Steam Deck

18107 readers

72 users here now

A place to discuss and support all things Steam Deck.

Replacement for r/steamdeck_linux.

As Lemmy doesn't have flairs yet, you can use these prefixes to indicate what type of post you have made, eg:
[Flair] My post title

The following is a list of suggested flairs:
[Discussion] - General discussion.
[Help] - A request for help or support.
[News] - News about the deck.
[PSA] - Sharing important information.
[Game] - News / info about a game on the deck.
[Update] - An update to a previous post.
[Meta] - Discussion about this community.

Some more Steam Deck specific flairs:
[Boot Screen] - Custom boot screens/videos.
[Selling] - If you are selling your deck.

These are not enforced, but they are encouraged.

Rules:

Follow the rules of Sopuli
Posts must be related to the Steam Deck in an obvious way.
No piracy, there are other communities for that.
Discussion of emulators are allowed, but no discussion on how to illegally acquire ROMs.
This is a place of civil discussion, no trolling.
Have fun.

Link to our Matrix Space

founded 4 years ago

MODERATORS

Fubarberry@sopuli.xyz

Moxvallix@sopuli.xyz

435

Microsoft is moving antivirus providers out of the Windows kernel. Hopefully anti-cheat will be next (www.theverge.com)

submitted 1 week ago by Fubarberry@sopuli.xyz to c/steamdeck@sopuli.xyz

55 comments fedilink hide all child comments

Microsoft has long wanted to get vendors out of the kernel. It's a huge privacy/security/stability risk, and causes major issues like the Crowdstrike outage.

Most of those issues also apply to kernel anti-cheat as well, and it's likely that Microsoft will also attempt to move anti-cheat vendors out of kernel space. The biggest gaming issues with steamOS/Linux are kernel anti-cheat not working, so this could be huge for having full compatibility of multiplayer games on Linux.

you are viewing a single comment's thread
view the rest of the comments

[–] Godort@lemmy.ca 21 points 1 week ago (1 children)

I believe that's just fear-mongering. This has been a thing that Microsoft has wanted to do for a while, largely because having 3rd party code with direct kernel access is a huge problem in terms of stability and security unless you can be sure you know what all that code is doing.

They tried to do this in the past, arguing that anything that wanted kernel-level access had to Windows API calls instead, however Windows Defender which was bundled with the OS was exempt from this restriction. The EU argued that it gave Microsoft a competitive advantage in the AV space and mandated that if they wanted to do this, they had to follow their own rules which MS was not willing to do.

Instead, Microsoft dictated that any code that was going to run in the kernel had to be submitted to Microsoft for review, who would then approve or deny the code for use. The problem with this method is that it's slow, so any AV that wanted to update their engine had to go through a code review process every time. Crowdstrike (and likely every other AV provider) got around this by having a component of their software with kernel-access that could read in data dynamically. This is what caused that worldwide BSOD problem a couple years back. The Crowdstrike component with kernel access loaded in a bad update that was not properly reviewed and it broke every system with the AV installed.

Overall, this change is a good thing and will force software vendors to actually operate securely rather than just asking for ring 0 access when they don't need it. As always, if you're worried about the changes MS is making, Linux is available and getting better day by day.

[–] LedgeDrop@lemmy.zip 2 points 6 days ago

I hope that it's fear-mongering.

I tried to justify the technical reasons here, but the tl;dr is it possible for windows 11 to verify that the OS and hardware are "unmodified" (aka "attestation").

They tried to do this in the past, arguing that anything that wanted kernel-level access had to Windows API calls instead, however Windows Defender which was bundled with the OS was exempt from this restriction.

True but attestation is a different beast. It's just a hardware check that "everything is unmodified". Any/all software vendors can use it. Windows Defender was a "duplication" of functionality (hence the EU smackdown).

However, as Microsoft has already integrated attention into Windows 11 (restricted to verifying security patches, for the moment) - it'll be easier for them to repackage attestation into a simple API that software vendors (games/apps/even websites) and use (if attestation.check('basic') == true; then run; else exit).

This "simple" check is what software companies have been wanting for years: a way to guarantee that users are running their software in the way that the software companies want you to be running it (meaning unmodified).

The OPs original question was about removing anti-cheat - which I'm confident will happen and will be replaced with attention (as it already exists for android, John deere, iphones, etc).

Your points about virus scanners is different: I think virus scanners, although technically not necessary (after attestation is mandatory) - they will still exist, simply because virus scanners is a 40+ Billion Dollar industry. Microsoft cannot/will not piss of those companies "just because they can" - it would be in the shareholders best interests for Microsoft to throw the virus scanner companies a bone, allow them an isolated space to do their thing, charge them for the privilege, and require that Microsoft verifies that the virus scanner is untampered.