What the Crowdstrike incident means for the future of gaming

preview_player
Показать описание
Crowdstrike. You've heard about it. The cybersecurity disasters that hit over 8 million devices, caused half the world's commerce to grind to a halt in a matter of minutes. There's a non-zero chance that you were effected by it in some way. Whether your work computer was down or you were stranded at an airport for days… the Crowdstrike incident proves that kernel-mode software is an unnecessary liability-even if it's presented as a solution to a legitimate problem.

You see what happened was Crowdstrike markets their "Falcon Sensor" software as a proactive solution against malicious programs. You can boil this down to malware and unauthorized access. The problem arose because Falcon Sensor is installed at the kernel level. It's called kernel-mode and it means that the program has nearly complete, unfettered access to your system. But it also means that if the program crashes, it will take down the entire computer with it.

And that's what happened last week when Crowdstrike pushed an update to their malware definitions that put 8.5 million devices into a BSOD loop.

Now, this is a gaming channel. So what does any of this have to do with gaming?

Well, it just so happens that Easy Anti-Cheat, BattlEye, EA Anti Cheat, Vanguard and others are all kernel-mode applications… just like Crowdstrike's "Falcon Sensor".

But, there's a critical difference here. Falcon Sensor is software (ostensibly) created by cybersecurity experts. Guess what video game developers are not security experts.

Affiliate links:

*Support the Show*

*Elsewhere on the web:*

About Gardiner Bryant: A native Maine resident, Gardiner (yes, that's his first name) is an enthusiastic Linux evangelist, a believer in the efficacy and superiority of the Free and Open Source way, and President of Heavy Element. Heavy Element offers web design, media production, and YouTube consulting services to individuals and companies in Maine and beyond.

#crowdstrike #easyanticheat #anticheats

-- Chapters --
00:00 Introduction
01:39 These Companies Are Not Security Experts
02:09 These Companies Aren't Trustworthy
02:58 They Write Terrible Software
03:52 Apex Legends Hack: A Case Study
05:19 Trust (the other kind)
06:49 Anti-cheat is installed on more devices than Crowdstrike
07:40 How a Zero-day Exploit could spell disaster

Anti-Cheat is a Disaster Waiting to Happen
  1. Gardiner Bryant
  2. BattlEye
  3. EA Anti Cheat
  4. Easy Anti-Cheat
  5. Gardiner Bryant
  6. The Linux Gamer
Рекомендации по теме
What the Crowdstrike 0:08:57

What the Crowdstrike incident means for the future of gaming

Introduction to CrowdStrike 0:07:08

Introduction to CrowdStrike Falcon Endpoint Security Platform

The CrowdStrike Problem 0:13:04

The CrowdStrike Problem Isn’t A Simple Fix…

Day-198: How 0:16:51

Day-198: How Does Crowdstrike Falcon Malware Detection And Analysis Tool Work?

Crowdstrike - All 0:07:23

Crowdstrike - All Modules Explained | SOC EDR Vulnerability Management Threat Hunting & Intellig...

Introduction to CrowdStrike 0:01:25

Introduction to CrowdStrike

Welcome to CrowdStrike 0:04:57

Welcome to CrowdStrike

What is XDR 0:08:54

What is XDR vs EDR vs MDR? Breaking down Extended Detection and Response

this trend makes 0:07:18

this trend makes me very concerned.

Cybersecurity Threat Hunting 0:06:51

Cybersecurity Threat Hunting Explained

What Is SIEM? 0:04:29

What Is SIEM?

SOC 101: Real-time 0:12:30

SOC 101: Real-time Incident Response Walkthrough

What is Endpoint 0:05:34

What is Endpoint Detection and Response (EDR)?

NEVER buy from 0:00:46

NEVER buy from the Dark Web.. #shorts

What is SOAR 0:07:16

What is SOAR (Security, Orchestration, Automation & Response)

XDR (Extended Detection 0:06:18

XDR (Extended Detection & Response) Explained

Value of OverWatch 0:05:07

Value of OverWatch

SentinelOne vs CrowdStrike 0:15:40

SentinelOne vs CrowdStrike | CRWD Stock vs S Stock

CrowdStrike Store – 0:02:39

CrowdStrike Store – Falcon Forensics

How Fast Response 0:09:37

How Fast Response and Remediation Prevents Breaches

How to Create 0:03:19

How to Create Custom Rules with CrowdStrike

How CrowdStrike Protects 0:04:44

How CrowdStrike Protects Linux Hosts

Adam Meyers, CrowdStrike 0:17:13

Adam Meyers, CrowdStrike | CrowdStrike Fal.Con 2022

CrowdStrike webinar with 0:27:07

CrowdStrike webinar with Redington on CrowdStrike Falcon Solution Walkthrough - 14th September 2020

Комментарии
Автор

The Apex Legends hack is one big reason why StarCraft II removing LAN was such a masive mistake in the long run.

