC it to the process and use the existing telemetry stack.
Also, what gives you panic here? What more damage can they do than running in user mode? They can already access all your files, steal all your cookies etc.
well because if an attack vector is found in their anti-cheat driver, attackers could use it to access memory space of other processes and not just user accessible files or launch a privileged process for keeping tab on your system.
They delegate to a userland process for most things and apparently have had multiple audits on this driver, according to what they've said about the same thing that they run in their game Valorant.
"Multiple audits" from Gus over in QA to Bob in accounting. Despite all of their assurances I can't help but to feel that it is only a matter of time until this is exploited.
No, I'm pretty sure it's there because installing something that runs at ring 0 can do anything on your system. Look at all your internet traffic, files, make you go bald, etc.
Any sane security-minded person should slightly panic IMHO.
Wow that's a shite article. It starts with "This post is kinda tech-heavy" and then never gets tech heavy.
The "I think I'm going to panic" section is super condescending. It obviously does give surveillance capabilities it didn't previously have: I could previously disallowed the user that was running a game from viewing a file, and Windows would respect that. The game might crash, but it would not have accessed the file.
They are being directly misleading in the article and trying to use technical terms to confuse people. Ick.
Yeah. I'd question the motivation of any explanation that obscures the "yes, it does enable all of those BadThings but we promise to do our best not to exploit them and here's why we can be trusted" truth of the matter.
That said, they're writing for multiple gun-jumpy audiences so I don't think they lose all of the benefit of the doubt here. Just that this isn't good enough at the moment/yet.
Here was Valve’s elevator pitch of the situation. If you click the link inside OP, you can crawl down the rabbit hole and literally see the code in question.
What concern do you have because the ethnicity and location of the company is in China?
How does that compare to American or five eyes countries, given what we know about those situations?
What makes, to you, one a higher threat than the other?
Edit: to be clear I'm trying to work out, as someone who is clearly OK contributing and participating in the Chinese economy (gotta get dat new iphone), why is my concern for the morality of the Chinese government in this exact instance higher than, say, the government I actually live under (UK) or their allies (US and the rest of 5 eyes)
The amount of autonomy and legal recourse of a private corporate entity in China compared to the United States. While the US does not have a great track record (Room 641A, National Security Letters, v-chip, putting export controls on strong encryption, etc) entities like the EFF and ACLU, plus corporate entities have successfully and repeatedly pushed back.
I am not an expert on Chinese corporate entities, but my anecdotal observations from working in companies with arms in China has been it's always a very careful process to not annoy the government, as it means losing everything with little recourse.
Edit: The implication is that, if the government of China, was exceptionally interested placing a backdoor in the software of a Tencent system, they may not be able to reasonably object. Where if the FBI came to Apple, (and we know they have) they can say no. [1]
Government mandated backdoors in retail software and usage of those backdoors is a more well known or suspected occurrence with the CPC government than, say, the Canadian government.
But that could just be a matter of publicity goals; of it benefiting China's goals for their citizens to know they are watching, and it not benefiting Western governments the same way.
I think it's natural (not necessarily rational) for people to be more skeptical of the goals of outside nations than of their own. Certainly, other nations with a very different and disliked form of government would engender more suspicion, however irrelevant that aspect may actually be.
It has nothing to do with ethnicity and everything to do with jurisdiction.
There is obviously more transparency when companies must comply with American or British courts vs the Chinese government. At the same time, all three show very little regard for the privacy of their citizens, and seem to have no problem paying off or breaking into domestic industry to gain information or exert control.
For your case in this exact instance, the Chinese government has no disincentives I can think of from pwning your computer through this kernel driver, besides that it is obviously way more effort than you are probably worth, so you probably don't have to worry about it.
Alternatively, were your own government to pwn your computer through this kernel driver, it is possible you could seek legal recourse. Was legal recourse not possible, you could go to the press, who would (I think? I'm not from the UK) be free to print your story.
