Secure boot won’t let your kernel be modified though.
Their anti cheat software just makes sure that you haven’t tampered with the kernel at all. It just monitors for any changes after the system has booted.
Not entirely. The actual anti-cheat software that have access to the kernel with Secure Boot can be modified either intentionally by the developer or unintentionally by a hack. It’s unnecessary attack vector among many other non-security related issues.
No the anti cheat is just very intrusive and does wild stuff to look at what other process3s are doing and checks system calls etc. The fact that bf6 wont run if you have the riot games anti cheat running (wich alsso is very bad) is telling. If one company cant trust that the anticheat of another company may break something when it interferes with yours is bad. Look at the crowdstrike incident.
Microsoft itself wants all this stuff gone from the kernel after crowdstrike. If your anticheat needs root acess to look at every file, process and syscall to check if you are hacking it is a desaster waiting to happen. Look at all the anti virus programs that were hijaacked to get root acess before.
Sounds like these game studios are creating horrible software on a horrible OS, but this anti cheat is still not modifying the kernel, and secure boot also is not a rootkit.
It operates at kernel level, it lives in the kernel, i would argue it “modifies” the kernel since it lives there. Also you cant say that its not a rootkit since there is no way to know what the anticheat does. If ea or riot games or others eant they can look at your files processes or just do whatever since they habe access to everything. This is a rootkit, you just hope they only look at the processes to stop cheaters but you cant know if they may send something back or execute other code.
Until its concealing its behavior by modifying files or executing processes without your knowledge, then it isn’t a rootkit. They tell you what it does, and they get your permission to install it.
Its anti cheat software that monitors your system and kernel. Not a rootkit.
Are people still parroting that secure boot is a rootkit, even though its actually designed to prevent root kits from being installed?
Secure Boot is not the rootkit, the anti-cheat software that requires kernel level access (Secure Boot) to operate is the rootkit.
Secure boot won’t let your kernel be modified though.
Their anti cheat software just makes sure that you haven’t tampered with the kernel at all. It just monitors for any changes after the system has booted.
It does not modify your kernel.
Not entirely. The actual anti-cheat software that have access to the kernel with Secure Boot can be modified either intentionally by the developer or unintentionally by a hack. It’s unnecessary attack vector among many other non-security related issues.
My point stands. The anti cheat doesn’t modify your kernel though. Its not a rootkit.
No the anti cheat is just very intrusive and does wild stuff to look at what other process3s are doing and checks system calls etc. The fact that bf6 wont run if you have the riot games anti cheat running (wich alsso is very bad) is telling. If one company cant trust that the anticheat of another company may break something when it interferes with yours is bad. Look at the crowdstrike incident.
Microsoft itself wants all this stuff gone from the kernel after crowdstrike. If your anticheat needs root acess to look at every file, process and syscall to check if you are hacking it is a desaster waiting to happen. Look at all the anti virus programs that were hijaacked to get root acess before.
Sounds like these game studios are creating horrible software on a horrible OS, but this anti cheat is still not modifying the kernel, and secure boot also is not a rootkit.
It operates at kernel level, it lives in the kernel, i would argue it “modifies” the kernel since it lives there. Also you cant say that its not a rootkit since there is no way to know what the anticheat does. If ea or riot games or others eant they can look at your files processes or just do whatever since they habe access to everything. This is a rootkit, you just hope they only look at the processes to stop cheaters but you cant know if they may send something back or execute other code.
Until its concealing its behavior by modifying files or executing processes without your knowledge, then it isn’t a rootkit. They tell you what it does, and they get your permission to install it.
Its anti cheat software that monitors your system and kernel. Not a rootkit.
Technically you are not wrong with what you are saying, however you still miss all the important points.
I believe you are missing my point