https://support.apple.com/guide/security/securely-extending-...

But with Linux being open, they certainly would produce a loadable module if there was enough install base to justify it.

True, but the main point of a kernel mode anticheat is the ability to verify that the OS and game isn't being tampered with. If the OS has that capability already built in, then the needed for a kernel mode anticheat diminishes.

>they certainly would produce a loadable module if there was enough install base to justify it

It's not realistic for there to be such an install base to support such complexity compared to having them implement a simple API into their game and server.

It's not actually the message from the kernel that provides the value, it's the work needed to fake such a message.

The issue is that Windows is designed to be able to protect the will of proprietary software publishers against the will of users that want to assert control over the software running on their computer. It's very similar to the story with DRM.

Linux desktop OSes will never put in place the measures to make a Vanguard-like system work, because it's just unethical for a bunch of reasons, the most basic of which being that it's a violation of freedoms 0 and 1.

This isn't true. And supply chain wise just look at the xz backdoor. A random person was able to compromise the supply chain of many Linux distros. Security also is not just supply chain integrity.

>Windows is designed to be able to protect the will of proprietary software publishers against the will of users

I'm not sure what you mean by this. Just because Micrsoft cares about developers, it doesn't mean they don't care about users.

>that it's a violation of freedoms 0 and 1

It's not. Freedom 0 and 1 does not give you the freedom to cheat against other players without being banned. You can be free to modify the game client, but you aren't entitled to play with others using it.

For a multiplayer game, I'd argue that playing with others (even if you're restricted to private servers, not that most games support that anymore..) is running the software. Being able to use a piece of software for its intended purpose is more relevant than a literal reading "you are allowed to exec the binary and nothing more"

It's very obviously true. Linux culture is installing software from trusted repositories. Windows culture is downloading random .exe or .msi from websites and then immediately running them with full permissions.

That's why Windows has a lot of malware and Linux doesn't. It's trivial really to smuggle malware into closed-source applications that are distributed like the wild west.. If I google a popular Windows program right now, I'm going to get a lot of download websites that supply me a sketchy exe.

Some of the malware differences is because of popularity, sure. But ultimately it's 10x easier for me to add a virus to photoshop and upload that exe to download.com as opposed to smuggling malware in an open-source software in the Debian repository.

> I'm not sure what you mean by this.

It means that when companies want capabilities X Y Z which limit user actions on their own computers, Microsoft will cave. They do it all the time. Microsoft cares about making companies happy and they don't care too much about keeping power users happy.

> It's not.

It is. You're constructing a strawman. You're saying that freedoms 0 and 1 don't allow you to cheat freely. Okay, you're correct - nobody has ever said that.

What we're saying is that building kernel-level APIs to hook in anti-cheat or other anti-user software is antithetical to freedoms 0 and 1. Which it is.

I was talking more about the supply chain of the operating system itself, but lets not forget Linux has a culture of people running random commands off the internet which is also an easy vector to get people to install malware. Also I think you are overconfident in how much vetting repositories like npm do. I'm sure Linux people download random stuff off of github too like appimages.

>it's 10x easier for me to add a virus to photoshop and upload that exe to download.com

You can do the same thing but with a Linux binary of "photoshop."

>That's why Windows has a lot of malware and Linux doesn't.

This is due to more consumers using Windows than Linux.

>You're constructing a strawman.

I'm trying to assume what you mean due to this being asynchronous communication since the claim of attestation being related to freedom 0 and 1 is not true. One is about proving information to another party and the other is about having freedom of what you are running on your computer.

>What we're saying is that building kernel-level APIs to hook in anti-cheat or other anti-user software is antithetical to freedoms 0 and 1.

In this case being able to prove with relatively high confidence that no one in a game is cheating is a pro-user feature.

Being able to attest to the system state does not limit freedom 0. Anyone is still free to run any system they want, they just can't attest to their system being trusted if they are not running something trusted. Attestation doesn't make software any harder to modify than before, freedom 1, it only prevents you from attesting that you are using unmodified software when you aren't. Linux distros are not arms of the free software foundation so I don't think trying to argue about what they think is free or not is necessarily relevant to something like this being created.

It's really not and the culture is not that big.

In Windows, ALL software is installed through suspicious means. In Linux world, MOST software is not. That's the difference.

If some dumbass wants to curl a random URL into a shell that's their problem. That's a very rare occurrence.

> You can do the same thing but with a Linux binary of "photoshop."

Yes, but it seems to me you are choosing to be dense on purpose and it's irritating me.

