League of Legends INFECTING Windows Users with Rootkit

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

riot games has decided to break their game League of Legends for Linux Gamers under the guys of stopping cheaters if you're playing league on Windows though it's much worse for you as a Linux gamer the effect is pretty obvious it's broken but if you're on Windows you should be playing something else stop playing this game just go play Dota 2 Riot games has never officially supported league on Linux so it's annoying but it's not surprising the surprising part is that they just deployed a root kit on the computers of the windows league players that's why it broke on Linux Linux is made in a way that they can't force a root kit on us so they just broke it instead for those that don't know what a rootkit is the term is a combination of root and toolkit root is a unix/linux term that is the name of the user account with the most permissions on the system basically it means with that level permission you can do whatever you want toolkit is a collection of software that implements a tool so that makes sense now when you typically hear the term rootkit it is often used to describe some kind of malware but it's not exclusively a malware term anything that has that level of permissions is known as a rootkit sometimes these are made for developers to debug a system and there's all sorts of other reasons so if a piece of software not a user has this level of permissions it's a rootkit regardless if it's malicious or not clearly this is something that should not be part of installing a video game but there are even reports of people saying that Riot games's Vanguard rootkit has been bricking their computers making them unusable I don't know if that's true but what I do know is that Vanguard from Riot games is a ridiculous overreach so what is Vanguard Vanguard is the name of Riot games's anti-che tool now anti-che tools are kind of understandable cheating in competitive online games is a pathetic thing to do and it's also pretty rampant I get why they would want to stop cheaters but Vanguard is not just an anti-che tool it's a kernel level anti-che tool and it's not just a kernel level anti-che tool but a permanent rootkit that you are required to install to play the game a kernel is the software that effectively makes an operating system work with the hardware of a computer so it's like the heart or brain of the OS kernel level means having access to everything the kernel has access to which is everything anti-cheats do not need to have kernel level access there are many anti-che tools like valves vac blizzards Warden and 343 Industries Arbiter that do not need kernel level access to be effective so for those that claim it's a necessary evil no it's not the word necessary means you have no other option but they do in the blog post where Riot games announced this rootkit being required to play league they put a section of frequently asked questions and in my opinion the answer to those questions are lame a lot of what bothered me about these answers is from a perspective of a Linux gamer but some of them the first question is isn't Vanguard spyware the way that they did this answer it just saying the words is not enough I wanted to see if I could try to capture the feeling of what they were trying to say no but I'm sure those words in that exact order are mathematically the fastest way to farm retweets content algorithms everywhere are programmatically addicted to the click to words spyware and rootkit those that that they can generate and mathematically hunting for their next fix has steered them away from informative journalism and into a sort of faux pandemonium that's only remarkable in its unhelpfulness I hope I captured that well get you the essence of what you were trying to say I've been an entrepreneur most of my life I have a lot of experience in many things when people ask me what I do I don't like to say entrepreneur because it's vague and kind of strikes me as is pretentious so instead what I tell people has fluctuated over the years based on what business I'm involved in at the time I'm one of the co-founders of tux digital so these days I say I'm a media producer at one point I was running a marketing and design agency so I called myself a marketer or designer all that is to say as a marketer that answer I just read to you is what ticked me off enough to make this video the sneaky marketing used in that answer just well they start off the answer with an outright denile saying it is not spyware and that is technically correct you are technically correct the best kind of correct Vanguard is not spyware because a definition of spyware includes the need for the software to be covert or hiding from the user AKA spying on you so on the basis that they told you about it it doesn't technically count as spyware the rest of their answer though that's what bothered me they conveniently included the term rootkit next to the denial but without directly denying it being a rootkit this is just my opinion but it came across to me that they were trying to get people to associate their denial of spyware as also being a denial of being a rootkit they also surrounded this convenient inclusion of the term rootkit with language that suggests they are offended by the question a question they ask themselves so yeah it's not spyware I agree but it does qualify for the criteria of a root kit because it is a toolkit with root light permissions I'm not saying it's a malicious to kit but it doesn't have to be malicious to be a rootkit now Vanguard isn't the only konel level anti-che tool battle eye and easy anti-che from epic games both run at the kernel level so yeah I'm not a fan of these root kits either but there are some significant differences between these two and Vanguard while yes battle eye and easy Andy cheat are kernel level they only run while playing the game whereas Vanguard is designed to be running all the time that's right the moment you turn your computer on Vanguard is there no matter what the other big difference at least for me as a Linux gamer is that battle eye and easy anticheat work work on Linux so games that use those can be played on Linux yes I do realize I just said something that sounds kind of like a contradiction earlier I said Linux has made a way that they can't force a root kit on us so how does a kernel level anti-che like battle eye and easy anti work on Linux that's where the awesomeness of proton comes in proton is essentially a compatibility layer that valve and a company called code Weavers