They can do whatever they want. Operating systems are effectively divided into two partitions, privileged kernel space and user space.
When you run a kernel level anticheat what you’re really doing is running a custom program in the kernel space. It effectively becomes part of Windows.
This means that anything that an operating system can instruct hardware to do, that program can do. It can read your files, check your email, print letter you wrote to your crush in Word but “deleted” because it was embarrassing, log every key you type, turn on your webcam, listen to the microphone, download explicit or illegal imagery, upload your hard drive to the NSA, disable your computer fans, etc
You really only want to run this stuff if it’s from a trustworthy vendor and even then it’s completely defensible to object to running one of these programs.
Currently these things have yet to be caught doing any of these things, but that’s because they haven’t been instructed to, not because they can’t.
Microsoft are going to significantly limit what can run in the kernel (including anti cheat) after the Crowdstrike issue. A side-effect of that should (hopefully) be better Linux compatibility.
It’s going to take a while since all the software that uses kernel-level code has to adapt. Windows has very good backwards compatibility, but this would be a non-backwards-compatible change, so it’d require a lot of planning.
I guess what I’m saying is if this information was being sent across a network, that would be detectable.
If you are constantly monitoring 24/7/365, sure. We don’t know how often it would send it if it does, it would require reverse engineering and intense monitoring. Also, even if they aren’t doing it now doesn’t mean they can’t easily add it in a patch.
Do they send this data over the network? Or is the data only used by the software installed on the machine?
They can do whatever they want. Operating systems are effectively divided into two partitions, privileged kernel space and user space.
When you run a kernel level anticheat what you’re really doing is running a custom program in the kernel space. It effectively becomes part of Windows.
This means that anything that an operating system can instruct hardware to do, that program can do. It can read your files, check your email, print letter you wrote to your crush in Word but “deleted” because it was embarrassing, log every key you type, turn on your webcam, listen to the microphone, download explicit or illegal imagery, upload your hard drive to the NSA, disable your computer fans, etc
You really only want to run this stuff if it’s from a trustworthy vendor and even then it’s completely defensible to object to running one of these programs.
Currently these things have yet to be caught doing any of these things, but that’s because they haven’t been instructed to, not because they can’t.
Microsoft are going to significantly limit what can run in the kernel (including anti cheat) after the Crowdstrike issue. A side-effect of that should (hopefully) be better Linux compatibility.
I remember reading that and I very much hope it is truly what they end up doing. As of now though, that has yet to materialize.
It’s going to take a while since all the software that uses kernel-level code has to adapt. Windows has very good backwards compatibility, but this would be a non-backwards-compatible change, so it’d require a lot of planning.
I guess what I’m saying is if this information was being sent across a network, that would be detectable.
If you are constantly monitoring 24/7/365, sure. We don’t know how often it would send it if it does, it would require reverse engineering and intense monitoring. Also, even if they aren’t doing it now doesn’t mean they can’t easily add it in a patch.
It’s generally not worth trusting IMO.
Sure, but by then it could be too late for the vast majority of people.
It’s not super relevant if nobody is looking for it/it’s hard to detect even if you are and plenty of damage can be done prior to detection.