[smoyer]

Explaining your rationale doesn't change the fact that gamers (many unwittingly) are potentially giving the keys to their computer kingdom to Riot. This behavior on a console would be completely acceptable but unless you're running a dedicated PC for gaming, I wouldn't install this software.

As a thought experiment, I wonder what happens when the FISA court orders Riot to install a modified version on a suspected terrorist's computer. No need for privilege escalation when you can just ask the user to install it at ring-0.

[tgsovlerkhgsel]

> unless you're running a dedicated PC for gaming

That's the approach I've been taking for a long time now.

If you don't, you will always a) have your fun ruined by trying to be security conscious b) in the end, most likely give in and allow things you really shouldn't allow on a trusted machine because otherwise you can't achieve your task (getting a game to run).

So I have a game box, try to make sure that nothing important ever touches it (which is a huge PITA when game clients insist on forcing email-based 2FA on you), but in exchange I don't worry too much about its security.

That also fits nicely with games requiring Windows 10 and Windows 10 being so outright privacy- and user-hostile that I can't imagine running it on my primary machine.

[dharmab]

My next gaming PC will run a Linux hypervisors and use PCI passthru to run Windows as a full-performance guest. Then if I need to use a web browser, I can switch to a Linux guest without interrupting the game.

[prussian]

Honestly, you're just risking getting banned then; some games already ban wine users and a hypervisoris basically the peak of hiding direct memory access so I imagine anticheat engines look for them.

Also, I did this around 3-4 years ago. It works, but once you have it set up its basically the same as if you had two computers effectively on your desk with a kvm switch in software. It also has a tendency to be unstable as all sin and some iommu isolated hardware may misbehave when assigned to a virtual machine.

[blattimwind]

Most anti-cheats and some "DRM solutions" do not allow you to run inside a VM, trying to mask the fact you do might be enough to get banned. Even with PCI passthru you can't expect full performance (CPU is also still virtualized).

It's much simpler to just have a second PC/laptop or dual-boot (less secure).

[alias_neo]

Simpler in a technical sense, but given high end gaming PC's run into the thousands of £s, It's not really the right solution to just buy another machine; the better choice is probably to not play their game (in all senses of the phrase).

Maybe a viable option is to hot swap your drives, and use something with firmware you can sign personally and verify on boot.

[dharmab]

> CPU is also still virtualized

IOMMU also grants the guest hardware access to the CPU, although it does have to be shared between the host and guests.

[gruez]

>or dual-boot (less secure).

There shouldn't be any risks to that if your main OS is encrypted and the keys are sealed by a TPM.

[blattimwind]

The untrusted system could flash malicious firmware to a component with DMA (e.g. GPU VBIOS) to infect the second system.

[fendy3002]

I wanna try this but PCI pass through seems hard. And with KVM win7 guest, I get too many cert invalid error during accessing https, which is annoying.

[Sholmesy]

I've done it all.

It's a hassle, mostly because you need to disable the GPU from the linux host; before passing through; which means you need a second GPU to power the linux host (integrated GPU is fine).

Then there's a bunch of config regarding IOMMU groups and other shit to make sure it picks it up fine, and when it finally does you get 90-95% of the performance for average FPS and then 60-70% min-fps (spikes are way worse).

[mormegil]

This was my exact plan for my (current) computer a few years ago. But after learning about all the real-world complications I became lazy and abandoned the idea. Is this in a realm of "easily achievable out-of-the-box on a standard Linux installation" now?

[dharmab]

Assuming you have recent hardware and a compatible UEFI firmware, yes. https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVM...

[gear54rus]

Are you sure that you've researched this thoroughly and there would be no problems with that PCI thing (compatibility, unknown errors, performance regressions)?

[dharmab]

It's hardware-level passthrough with zero performance or compatibility hit. The catch is that the guest needs exclusive access to the device, i.e. you need two GPUs, one for the host and any other guests and one dedicated entirely to the passthrough VM. There's a few applications like Chromium that incorrectly detect the GPU configuration and need manual overrides.

Also, it helps to use a recent AMD card and the in-tree amdgpu driver instead of the out-of-tree nvidia driver.

Overall, you trade software problems for hardware problems (UEFI firmware versions can break the setup), but if you get it working it works great.

[m463]

> Vanguard does not collect or process any personal information beyond what the current League of Legends anti-cheat solution does.

They are tiptoeing quite carefully there.

I wonder if a lot of "collect or process" can be blocked by users, but with a kernel module actually prevents opt-out attempts and identifies everyone.

[x0x0]

this sounds like language (and, presumably, implementation choices) made to comply with their privacy policy and GDPR.

[devit]

All software that you install on the main desktop operating systems is given the "keys to their computer kingdom": there is no privilege separation or sandboxing, except for the "user vs root" division, which can be trivially bypassed in countless ways (and anyway, most installers require root privileges).

And yes, obviously you need to have a dedicated gaming PC and certainly not install any games or any software that isn't strictly necessary on the systems/VMs with important data.

[smoyer]

To some degree that's true. I keep an eye out for programs that insist on running as root. And if someone breaches my account, they've still got to put the work in to escalate their privilege through one of these programs.

I've also been installing more and more software into ~/bin rather than the more traditional /opt and /usr/local/bin. I think that the trend towards usermode software will take over in the next five years.

[enitihas]

Usermode software might be far more dangerous though. Any software you run on your machine can change the files in ~/bin, and you won't know the difference.

[LeifCarrotson]

The user vs root division does not need to be bypassed for a game. Riot does bypass it with their kernel-mode driver for the anti-cheat mechanism.

[jackewiehose]

As parent comment noticed there is no need to bypass anything. Just ask the user for root permissions like any other installer and the user will accept.

[youerbt]

That's how Riot installs their thing in the first place and that's how everybody can install their own thing.

[youerbt]

Your though experiment involves targeted government attack. And they in theory can order any game company to install any virus on some computer during update. That's hardly an argument against this thing.

What are realistic security issues with ring0 access on personal computer? I bet most interesting stuff on personal computers is easily accessible with normal user privileges that every game client has.

[cesarb]

> I bet most interesting stuff on personal computers is easily accessible with normal user privileges that every game client has.

Which is why the current tendency is towards more sandboxing, not less; things like flatpak on Linux, the app stores on Windows and Mac, the heavy sandboxing on phones, and so on. Running an in-kernel component for an application goes against that.

[gruez]

>I wonder what happens when the FISA court orders Riot to [...]

FISA? Try the CCP.

[ravenstine]

Yes, Riot Games, which is owned by Tencent, which is an arm of the Chinese Communist Party. Hmmmm. Just the people we need to install rootkits on millions of computers.