made to make Windows games work in Linux that's right there are thousands of games that you can play in Linux right now that were not made to be played on Linux proton is based on a project called wine the purpose of wine is to run Windows apps in non- Windows systems wine also can be used for games but it's not really focused on gaming which is where proton comes in proton adds things on top for gaming now in order to run Windows apps one of the things wine has to do is reverse engineer the windows kernel so there's a wine kernel this wine kernel has a bridge made to work with the Linux kernel so this is what makes it possible for these kernel level anti sheets to work while not having access to the Linux kernel because they have access to the wine kernel in my opinion this structure actually makes Linux gaming better because you can get the benefit of the anti tools without having to deal with them getting the insane permissions that they want and while we're on the subject why does Microsoft even let them do this people are saying they can't move the taskbar anymore so Microsoft won't let you move the taskbar but a kernel level root kit is okay apparently I mean what what if I'm personally incompatible with Vanguard their answer is is we get it and we 100% respect your decision if your beef is only about data privacy at Riot running the game client or running Vanguard makes not one bit of difference makes not one bit of difference what what who talks like data can still be retrieved from user mode and we're all Engineers from the same studio with the same goals none of which are collecting your personal information if Riot hasn't earned your trust do not run our software there it is the good old trust guilt trip now there is an element of trust in all software and all Computing for that matter you're trusting the operating system to be good to you you're trusting all the apps that you use to be good to you and all of the services you use to be good to you there's a lot of trust involved in using a computer and using the internet and all that however kernel level trust is usually exclusive to the developers of the operating system or you know the kernel that part where they say we're Engineers for the same studio with the same goals it's interesting how you forgot to mention that that same studio is owned by tinent which is a $70 billion a year Mega Corporation so you probably don't have the final say on what happens inside of your company oh and while I was researching this topic I saw some reports that says your servers were compromised many years ago but also that it was affecting your per their players's personal data and you seemingly forgot to tell people about it for at least a year or so so trust people not wanting to give Colonel level access of their computer to random people and some random game company owned by a mega Corporation that's not paranoia that's just called having good sense I mean what if you hire someone who you thought was a good person but really they were just pretending so they could get access to this kernel level route kit that you put in every player's computer that runs at all times it's not about trusting you it's about making good decisions and people shouldn't have to voluntarily install a rootkit to play a video game another answer that didn't sit well with me with my marketer side that is was about the Linux support it says what about Linux we've never officially supported Linux and it's true that the current lutrus based implementation for League that uses wine will not be able to satisfy the Vanguard driver requirements Linux does not currently afford a sufficient ability to attest boot state or kernel modules good job to all the devs who made kernel level stuff not be an option thank you for that and the difficulty in securing it is only compounded by all the frustrating differences between distributions W valve steam client works on any Linux drro so that's clearly wrong even allowing emulation is an exceptionally dangerous game as many cheats could just then run on the h host manipulating or analyzing the VM in a way that would be invisible to Vanguard within it there are so many things wrong with this first just use proton proton is not emulation so your complaint about that is irrelevant then you say VM as in virtual machine or virtualization and emulation and virtualization are different things half of antiche is making sure the environment hasn't been tampered with and this is extremely hard on Linux by Design again good job Linux steps they say they act like that's a bad thing it's not oh my goodness any back doors we leave open for it are ones developers will immediately leverage for cheats that's so funny you're actually admitting you want to have back doors into people's computers you don't okay and yesterday there were just over 800 Linux users on League we have evaluated this risk to not be worth the payoff here we go this is the part that I wanted to talk to you about the marketer side of Michael was very annoyed by because a lot of companies like to claim that Linux is not big enough to be worth the payoff this isn't just gaming companies it also applies to app companies too but that 800 players on Linux looks pretty small huh well that's because they're hoping you just see that number and ignore everything else it said and yesterday so that 800 Linux Gamers applies to a single day there's more league players on Linux obviously because not everyone will be playing on that one day this is enough to show they are misleading but my frustration skyrockets because they are trying to say it's not worth it I'd like to remind you of the beginning of this answer we've never officially supported Linux and the part of the lutrus based implementation for League they're ignoring that in order to be one of those 800 Linux Gamers those people had to jump through a bunch of Hoops and deal with a bunch of headaches to play their game you know they said they never supported Linux the luchas team are awesome there're a bunch of awesome people making it possible to play games on Linux even when the game devs refuse to care about our platform thank you so much lutus here's a list of what was needed for Linux Gamers to do in order to play this game again thanks to Lut for making this so much easier but this is a lot of stuff I talked to one of the lutr devs that worked on this who goes by the name glorious egg roll and he said that Riot games also broke it quite often with updates so he had to frequently fix things and by the way he's going to be on my podcast soon for an