1462
Steam games will now need to fully disclose kernel-level anti-cheat on store pages
(www.gamingonlinux.com)
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Submissions have to be related to games
No bigotry or harassment, be civil
No excessive self-promotion
Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
Mark Spoilers and NSFW
No linking to piracy
More information about the community rules can be found here.
It's not just trust of the game developer. I honestly believe most of them just want to put out profitable games. It's trust that a hacker won't ever learn how to sign their code in a way that causes it to be respected as part of the game's code instructions.
There was some old article about how a black hat found a vulnerability in a signed virtual driver used by Genshin Impact. So, they deployed their whole infection package together with that plain driver to computers that had never been used for video games at all; and because Microsoft chose to trust that driver, it worked.
I wish I could find an article on it, since a paraphrased summary isn't a great source. This is coming from memory.
That's not an accurate description of the exploit you describe. It sounds like the attacker bundled a signed and trusted but known vulnerable version of the module, then used a known exploit in that module to run their own unsigned, untrusted code with high privileges.
This can be resolved by marking that signature as untrusted, but that requires the user to pull an update, and we all know how much people hate updating their PC.