So yeah, I think its pretty obvious installing a kernel driver from a company under Chinese jurisdiction is less safe than one from a company under American or UK jurisdiction.
Prejudice is an interesting thing. I read your post without blinking. It took a second to sink in.
You seem to object to two separate things: 1) the majority owner is scummy; 2) the majority owner is Chinese.
For many people these equate to the same thing. But you have broken them out. So perhaps you don't think all Chinese are scummy. What then is your objection to non-scummy Chinese? Also, would you be ok if it was majority-owned scummy Swedish company?
I think your statement as it stands builds prejudice (unintentionally, I hope) against Chinese simply for being Chinese. I can think of a number of characteristics that bother me about some "Chinese" companies. But they aren't really about the geography. They would apply equally to non-Chinese and could be remedied by any company that exhibited those characteristcs. Thus, I think it would be helpful to list specific objections rather than blanket with "Chinese".
For instance, I'm generally reluctant to online order from a "Chinese" webfront because it takes so long to ship. But for some time now, that critism applies equally to Amazon because they have tried to compete with AliExpress, Banggood, etc. by flooding me with direct-from-China merchandise. It takes just as long to reach me whether I order through Amazon or from Banggood. And Banggood is cheaper. For the exact same product from the exact same source.
By listing my exact complaint, I can warn any Chinese or non-Chinese companies exactly which behaviors I find objectionable. They may not be willing to change being Canadian or French or Texan, but they might be willing to work on my true objection.
You might argue that Chinese companies often don't have a choice on some objectionable matter. But it is a lot easier to push back on their government with, "Such-and-such is a specific business-killer. Don't force this" instead of "Being Chinese is a specific business-killer. Don't force this." And it also sends the message you want to USA, Iran, Venezuela, Poland, etc. companies at the same time.
I'd really rather this sort of thing came directly from Microsoft. They're not perfect, but I definitely trust them more than Riot to not create a bunch of security vulnerabilities or spy on all my active processes. Plus, if people are signing kernel extensions who shouldn't be, isn't that a concern for Microsoft in and of itself?
Microsoft also releases games on Windows, though, and also has the cheater problem in them.
It is still odd that in all their gaming pushes on windows with things like the Windows 10 Game Mode ( https://support.microsoft.com/en-us/help/4028293/windows-usi... ) that they haven't just made this a "thing" yet. Have a flag or some way for an application to signal that they want their memory actually restricted. You'd at least stop all user-mode cheats overnight, and can also attempt to impose restrictions on kernel-mode drivers. Or let a game know if there's unsigned drivers installed, and let the game segment off that user population.
But I guess they won't do anything about this until someone's kernel-level driver anti-cheat becomes a PR disaster for Microsoft. The same way they didn't do anything about anti-virus protection out of the box until McAfee & Norton went off the deep end and contributed to the constant perception of Window's horrible slowness.
Readit News
https://news.ycombinator.com/item?id=22230168
They don't go into detail here about how far this goes, but I wouldn't be at all surprised to hear that it is directly sending and receiving data from the internet. That is such a bad idea for obvious reasons.
Also, what gives you panic here? What more damage can they do than running in user mode? They can already access all your files, steal all your cookies etc.
Any sane security-minded person should slightly panic IMHO.
The "I think I'm going to panic" section is super condescending. It obviously does give surveillance capabilities it didn't previously have: I could previously disallowed the user that was running a game from viewing a file, and Windows would respect that. The game might crash, but it would not have accessed the file.
They are being directly misleading in the article and trying to use technical terms to confuse people. Ick.
That said, they're writing for multiple gun-jumpy audiences so I don't think they lose all of the benefit of the doubt here. Just that this isn't good enough at the moment/yet.
Here was Valve’s elevator pitch of the situation. If you click the link inside OP, you can crawl down the rabbit hole and literally see the code in question.
Again, not Chinese. Fuck China.
How does that compare to American or five eyes countries, given what we know about those situations?
What makes, to you, one a higher threat than the other?