interview so go to destination linux. net to subscribe for that so Riot games you are telling me that over 800 people in a single day were so interested in playing your game that they were willing to jump through those hoops and have those headaches to play a game on a platform you never bother to care about and you don't realize how big the gamer base would be if you just made it possible to click a button that says play really in addition to the tragic logic they're using to pretend the gamer base is small there's also the part where they claim Linux is too dangerous because cheats would be made as if that would be an easy thing to do this would be a very very hard thing to do this would require developers to have understanding of writing code for Windows writing code for Linux they would also have to know how Wine Works they would have to know how proton Works they would have to know the differences between wine and proton they would have to understand how the bridge between wine and proton Works to connect to the Linux kernel and that's just the stuff I can think of off the top of my head there's even more things of having to change the wine kernel it's like and how those Tri those things happen trigger the anti cheats super fast like it's a massive mountain to climb I mean even just knowing how to write software or games or code or whatever for Windows and Linux that's already a lot but then you have even more necessary for all the other stuff with the wine and proton and the bridge stuff like this would be such a massive thing to attempt I would probably say that most people who are in this space making this kinds of software would evaluate this risk to not be worth the payoff it's not like Vanguard is even a foolproof system to stop cheaters on Windows something else that would be invisible to Vanguard is someone using a second computer to run the cheats someone having two computers is also not that ridiculous it wouldn't take that much to run these kinds of things just a laptop would probably do it in fact a lot of streamers already do this one this two computer thing they have one computer for the gaming and one computer for streaming and now that think think about it I remember when first person shooters started getting cheaters on the monitors like monitor companies were helping people cheat they would put crosshairs directly on the monitor so if a game removed the Crosshair it wouldn't matter it would still be there on the monitor now I haven't looked up monitor cheats in a long time you know actually I wonder what's out there now [Laughter] okay I love this now technically thinking about what this imp this implies I don't like it but I love the just the timing of this the trolling of this H this MSI announced a monitor I didn't know this they announc they announced a monitor at CES that basically uses AI to help people cheat it's an AI powered cheating Monitor and the game that they show for the demo of it cheating is League of Legends that's that's beautiful I mean it's not good that they're making this sort of thing but it's oh my goodness but also I mean MSI it's not really a good thing to do but it is funny it is very funny and for those who are wondering like you know couldn't you just ban the monitor I mean they could just send the signal to the colonel telling it it's a different monitor you know like a monitor that is similar has similar specs but doesn't isn't that particular one so there's really no way to actually stop it so in the case of that monitor I don't even know what you could possibly do but most people aren't going to be going out to buy a monitor for this particular purpose maybe some would but most wouldn't and in the case of most cheats they're kind of annoying to set up especially why you wouldn't have any reason not to support Linux but there are many ways to stop cheaters it'd be more effective than having a kernel level anti cheat to use statistics of a player like in the case of a first- person shooter like with an FPS people who have 97% head shot accuracy are clearly cheating since that is not even humanly possible to do and I'm sure league has some kind of thing that humans simply can't do and use that as a reference point for the bands now some games have Community report systems and there's other techniques to do Banning but also I noticed that you're ending your games while are happening and telling people it was because of a cheater which is effectively telling the cheater that you know they're there and you're stopping the game right then doesn't that help the cheat developers because they can just check to see what causes the detection that's the point of band waves so that they can't use any data to test it they collect all the things all the accounts to ban and then they do it in a big scope a big wave of banning so they don't let anybody be able to test and see what triggered it I mean there's so many things wrong with this here's the last answer that I want to talk about from their frequently asked questions what about OS 10 OS 10 really maybe they aren't trying to mislead people about Linux with the marketing Spence stuff they might just be clueless because they don't even know the the name of Apple's OS they make a game for it and they don't know what it's called I don't know their answer says there isn't yet as much tooling on OS 10 Mac OS for script development although the need is growing for now Mac won't have Vanguard let me get this straight so Linux Gamers can't play because it's too dangerous or whatever even though making cheats on Linux would be absurdly difficult through proton and all of that stuff that we already talked about but you made a native Mac version that doesn't have Vanguard at all stop it get some help once again I'd like to bring your attention to Dota 2 it's a game doesn't require you to have ridiculous root kit in your system and people seem to love it some people like it more than league so if you haven't checked it out DOTA to

Info

Channel: Michael Tunnell

Views: 6,009

Rating: undefined out of 5

Keywords: Linux, open source, technology, linux news, gaming news, tech news, league of legends, linux gaming, install lutris, league of linux, league of legends linux, lutris wine, wine gaming, rootkit, spyware, malware, riot games, vanguard, valorant, dota 2, valve, steam, halo, 343 industries, blizzard, warden, arbiter, vac, tencent, kernel, kernel level, anti-cheat, game cheat, game cheaters, gaming on linux, esports, lol, league

Id: ROoJjXY_Ktw

Channel Id: undefined

Length: 19min 41sec (1181 seconds)

Published: Sat May 04 2024