hckrnws
Valve removes free game from Steam after players discover it contains malware
(pcguide.com)
101
81
by gpi
by gpi
The native isolation mechanisms like silos are things that require wrangling by professional sysadmins, I didn't even know they existed until I started writing this post. The real question to be asking is why is sandboxing so bad on Windows? Despite some searching, I still have no conclusive answer as to how to go about filesystem isolation in Win32-space, or if it's even possible.
It's great for testing, and Sandbox is just the tip of the iceberg of what Windows Containers support
- e.g. maybe someone can come up with "launcher" that goes through it (somehow).
Consider that people pay a $300 premium to get ~10% better performance (buying an RTX 5080 instead of a 5070 Ti).
Personally I know that sometimes closing the web browser in the background makes my game run better - that web browser doesn't even interact with the game! Would a sandbox have a smaller impact?
Buying a better GPU improves your graphics performance and that's basically unrelated to the area where a sandbox impacts performance.
Killing your web browser is probably just lowering memory pressure?
Sandboxes add overhead to syscalls. It's kind of similar to running under Wine, which also adds significant syscalls overhead. Wine also has a much more impactful DirectX translation layer, so your sandbox performance would be probably be much better than the Wine performance.
They also need low-latency access to the GPU, which I suspect is a fertile vector for privilege escape exploits.
[dead]
"Beyond the Darkness" was released on Nov 14 2024 - https://store.steampowered.com/app/1728610/Beyond_The_Darkne...
"Beyond the Dark" (the malware) was released (ahem, renamed) on Dec 28 2024
It is interesting that it seems to easier to take over a legit game than trying to create a new one. I have seen this with youtube channels, inactive during a long period of time and suddenly showing mostly scams. Or the original owner became a criminal, or more probably were taken over criminals.
> The malware allegedly searched for cryptocurrency wallet browser extensions, including MetaMask, before connecting to external servers and downloading additional tools. These tools were reportedly capable of stealing browser information, passwords, and cryptocurrency wallet data.
Cryptocurrencies are the most insecure currency that we have even invented. It is paradoxical that is being marketed as actually safe.
Wonder how much longer it could have remain undetected if it actually fired up a shovelware game that could run properly, things like crashing probably gave it away way faster than it could've.
Theres a lot of games on Steam that outright don't work. It wouldn't raise a flag with me.
I'm thinking of the scenario where the original devs sell the game rights off since sales are bottomed out.
The FBI were seeking victims for ~8 "games" earlier this year: https://forms.fbi.gov/victims/Steam_Malware/view
[dead]
Personally I'm coping with sandboxie.
That’s hard to believe, given that many games run better under WINE than native Windows.
On Linux certainly so, and I think if Steam is installed as a flatpak all games naturally are sandboxed.
In theory, sandboxing mechanisms could even be used to improve anticheat.
What I always sort of assume the endgame could be for highly competitive Windows games is something akin to cartridge or bootable floppy games from the 8-bit era, where games would install into or be supplied as disk images containing locked-down Windows installations that only permit signed (and possibly whitelisted) drivers and whitelisted applications, which would include the game and a small number of other approved applications like Discord, MS Edge and possibly selected third-party browsers, and support software for hardware like GPUs and gaming input devices, which Windows would then boot to run the game, either on bare metal or in an isolated VM.
https://gist.github.com/q3k/e5952111283ea59ee78a7699919a055b
I like that it keeps those kinds of malware out of my reach, and I don’t mind skipping games that use them.
I would like for it to go away entirely though. Both because I find it an appalling practice, and because I want more gamers playing more games on Linux.
[dead]
Most games on itch.io are not DRMed.
[dead]
"Congress is engaged in a witch hunt" is so 1950s.
"Civil rights should be applied to everyone" is so 1960s.
"Fossil Fuels are destroying the plant" is so 1970s.
"Unregulated free trade is dangerous" is so 1980s.
"The police are out of control and unduly target minorities" is so 1990s.
Something being old doesn't make it less relevant or important.
It means we need to say it louder, because for some reason the point hasn't been made clearly enough yet.
[1] https://videocardz.com/newz/riot-games-on-valorant-dma-cheat...
