[BxGyw2]

Source Engine CVE-2021-30481

There's actually been a lot more of these that don't get CVEs It's one of the reasons I prefer to game in a VM with heavy network filtering and egress only through VPN

There is little to no care from game developers about security, games with actively exploitable RCEs (see pretty much the whole CoD franchise) are just allowed to stay up on Steam

Gamers are also kinda dumb and oblivious to RATs etc which doesn't help

[poly_morphis]

How do you game in a VM? A lot of my game time includes flight simulators with many external peripherals.

[BxGyw2]

Not gonna lie and pretend I know how it works but qemu is capable of passing USB devices into VMs while they are connected and visible to the host kernel, and this works perfectly for me for joysticks, steering wheels and other shit

For mouse and keyboard I just use the evdev forwarding thing where you press both ctrl keys to swap between host and guest

[5e92cb50239222b]

This is the biggest obstacle you're going to face:

https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF

With AMD cards it's relatively easy if you're willing to install two cards and have one of them just sit there doing nothing when you're not using the VM. It's also possible to use just one card and detach it from the host system, pass it to the VM, and then reattach back to the host system when you're done playing, although I spent multiple days on this and never got it working. YMMV, it was 2-3 years ago, the driver support may have improved.

With nvidia it ranges from difficult to impossible.

[smileybarry]

The only good working solution I found (other than PCIe passthrough or specialized GPU virtualization) is VMware stuff (with better success on Windows [as a host]), because their DirectX virtualization is top-notch. Years ago I did some random testing of my Steam library and got close to native performance.

Obviously, it means you can't use DLSS, RT, or any other GPU-specific features, but their DirectX virtualization supports up to DX12.

[gruez]

external peripherals is probably the easy part, given that usb passthrough almost always "just works" in my experience. The bigger problem is getting GPU passthrough working.

[ehnto]

Naive and trusting is probably a fairer characterization. They aren't nor should they need to be security experts, the company who distributed the code should be more responsible, and more controversialy I think they should also be more culpable. We are past the startup friendly wild west stage of software technology, we know better and should expect better.

[simooooo]

How do you play any game with anti-cheat in a VM?

[BxGyw2]

Depends on the game. The answer for me is I'm not really interested in flavour of the month online shooter games so it's never been an issue but I know plenty of people who are and just continue to modify their VM until it's not detected - it's always gonna be something you can do to hide from the AC

[jamesfinlayson]

Which anti-cheat would be triggered by running in a VM? I thought VAC worked by detecting runtime patching of .dll files.

[BxGyw2]

VAC has a number of other triggers too but doesn't care about VMs in particular. I think everyone and their dog is an expert in not tripping VAC at this point

It's mostly those annoying ACs with kernel modules like EAC, BattlEye, ESEA etc. that do anti VM in an attempt to prevent cheat devs from 1. debugging the AC without at least a little effort and 2. having a clean OS but reading guest RAM from the host to avoid the anticheat entirely