The native isolation mechanisms like silos are things that require wrangling by professional sysadmins, I didn't even know they existed until I started writing this post. The real question to be asking is why is sandboxing so bad on Windows? Despite some searching, I still have no conclusive answer as to how to go about filesystem isolation in Win32-space, or if it's even possible.
It's great for testing, and Sandbox is just the tip of the iceberg of what Windows Containers support
- e.g. maybe someone can come up with "launcher" that goes through it (somehow).
Consider that people pay a $300 premium to get ~10% better performance (buying an RTX 5080 instead of a 5070 Ti).
Personally I know that sometimes closing the web browser in the background makes my game run better - that web browser doesn't even interact with the game! Would a sandbox have a smaller impact?
Buying a better GPU improves your graphics performance and that's basically unrelated to the area where a sandbox impacts performance.
Killing your web browser is probably just lowering memory pressure?
Sandboxes add overhead to syscalls. It's kind of similar to running under Wine, which also adds significant syscalls overhead. Wine also has a much more impactful DirectX translation layer, so your sandbox performance would be probably be much better than the Wine performance.
They also need low-latency access to the GPU, which I suspect is a fertile vector for privilege escape exploits.
https://gist.github.com/q3k/e5952111283ea59ee78a7699919a055b
"Beyond the Darkness" was released on Nov 14 2024 - https://store.steampowered.com/app/1728610/Beyond_The_Darkne...
"Beyond the Dark" (the malware) was released (ahem, renamed) on Dec 28 2024
Most games on itch.io are not DRMed.
"Congress is engaged in a witch hunt" is so 1950s.
"Civil rights should be applied to everyone" is so 1960s.
"Fossil Fuels are destroying the plant" is so 1970s.
"Unregulated free trade is dangerous" is so 1980s.
"The police are out of control and unduly target minorities" is so 1990s.
Something being old doesn't make it less relevant or important.
It means we need to say it louder, because for some reason the point hasn't been made clearly enough yet.
[1] https://videocardz.com/newz/riot-games-on-valorant-dma-cheat...
Wonder how much longer it could have remain undetected if it actually fired up a shovelware game that could run properly, things like crashing probably gave it away way faster than it could've.
It is interesting that it seems to easier to take over a legit game than trying to create a new one. I have seen this with youtube channels, inactive during a long period of time and suddenly showing mostly scams. Or the original owner became a criminal, or more probably were taken over criminals.
> The malware allegedly searched for cryptocurrency wallet browser extensions, including MetaMask, before connecting to external servers and downloading additional tools. These tools were reportedly capable of stealing browser information, passwords, and cryptocurrency wallet data.
Cryptocurrencies are the most insecure currency that we have even invented. It is paradoxical that is being marketed as actually safe.
I'm thinking of the scenario where the original devs sell the game rights off since sales are bottomed out.
The FBI were seeking victims for ~8 "games" earlier this year: https://forms.fbi.gov/victims/Steam_Malware/view
and, while denuvo and other drm for games is indeed awful, i find it silly to equate it with cryptocurrency stealing malware.
But if you know about it you have a choice not to buy / install it, like with games like Subnautica 2.
In theory, sandboxing mechanisms could even be used to improve anticheat.
What I always sort of assume the endgame could be for highly competitive Windows games is something akin to cartridge or bootable floppy games from the 8-bit era, where games would install into or be supplied as disk images containing locked-down Windows installations that only permit signed (and possibly whitelisted) drivers and whitelisted applications, which would include the game and a small number of other approved applications like Discord, MS Edge and possibly selected third-party browsers, and support software for hardware like GPUs and gaming input devices, which Windows would then boot to run the game, either on bare metal or in an isolated VM.
That’s hard to believe, given that many games run better under WINE than native Windows.
In any case, good for Riot, and good especially for their players!
and even if someone is cheating on a riot game, bricking their pc is obviously fucked, and will end up biting riot in the ass (i.e. not good for riot, either).
the one we're talking about, where riot tweeted "congrats on your $6k paperweights".
>The Riot example above specifically targets DMA cards (cheating hardware) which no legitimate user will have.
you can play league/valorant legitimately, be using dma for whatever else, and apparently riot will still gladly brick your pc.
you apparently don't even need the games currently installed! if you have vanguard leftover from months ago when you did play, remove all the games, and then decide to tinker around with dma for fun/learning/who cares, riot will still come after you, despite not even playing their games.
even if that seems unlikely, refer back to sentence #2 of my comment: "and even if someone is cheating on a riot game, bricking their pc is obviously fucked, and will end up biting riot in the ass (i.e. not good for riot, either)."
> you can play league/valorant legitimately, be using dma for whatever else
I don't think there's a way to check what memory a DMA card is accessing. I also don't see why legitimate users would have a DMA card. I think it's fair for them to assume a connection is there and react.
DMA cards are not $6k, so it is obvious that riot is not talking about the DMA card specifically. they are ~$300 - ~$700. the image they tweeted alongside was that of broken computers, not of broken DMA cards.
i am not sure why riot would admit to bricking $6k PCs if they werent. that would also be exceptionally stupid.
admittedly, the more i look into it, it appears the reports are soft-bricking (i.e., requiring a complete wipe and reinstallation of the OS, not hard-bricking). which is less awful, but still really awful.
>I also don't see why legitimate users would have a DMA card.
doesn't matter at all. if its not being used to interact with riot games, its none of riot's business and not on riot to determine the legitimacy of owning one.
>I think it's fair for them to assume a connection is there and react.
i think this is a wild take. this is effectively giving ownership of your software and hardware to riot.
if the reaction was simply to ban you from riot servers and games, sure, i could be convinced that's acceptable. but the reaction is beyond that.