You don't have to play Valorant, but if you do you probably want to play without cheaters. It's either get hated for having cheaters (like CS2) or get hated for having invasive Anti-Cheat (Valorant). There's no third option.
Maybe that's why they changed the game's name post-malware, to spam, er "promote" it as a new one and gain users quickly.
All our network traffic was unencrypted, which enabled all kinds of shenanigans until the security culture seeped into corporations and the public.
When stories talk about time travelers that hijack old technology instantly, it makes complete sense. Someone with modern hardware, software, and knowledge could completely break most technology back then. They better not forget their modem, though.
[deleted]
and, while denuvo and other drm for games is indeed awful, i find it silly to equate it with cryptocurrency stealing malware.
But if you know about it you have a choice not to buy / install it, like with games like Subnautica 2.
[dead]
[dead]
"If you do not wire the money, the anticheat will activate and delete all your data"
If it announces itself after installation it would obviously be malware. But if the software does exactly what the user expects it to do, and the user installs it with consent, why would it be malware?
Otherwise BitLocker or a disk eraser would be malware just because it performs a destructive action.
Wikipedia goes by the same definition, it's harmful software that operates without the owners knowledge.
It may seem like a weird hill to die on, but calling every Anti-Cheat or DRM a "rootkit" or malware kind of takes any meaning away from the term. And is also just misinformative to the workings of DRM and Anti-Cheat.
It's not the first time that DRM has caused damage. The Valorant one is particularly bad as no user should expect hardware damage or data loss even if they cheat, but I still 'member Sony's DRM that was a legitimate rootkit [1].
[1] https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...
[deleted]
[deleted]
In any case, good for Riot, and good especially for their players!
and even if someone is cheating on a riot game, bricking their pc is obviously fucked, and will end up biting riot in the ass (i.e. not good for riot, either).
the one we're talking about, where riot tweeted "congrats on your $6k paperweights".
>The Riot example above specifically targets DMA cards (cheating hardware) which no legitimate user will have.
you can play league/valorant legitimately, be using dma for whatever else, and apparently riot will still gladly brick your pc.
you apparently don't even need the games currently installed! if you have vanguard leftover from months ago when you did play, remove all the games, and then decide to tinker around with dma for fun/learning/who cares, riot will still come after you, despite not even playing their games.
even if that seems unlikely, refer back to sentence #2 of my comment: "and even if someone is cheating on a riot game, bricking their pc is obviously fucked, and will end up biting riot in the ass (i.e. not good for riot, either)."
> you can play league/valorant legitimately, be using dma for whatever else
I don't think there's a way to check what memory a DMA card is accessing. I also don't see why legitimate users would have a DMA card. I think it's fair for them to assume a connection is there and react.
DMA cards are not $6k, so it is obvious that riot is not talking about the DMA card specifically. they are ~$300 - ~$700. the image they tweeted alongside was that of broken computers, not of broken DMA cards.
i am not sure why riot would admit to bricking $6k PCs if they werent. that would also be exceptionally stupid.
admittedly, the more i look into it, it appears the reports are soft-bricking (i.e., requiring a complete wipe and reinstallation of the OS, not hard-bricking). which is less awful, but still really awful.
>I also don't see why legitimate users would have a DMA card.
doesn't matter at all. if its not being used to interact with riot games, its none of riot's business and not on riot to determine the legitimacy of owning one.
>I think it's fair for them to assume a connection is there and react.
i think this is a wild take. this is effectively giving ownership of your software and hardware to riot.
if the reaction was simply to ban you from riot servers and games, sure, i could be convinced that's acceptable. but the reaction is beyond that.
Actually, the image they tweeted shows a ton of PCIe cards.
> DMA cards are not $6k
The ones shown in the image they tweeted are! ($5,800 USD -> https://www.heinodma.com/)
> reports are soft-bricking (i.e., requiring a complete wipe and reinstallation of the OS, not hard-bricking)
I still don't think anything is actually bricked. They are just enabling and enforcing IOMMU, HVCI, etc. which prevents them from using their DMA card to cheat. I'm sure they could restore functionality by removing Riot's games and anticheat, disabling IOMMU and HVCI, etc.