Originally posted by NeoMorpheus
View Post
Announcement
Collapse
No announcement yet.
Wow! Microsoft DirectX Adopting SPIR-V Moving Forward
Collapse
X
-
Originally posted by Blisterexe View PostTheyre not doing that, theyre just adding more security option outside the kernel
Microsoft is looking at changing the requirements to get drivers signed by Microsoft. So for some parties Microsoft will be eliminating kernel access so far Microsoft has not said this is blanket.
- Likes 7
Comment
-
Originally posted by oiaohm View PostMicrosoft is looking at changing the requirements to get drivers signed by Microsoft. So for some parties Microsoft will be eliminating kernel access so far Microsoft has not said this is blanket.
Meaning, pretty much all kernel-level anti-cheat solutions are now zombies walking because they can't get signed. We're just waiting for the Windows releases to catch up and knock them out.
- Likes 6
Comment
-
Originally posted by ezst036 View Post
I suspect it will be extraordinarily difficult for _____insert company name here_____ gaming company to explain why their anti-cheat kernel driver qualifies as "mission critical" and thus needs kernel access.
Meaning, pretty much all kernel-level anti-cheat solutions are now zombies walking because they can't get signed. We're just waiting for the Windows releases to catch up and knock them out.
- Likes 5
Comment
-
The important part there is that nobody cares if gamers are f'ed over because some kernel-level anti cheat thing misbehaved. Sure, there will be a shit storm, but people will buy the crap containing kernel-level anti cheat things nonetheless, so nobody really cares. Hey, after all, we're talking about people that buy a "new" FIFA game every year. That whine a lot about new awful, buggy releases by Blizzard, EA and others and still walk into the same trap every time again... Hence the kernel-level anti cheat things will get signed, because the fallout is likely deemed "acceptable".
If however important (for Microsoft) businesses are affected, then it's a whole different story.Last edited by Berniyh; 20 September 2024, 01:26 AM.
- Likes 5
Comment
-
Originally posted by ezst036 View PostI suspect it will be extraordinarily difficult for _____insert company name here_____ gaming company to explain why their anti-cheat kernel driver qualifies as "mission critical" and thus needs kernel access.
- Likes 1
Comment
-
Originally posted by emansom View PostEmbrace phase. Wait a few years for M$ specific SPIR-V extensions that'll have to be reverse engineered.
Also, for example the Qualcomm X1E windows opengl driver is basically a fork of mesa; maybe this is also to ease integration of the mesa drivers into windows-arm?Last edited by mlau; 20 September 2024, 04:16 AM.
- Likes 7
Comment
-
Originally posted by MillionToOne View PostThey can and will get signed. Microsoft would make money from it, since ofc they're gonna request money for signing them. Any money is good money for MS.
EdgeBit secures your software supply chain by focusing on code that is actually running. This simplifies vulnerability management as it cuts through noise.
There is a new consideration for Microsoft. Microsoft signs a driver it get used in system exploiting then USA government, Australian Government and the EU government so far comes along with a please explain and hits Microsoft for fines for not maintaining software supply chain. So the money Microsoft gets to sign a driver could be vastly less than the amount Microsoft could get fined.
Originally posted by Berniyh View PostThe important part there is that nobody cares if gamers are f'ed over because some kernel-level anti cheat thing misbehaved. Sure, there will be a shit storm, but people will buy the crap containing kernel-level anti cheat things nonetheless, so nobody really cares. Hey, after all, we're talking about people that buy a "new" FIFA game every year. That whine a lot about new awful, buggy releases by Blizzard, EA and others and still walk into the same trap every time again... Hence the kernel-level anti cheat things will get signed, because the fallout is likely deemed "acceptable".
If however important (for Microsoft) businesses are affected, then it's a whole different story.
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Yes we already have examples of defective anti cheat drivers being used by malware authors on systems that don't have that game/s that the defective anti-cheat driver owns to and is using this anti-cheat driver to disable anti-virus/malware software.
Lets just say countries are kind of getting sick of their core operations being effected by OS allowing something at kernel level that has no real reason to be there. Yes kernel level anti-cheat drivers end up in malware that encrypting a countries hospital recorded because it defective and malware could use to bypass OS security is not going to be let fly right.
I will not say anti-cheat drivers will no longer be able to be signed at all. But with the supply chain regulations it is going to get harder to get a driver signed because Microsoft going to be on the hook for signing them with a percentage of legal liability.
I know supply chain liability for how it applies in transporting cargo since it been introduced in the USA, Australia and EU. How this would play out once supply chain regulation on software is fully in place Microsoft signed the driver they are up for percentage of the damages that the malware author has been able to do with that driver. 1 percent of a 100 billion dollars worth of damages is a lot of money and need to prove due care for why they signed the drivers to avoid paying the damages.
Fastest growing type of cybercrime is expected to attack a business, consumer, or device every 2 seconds by 2031
Yes at the rate ransomware damages is growing it will not be long to 100billion dollars per year.
Remember PC gaming revenue seams to be leveling off between 40 to 50 billion per year this does kind of mean 1 defective anti-cheat driver used in reason-ware attack could bankrupt anti-cheat company because governments come and ask for more money than what that company ever got paid due to their percentage of liability for writing the driver. Yes the same thing could apply to anti-malware companies.
Yes explaining in court why you signed defective anti-cheat system instead of implementing something like Google Play Integrity API to prevent applications from being modified is not going to go well. Explaining that user need X driver to operate X hardware and you did the best you could at the time could fly.
Yes this will come down to how well can you justify your actions in civil/criminal court.
This supply chain percentage thing is underhanded if we cannot find the true party at fault punish all those who possible aid them instead.
- Likes 7
Comment
-
Originally posted by Daktyl198 View PostIt's why nobody used OpenGL
Almost all mobile devices, most embedded devices (Embedded Linux and QNX), WebGL, and so on.
The only real contenders for the next generations are Vulkan (for devices) and WebGPU for browsers.
- Likes 13
Comment
-
Originally posted by oiaohm View PostThere is a new consideration for Microsoft. Microsoft signs a driver it get used in system exploiting then USA government, Australian Government and the EU government so far comes along with a please explain and hits Microsoft for fines for not maintaining software supply chain. So the money Microsoft gets to sign a driver could be vastly less than the amount Microsoft could get fined.
- Likes 1
Comment
Comment