Isolate Your Games, Seriously

sr229

Ayane Satomi

Posted on June 14, 2020

Isolate Your Games, Seriously

Games were created for one purpose, to push the technical boundaries of computer graphics and altogether, deliver a compelling and entertaining experience. However, with the rise of online connectivity and online multiplayer, its normal for companies to come up with anticheat systems to make sure the player plays fair when they play a game.

However, some of these anticheat programs takes the anti-cheat way too far - as they even end up restricting programs to work, and may even send data about your computer and use it for targeted ads (or even worse, sell it), the phrase "enough is enough" would resort to most people - especially for those who care about their privacy.

CPU Rings - understanding the concept of privilege escalation

If you have studied computer architecture, a PC's privilege is seperated in "Rings of Privilege" - with 3 being least and 0 being the highest privilege.

Information Security 101 always tells us that running anything in Ring 0 is very concerning since this is where the kernel, and even the hypervisor, resides. However, given that you trust the drivers that run in Ring 0 (but it should be running on Ring 1 or 2 anyways), Ring 0 gives you the highest access possible for the system.

Ring 0 Anti-cheat - is it safe?

Now this is where the question resides, if Ring 0 is where the kernel resides, why does a anti-cheat, out of all the programs, needs the same access as the kernel?

The reason is very fair and reasonable as well - this allows the program to listen to the memory for known cheat signatures in the memory, and also does a integrity check on the game files. It's essentially a stop-gap to prevent a user with cheats that can't be detected server-side to connect to protected servers. Our friends from Secret Club provides more context about why such a Anti-cheat is necessary.

But Anti-cheat is a proper backdoor

Believe it or not, with that kind of access, your system is basically backdoored to the company with the semblance of legitimacy of your intent to play. But keep in mind, anti-cheats are client-server applications, and a simple breach in the server can modify the anti-cheat to perform arbitrary code execution, and keep in mind, Anti-cheat is only as trustworthy as the company that runs it.

Riot Games recently got cirticism for restricting background programs to run and has been messing with the system with Vanguard, Valorant's purpose-built anti-cheat. And its even more questionable because Riot Games has a partnership with Tencent (keep in mind Tencent is known to give access to the Chinese government access to their programs, if you remember the WeChat fiasco).

Should I give my games native access?

No one can tell what is in a game's stack. Games used to be programs meant to entertain people, but it then became hubs for targeted ads with intrusive analytics, and now, anti-cheat. There's no telling even a single-player game can have a secret remote procedure call to a web server telling about your hardware ID, then using it for targeted ads.

The answer for this is no. Never give your games access to native hardware, ever. In fact, games nowadays are glorified legalized trojan horses.

Playing the Game without worrying about Privacy

If you still want to experience the game, but worry about the implications of the anti-cheat, then you must prepare to use isolation via virtualization (or just isolation).

We used to mock about consoles with how they're so locked down, but it seems they've been teaching us how to run games in a secure fashion this time. Xbox One has been very stringent with security in their console - both hardware and software. The console is known to use NanoVisor - a customized version of Hyper-V that runs two VMs, one for the games and one for the UI, which is a tailored version of Windows.

NanoVisor ensures that even if one of the VMs get compromised, it would never have complete hardware access, which makes it a prolific example for this article - if Xbox One can play games in such complete isolation, why can't we in the PC?

Conclusion

The gaming industry must understand boundaries when it comes to data collection, and must be acquainted to the concept of privacy more than often. But then again, when you play a game, you understand the risk of using a program. But to save yourself the trouble of being that guy who will complain about on Reddit when there's a data breach in a anti-cheat server, run your games in isolation.

💖 💪 🙅 🚩
sr229
Ayane Satomi

Posted on June 14, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Isolate Your Games, Seriously
gaming Isolate Your Games, Seriously

June 14, 2020