Edit: to be clear I'm trying to work out, as someone who is clearly OK contributing and participating in the Chinese economy (gotta get dat new iphone), why is my concern for the morality of the Chinese government in this exact instance higher than, say, the government I actually live under (UK) or their allies (US and the rest of 5 eyes)
Edit: The implication is that, if the government of China, was exceptionally interested placing a backdoor in the software of a Tencent system, they may not be able to reasonably object. Where if the FBI came to Apple, (and we know they have) they can say no. [1]
[1] https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...
But that could just be a matter of publicity goals; of it benefiting China's goals for their citizens to know they are watching, and it not benefiting Western governments the same way.
I think it's natural (not necessarily rational) for people to be more skeptical of the goals of outside nations than of their own. Certainly, other nations with a very different and disliked form of government would engender more suspicion, however irrelevant that aspect may actually be.
There is obviously more transparency when companies must comply with American or British courts vs the Chinese government. At the same time, all three show very little regard for the privacy of their citizens, and seem to have no problem paying off or breaking into domestic industry to gain information or exert control.
For your case in this exact instance, the Chinese government has no disincentives I can think of from pwning your computer through this kernel driver, besides that it is obviously way more effort than you are probably worth, so you probably don't have to worry about it. Alternatively, were your own government to pwn your computer through this kernel driver, it is possible you could seek legal recourse. Was legal recourse not possible, you could go to the press, who would (I think? I'm not from the UK) be free to print your story.
So yeah, I think its pretty obvious installing a kernel driver from a company under Chinese jurisdiction is less safe than one from a company under American or UK jurisdiction.
But noones targeting you anyways ¯\_(ツ)_/¯
Deleted Comment
You seem to object to two separate things: 1) the majority owner is scummy; 2) the majority owner is Chinese.
For many people these equate to the same thing. But you have broken them out. So perhaps you don't think all Chinese are scummy. What then is your objection to non-scummy Chinese? Also, would you be ok if it was majority-owned scummy Swedish company?
I think your statement as it stands builds prejudice (unintentionally, I hope) against Chinese simply for being Chinese. I can think of a number of characteristics that bother me about some "Chinese" companies. But they aren't really about the geography. They would apply equally to non-Chinese and could be remedied by any company that exhibited those characteristcs. Thus, I think it would be helpful to list specific objections rather than blanket with "Chinese".
For instance, I'm generally reluctant to online order from a "Chinese" webfront because it takes so long to ship. But for some time now, that critism applies equally to Amazon because they have tried to compete with AliExpress, Banggood, etc. by flooding me with direct-from-China merchandise. It takes just as long to reach me whether I order through Amazon or from Banggood. And Banggood is cheaper. For the exact same product from the exact same source.
By listing my exact complaint, I can warn any Chinese or non-Chinese companies exactly which behaviors I find objectionable. They may not be willing to change being Canadian or French or Texan, but they might be willing to work on my true objection.
You might argue that Chinese companies often don't have a choice on some objectionable matter. But it is a lot easier to push back on their government with, "Such-and-such is a specific business-killer. Don't force this" instead of "Being Chinese is a specific business-killer. Don't force this." And it also sends the message you want to USA, Iran, Venezuela, Poland, etc. companies at the same time.
Wait, really? What surveillance capabilities does LoL already have without a kernel driver?
It is still odd that in all their gaming pushes on windows with things like the Windows 10 Game Mode ( https://support.microsoft.com/en-us/help/4028293/windows-usi... ) that they haven't just made this a "thing" yet. Have a flag or some way for an application to signal that they want their memory actually restricted. You'd at least stop all user-mode cheats overnight, and can also attempt to impose restrictions on kernel-mode drivers. Or let a game know if there's unsigned drivers installed, and let the game segment off that user population.
But I guess they won't do anything about this until someone's kernel-level driver anti-cheat becomes a PR disaster for Microsoft. The same way they didn't do anything about anti-virus protection out of the box until McAfee & Norton went off the deep end and contributed to the constant perception of Window's horrible slowness.