Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a "game server" so hackers simply booted up a fake server, told BattleEye that "player X has logged in and is doing a bunch of suspicious stuff" and then player X's account was no more...
That's scary. I have an old Steam account with tons of games and already got banned once due to a bug in anti-cheat software and for a while my whole account was marked with a cheater tag.
The bug was so widespread that developers eventually removed bans but I'm sure something similar could happen where problem goes undetected and it would be really hard to try to convince developers to lift a ban.
It's crazy that people allow this stuff to effectively run as root. One of these companies is going to have a vulnerability that lets other players run code on your machine in kernel mode.
It's kind of amusing to me how some PC gamers act superior to console gamers because PC gamers run their games on a flexible, customizable, general-purpose machine that the user controls rather than an appliance... and then immediately hand over control to half a dozen companies at a level that reduces "their" PC to a vendor-owned appliance anyway.
If you are a PC gamer and run anti-cheat software like this, you should probably think of your gaming PC as a much more powerful and much jankier console, and avoid running or storing anything on it other than your games.
You just dual boot. Windows is a joke itself even without the anticheat shenanigans so I use it like a toy. Any real work gets done in Luks encrypted Linux inaccessible to the Chinese company with a rootkit in my windows. Hopefully.
What makes you think the PC gamers who do the PC master race things are the same people as the ones playing games with invasive anticheat? Just because they both game on PCs? Your assumption tells more about yourself than those mythical “PC gamers”, whoever they are.
Maybe you skipped over the word "some" in your reading of my comment, or there's other ambiguity in the scope of a subordinate clause that you interpreted uncharitably, but I don't actually assert (or assume) that all or only PCMR types run games that require such rootkits.
A lot of people do! That's what makes it mainstream.
Even though it's not been part of my life for a long time, I would still prefer a world where people can participate in trendy multiplayer games without subjecting themselves to such corporate malware.
But I agree, many games are better and lack this, and a lot of games that rely on nasty anti-cheat software succeed more based on network effects than on intrinsic excellence.
If you game for games' sakes, it's not too painful to avoid games so encumbered, or to cut these from your gaming diet. If you game as a ritual to stay in touch with distant friends, you will probably experience more pressure towards the rootkit-encumbered slop.
Happens about as often as games ship UI middleware that uses html and has xss, leading to an rce when the game leaves itself running as admin after an update. So basically all the time.
This BattleEye exploit demonstrates a classic failure of trust boundary definition - they effectively created a system where client attestation was accepted without proper authentication or verification.
It means you trust something with lower trustworthiness without (re)validating, or even trusting it at all if the validation isn't all but guaranteed. The boundary is when you switch between levels of trust.
Trusting something outside of your control is a good example. When your trusted game server trusts the untrusted game client when it says "trust me, it was a headshot" without validating this.
Anyone who's attachment to gaming is low enough to let things like this effect their purchase decisions are already out. To the devs/pubs, those customers don't even exist in the category of potential customers. So they just worry about not pissing off the existing customerbase by changing the status quo too much or too fast.
Also, they linked this post that made my jaw drop: https://www.unknowncheats.me/forum/anti-cheat-bypass/667333-...
Apparantly BattleEye anti-cheat had an exploit where hackers could permanently ban any player they wanted. BattleEye allowed anybody to log in as a "game server" so hackers simply booted up a fake server, told BattleEye that "player X has logged in and is doing a bunch of suspicious stuff" and then player X's account was no more...
I'm sorry, why do we trust these guys again?