KingKrouch
Автор

Why the hell are governments angry at TikTok because they're owned by a Chinese company but aren't when a Chinese company writes a literal rootkit to get people to play a game? Like, WTF!?

cameronbosch
Автор

I'd heard Microsoft is removing support for any kernel-mode apps.

On my opinion about that: That's good, because kernel-mode apps sucks.

Not only that kernel-mode apps suck, they're also of course dangerous.

Romactu
Автор

Keep that garbage out of my single player games, looking at you Capcom!

Cloud
Автор

In fact Crowdstrike isn't the first incident.
Remember Starforce? Yes, the DRM that could literally crash your computer!

system_MC
Автор

Microsoft might be restricting direct kernel level driver support in Windows, people have only been banging on that NT supporting Kernel level drivers was a bad thing from day one yes it took a good while but someone did the unthinkable to Microsoft and mad a driver so bad Windows boot looped, security experts have been saying for years this could happen at some point and it finally did.

arranmc
Автор

I'll be happy to play offline but many games won't allow this anymore.

MiraSmit
Автор

yup, i've always considered these malware that people accept willingly

GraveUypo
Автор

Mental Outlaw has a video I watched last night about how Microsoft is looking to be more restrictive with kernel mode drivers, and the potential trickle down effect this could have for gamers, particularly Linux gamer who can't play these kernel level anti-cheat games at all

joewell
Автор

You can be the biggest fan of China, you can love all these companies, you can assume zero malicious intent, and still come to the logical conclusion that giving them kernel level access to your computer is not a good idea. All that needs to be true is that humans can make mistakes in coding and that code can be exploited or error out and cause impact. Crowdstrike is proof of that.

Martin
Автор

My hope is that the enterprise solutions for process isolation or VM isolation trickles down to consumer hardware.

Then they can sandbox every game for anticheat reasons and it won’t crash the system or be as vulnerable to massive exploit.

Zaf
Автор

Apex legends turned out to be those 2 players downloading and running unknown software from their chat...

knexfan
Автор

EAC has rendered my elden ring on steam deck completely redundant, even after installing the new GE proton

Chron
Автор

I believe kernel level anti-cheat should be resurved for e-Sport tournaments where prizes are on the line, when it makes sense to regulate hardware and software used in competition. Cheating and mods are part of the fun of single-player games, but in public multi-player just optionally banning VPN and maybe timed IP & MAC addresses of reported griefers should be enough if such tools were better. A way to disable spoofing would probably still need to be kernel level on the game client side, but server-side cheat detection should be able to handle everything else... maybe focused around skill based match making so those who do use accessibility supplements will still get fair play amongst a more elite group.

christopherschmeltz
Автор

Finally a video talking about this. Soo upset when ea implemented their kernel level anti cheat for ea wrc 7months after launch.

KurtAppolis
Автор

Everyone should, if possible, purchase home and handheld consoles from the PS3/360/Vita/3DS eras and earlier. In addition, purchase physical games for these machines. There’s a massive library just from the PS2/PSP eras that could last many lifetimes. Enjoy it all without being beholden to any of this nonsense.

ordohereticus
Автор

I've always thought that among the IT industry game security is not taken nearly seriously enough. It's not important within a company, since you're probably not installing this stuff on company computers. *However* there is significant crossover between the population of the gaming community and the IT industry. So it wouldn't surprise me at all if there are hacking and data ex-filtration capabilities built in to some anticheat systems, and even some game servers. What better way to get the keys to the castle than from the home computer of an IT worker employed at <insert company>. Personally I have two separate systems, one exclusively for gaming in a DMZ, and one for work. The gaming system is treated as a console and I use it for nothing else.

entelin
Автор

I hear too few Linux-YouTubers who do pay attention to gaming in some way (whether they game or not) point out that we should be happy that games with kernel-level anticheat don't work on Linux. Not only these anti-cheat devleopers are not security-experts, they also don't have the same skilllevel in general with programming lowlevel as the main kerneldevelopers like Linus Torvalds and Hartman. It simply is a niche-specialization in the programming world, just because you can program well on a higherlevel using all kind of systemlibraries and API's does not mean that you can program well on a low level. On the low level it is all about security, stability and optimizing the code well. How likely is it that those qualities will get the priority when the goal is to catch cheating behavior and how likely is it that those developers who got chosen and chose to do this are as capable at this as people who have been programming on kernel-level for a few decades with the intention to have a stable, secure and fast working kernel for an OS?

peterjansen
Автор

I don’t play anti cheat games for this reason!

Butterscotch_
Автор

the apex hack was believed to be two-fold - one was compromised end users (the tourney players) and proven by screencaps of malwarebytes showing remote connections to their pc, and the other half seems to be some form of access to the server they are playing on, modifying what the server is doing. its unclear how that exactly took place, but it is strongly believed that it requires the attacker to know the id of the server to be able to interact with it, leading people to think a compromised client sending commands to the server, or a compromised computer inside apex's dev team was accessing the server to change what the server was doing.

Chaos_Rifle