Please read what I am actually saying. I'm not saying it's impossible to make malware for Linux systems. I'm saying the CULTURE of Linux users is not to download random executables. So if I do that, it wouldn't be very effective. If I upload a random ELF executable to download.com, close to nobody is going to download it. On Windows, this is not the case.

> This is due to more consumers using Windows than Linux.

Again, I've already addressed this. It seems you cut off the quote too early.

This is PART of the reason, but we have to acknowledge how much easier it is to actually distribute malware on Windows.

The "popularity" argument is also just a bad argument. Linux is absolutely not unpopular - almost all the servers worldwide run some Linux distro. Those servers, lots of them, contain valuable data. They are absolutely a target for malware authors. There's probably more servers running Debian alone than Windows Server and it's not even close. Even still, there's a lot more malware that runs on Windows Server than Debian.

> Linux Distros...

There seems to be a fundamental misunderstanding here.

What you are proposing is a change to the Linux kernel which allows it to not be modified in some way. That's not something that is a distribution concern - that's a kernel API concern. Which will never be implemented in the kernel for the reasons already specified.

>What you are proposing is a change to the Linux kernel which allows it to not be modified in some way.

Linux already supports attestation and it doesn't prevent the kernel from being modified.

>That's not something that is a distribution concern

It is because distros like Android already support such an API to apps.

>Which will never be implemented in the kernel for the reasons already specified.

Again it already exists in the kernel.

As for `curl ... | bash` that's a developer only thing. No user space normal applications are installed that way. I've never seen it.

Is this method good? No. Is it used exclusively by power users who presumably know what they're installing and from where? Yes.

The difference here is ALL software on Windows is installed this way. There's basically no exceptions. And don't even try bringing up the Windows store.

Switched to Fedora, and now the majority of things is recently updated in the repos. (The flatpak library is increasingly robust, but that of course applies to Debian too.)

The xz backdoor was successfully caught before it landed in mainstream release branches, because it's free software.

But broadening the scope a bit, the norms of using package managers as opposed to the norm on Windows of "download this .exe" is a much stronger security posture overall.

I am aware the Windows Store exists, it's not widely used enough to make exes a marginal distribution pathway. I am aware curl | bash exists, it's more common than it should be, but even in those cases the source is visible and auditable, and that's very uncommon for non-technical users to ever do (unlike downloading random exes).

> Freedom 0 and 1 does not give you the freedom to cheat against other players without being banned.

That's a strawman, I never claimed you should have the right to cheat against other players.

> You can be free to modify the game client, but you aren't entitled to play with others using it.

And that's the issue, Windows has functionality to impede your ability to run the software as you see fit and modify it to your needs. Perhaps you want to run your own server, with different moderation policies.

What? It literally got included with several distros. It wasn't caught before it shipped to end users. Just because it got caught before slower to update distros got it, that doesn't mean it is okay. It reveals how low the barrier is for an anonymous person to get code into the OS.

>I never claimed you should have the right to cheat against other players.

Attestation doesn't take away your ability to modify and run software which means that you still have freedom 0 and 1. It just means that you can not prove to a remote server that you bare running unmodified software. To me you were implying that the server being able to kick people who modified the client to cheat was violating their freedom.

>Perhaps you want to run your own server, with different moderation policies.

Nothing would stop you from running your own server like that.

What do you exactly mean by this as right now no users can use Linux and play the game. Allowing more Linux operating systems to be able to play the game is providing users more choice than before.

>Client-side anticheat is inherently security through obscurity

There is nothing fundamentally wrong with security through obscurity. It's just that for some problems the return on investment (security gained for the resources needed) is not worth it. For anticheat the obscurity can slow down cheat developers and raise the barrier to entry for developing cheats. Cheaters just have to make one mistake to get caught.

Realistically most Linux users are using a stock kernel and not something custom compiled. You can have both customization and a way to offer a secure environment for apps that need it. Even if you want to allow for custom kernels and drivers, the game could be setup to run in a secure virtual machine.

>The only way for this kind of anticheat to work is by introducing some part of the kernel that users can't touch.

To be clear, attestation is not anticheat. But yes, there would be components that end users would be unable to modify without removing their ability to attest to there being a secure environment for the game. Either these customizations need to be turned into policy for a trusted component to handle, or the customization needs to itself become trusted.

>but Linux isn't about obscuring the system from its owner.

Nothing about attestation requires obfuscation.

What you're asking for does exist though, in the form of Android devices and game consoles. Was curious about Steam Deck and... turns out it doesn't have secure boot. Someone could build a desktop OS on top of an anticheat-friendly kernel, but it'd probably not be big enough for gamemakers to care, and Linux desktop people would be uninterested in it to say the least. (I'm on a Mac btw, I have no horse in this race, just understand people who do)