this post was submitted on 05 Feb 2024
90 points (96.9% liked)
Linux Gaming
15567 readers
511 users here now
Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME
away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.
This page can be subscribed to via RSS.
Original /r/linux_gaming pengwing by uoou.
Resources
WWW:
Discord:
IRC:
Matrix:
Telegram:
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
In my spare time I work on some networked applications, and so have had to look into security and all that. The one thing they tell you is to NEVER FUCKING TRUST ANYTHING AT THE OTHER END OF A NETWORK CONNECTION. No, anticheat rootkits doesn't allow you to ignore this, and it's massively irresponsible to rely on anticheat as your main way of ensuring security.
If someone gets past rootkit anticheat on a "normal" game where it is being used as a replacement for proper server side anticheat, it's no big deal. Just have a reporting system in place, and ban them. The worst you'll get is people on Reddit complaining about "rampant cheating" or whatever.
If someone gets past rootkit anticheat on a game where it is used as a replacement for network security fundamentals, you're suddenly going to have to find a way to explain to all your customers (and possibly lawyers) that due to your negligence, other people have had full access to their computers.
I'm a DevOps engineer by trade, and do a lot of work with network security. "Never trust anything on the other side of a connection" is fine and all as a rule of thumb, but real solutions have more nuance than that. What is "trust"? Should I just never connect to anything? Obviously we have to, so we're already assuming some level of "trust". There are always degrees of trust, and a peer to peer game server is a higher degree than browsing a site hosted by a server, is what I think the developer meant.
Now, I agree with you, this shouldn't be some full substitute for proper network security or whatever, but I don't think they've given any indication that's the case. I can also speak from experience that certain choices in tooling are thrust upon dev teams at times, for cost or "political" reasons. It's also fully possible it's just a bad call from a techie who worked on a prior project with it or something.