<a rel="me" href="https://layer8.space/@helix">Mastodon</a>

  • 0 Posts
  • 50 Comments
Joined 2 years ago
cake
Cake day: July 27th, 2024

help-circle

  • The VM is definitely safer by an order of magnitude, because you can use hardware CPU features to guard address areas and have separate Kernels for your games and other OS. However, look at this recent security hole: https://lemmy.zip/post/67733533

    Security is never absolute, it’s always relative. It’s also never done, as with time any system can become hacked. Security is both a process and a consideration.

    Your threat model is that you download malware which is either written for Windows or has some nasty Linux exploits baked in (as Steam Decks are popular now aswell). I doubt if most people run games without sandboxes that they try to get out of a user namespace with a privilege escalation. Sandboxing in Linux is done with Kernel level separation, and very secure.

    Hackers who want to get your data who use a 0day sandbox breaking exploit really deserve your data. If they can do this they’re basically the elite of hackers. Most stuff will be simple crypto trojans and credential stealers, focused at Windows, which are both stopped dead in their tracks by sandboxing.

    Let’s say you get 99.9% safety against your specific threat model with sandboxing. If you have 1000 exploits, one might be able to break it, good luck finding 1000 exploits in pirated games even if you try to collect them. And with VMs you might have 99.99% safety but so much less performance and so much more hassle it’s not worth it.

    There are lower hanging fruits to hack you at that point. In reality there might be an even lower likelyhood of Windows games breaking out of a sandbox or VM on Linux. I have never even read about something like that happening once.






  • You can use Gnome Boxes or virt-manager, but in the end you’ll still be fiddling with config files, as GPU pass-through is not really easy to do, or recommended in this case.

    It’s only worth the hassle if you need Windows to play some games, and even then will Kernel-level anticheat still ban you in online games.

    It’s much less hassle to use Firejail (or similar). That one just needs a few lines of config and already has predefined configs for Steam etc., however you might need to tweak them a bit if you store games and savegames somewhere else than your homedir.





  • You confused “obscurity” as in a synonym for low popularity with the word “obscurity” as in people not knowing how it works and people deliberately hiding the inner workings of a system.

    Everyone using Linux can know how it works, that’s the opposite of obscurity in the sense it is used within “security by obscurity”.

    Apart from that, Linux is very popular, just not on the Desktop. It is therefore not obscure in the sense of popularity either, at least the components which are hit by the bug mentioned in the article.







  • Linux isn’t inherently safer than Windows when running untrusted binaries, i.e. games.

    There is a real possibility of user data being extracted or a virus infecting a WINE prefix. If you get a crypto trojan it doesn’t matter if you’re cool and on Linux, they still can encrypt all your precious family photos.

    Please do not hand out potentially dangerous advice like “you should be safe”. Sure, the architecture of Linux distributions make it harder for criminals to do things, but you’re certainly not safe running untrusted binaries, even though Steam does some security analysis before games can be uploaded, and malware games are usually reported quickly.