FloorPie wrote on Feb 13, 2024, 00:13:

fotalbre97 wrote on Feb 12, 2024, 06:50:

Jim wrote on Feb 11, 2024, 21:27:
so.... aside from rootkits being "scary" - how has one ever affected people? yeah, no doubt "computer slowdown" but they say that about everything so the phrase is meaningless.

Sony BMG did this same shlte in 2005 with their XCP rootkit and it allowed viruses to evade detection by anti-virus programs news.bbc.co.uk/2/hi/technology/4427606.stm

It's disingenous to say that rootkits have not "ever affected people"

This, the sony music cd rootkit drama got me to boycott all Sony products for over 10 years.

That's just you affecting you. Doesn't even make sense, boycotting products that aren't rootkited, or can't be.

"Oh no, my Sony branded cable is spying on me!" 🤣

fotalbre97 wrote on Feb 12, 2024, 06:50:

Jim wrote on Feb 11, 2024, 21:27:
so.... aside from rootkits being "scary" - how has one ever affected people? yeah, no doubt "computer slowdown" but they say that about everything so the phrase is meaningless.

Sony BMG did this same shlte in 2005 with their XCP rootkit and it allowed viruses to evade detection by anti-virus programs news.bbc.co.uk/2/hi/technology/4427606.stm

It's disingenous to say that rootkits have not "ever affected people"

This, the sony music cd rootkit drama got me to boycott all Sony products for over 10 years.

The game is a lot of fun, so they deserve the sales. They did a really good job translating it into third person viewpoint, whether it needed to is a different point. The biggest issues are actually the missing mechs, vehicles and third faction from the first game, the MTX store and the extra grind that's forced on the game because of it.

My biggest issue with the anticheat is that it means there will be absolutely no mods for it unless it's cracked somehow.

I agree that if you are on a network, of any size, you are just as responsible as the next person for the safety and security of those around you.

Honestly, the overlap between enterprises and home users is probably a lot more than you think. Sound security fundamentals and principles benefit literally everybody and can be applied to a network of any size. The tools to implement them may change, depending on scale, but they are universally applicable. Hell, even those tools are starting to filter down to home users. Take firewalls, for example. A person can install pfsense, opnsense, or any number of higher end firewalls at home and they are demonstrably better than the crap you buy with a gazillion antennas and all black cases doing their best to mimic some sort of alien spider. They are infinitely better than the absolute, bottom of the barrel dog shit that an ISP provides.

You make a good point. I'm the first to remind people that "it's not all about just you". 😁

In my case, I think that both of us (my sister and I) are equally responsible/guilty for any vulnerabilities our network might suffer. As far as what you do, which sounds at least in part to be securing entire networks across large entities like small to medium businesses, the danger is exponentially higher. I'm not privy to how much overlap there is between that and the concerns of your average gamer.

I, too, have done things in my past that were less than my intellectual best and was called an idiot or stupid for doing them. In hindsight, the individual pulling me up short was correct. Even if I didn't like being called an idiot or stupid at the time. The inescapable fact is that I was an idiot for performing those actions.

I know that I have a weird outlook on things, especially given my pronounced misanthropic nature. But it's also self-serving and I freely admit that. See, when you are talking about the security of your system, you've narrowed the scope to only consider your security. But what you aren't thinking about is that not only do your choices about how you operate your security affect you, they now also affect those around you. Say your sister for example (apologies for that but I wanted something close to home that you could immediately identify with). Because your infection now has a direct and immediate threat to every other device that shares the same network as you. Then it spiders out from there. So it isn't just "my priorities fuck me over and I'm cool with that", it's "my priorities potentially fuck everyone around me over and even people I'll never meet." I just don't ethically see how someone not willfully and malignantly ignorant could be cool with that. Especially with how trivially easy it is to reduce that risk. *You literally don't have to take a single action. Unarguably, in the game mentioned here, *you're doing the right thing but not doing anything at all and just passing it by.

The self-serving part is that it makes my job, and the jobs of people like me, easier. It's less we have to defend against and less we have to clean up. It also means less users crying and whining when they are bitten by malware. If *you polled people working in any IT position, even the folks that run side hustles like RedEye, with "How overjoyed are you at receiving yet another malware related call?" Outside of masochists and the mentally deranged, *you'll probably get an overwhelmingly negative response. Outside of monetary gain, literally no one likes to deal with those calls. With just a little forethought, less than *you would putting out what can of soup *you're going to nuke for dinner, the landscape would be better for everyone.

Like I said, we have had decades worth of education, billions of dollars invested, and probably millions of man-hours telling people "Treat your system security in the exact same way as you would the security of your personal property." From the technical people the average person knows all the way up to national government. By now, if a person hasn't gotten it they either never will or they are willfully choosing not to do so. So I'll rightfully, in my opinion, call them idiots and I'll do it straight to their face. I have no more fucks to give about whether they are offended or not by being called an idiot.

*Switched to a general "you" here, not particularly aimed at a specific person.

Burrito of Peace wrote on Feb 12, 2024, 11:11:

Prez wrote on Feb 12, 2024, 10:10:
Calling people idiots because they don't know about/don't care about rootkits is a bit harsh. I'm fairly sure that rootkits aren't scary to most people because they either have no idea what they are or have never experienced first-hand anything close to the worst case scenario because of them so they are viewed as a low or non-threat. They are the digital bogeyman to them.

It's more than that, Prez. My field has spent decades, and probably billions of dollars, at this point trying to get people to stop treating their computers and devices like toaster whores and educating them on the dangers they face. Everyone from tier one techs up to senior system architects have been sending the same messages and have personal, direct experience with the fallout from users that keep themselves intentionally and malignantly ignorant. We've made the message clear, we've made the message "fun" (for certain definitions of the word), we've made the message scary. We know it takes one machine, one, to plant the seed for a nightmare scenario to take root and flourish. One user's willful idiocy means headaches and fear for many other people. There's only so much myself and colleagues can do on the backend.

To put it another way, you tell someone "Don't touch the stove. It's hot and you'll burn yourself" and they keep touching the stove. Over and over and over again. They get burned, usually badly, every single time they do. At what point do you tell them "You're an idiot"?

Well if you're talking about me, never. It would feel pretty hypocritical of me to call someone else stupid considering what I have done throughout my life. 😁

I've come to the realization that someone doing something that we see as stupid is often actually a matter of priorities. If you were to look at my PC for example, I am pretty confident that you could find a pretty good list of things I am doing, or programs I have installed, to be putting me at risk. That isn't a cardinal sin on the face of it - lots of people are unaware of many things more tech savvy people like yourself know. But don't be surprised when, for at least one or two of them, I would be like "yeah, well I don't really care too much about it. So just leave it the way it is."

At that point you could call me an idiot (and you would be right I'm sure for different reasons) but in that case it isn't stupidity, as I am not that stupid (I hope) - it's just a matter of me assigning a low importance to what you on the other hand have deemed critical. Once I am informed, it's not a matter of intelligence, but rather one of priorities. I have had my identity stolen once, and my bank account hacked 3 separate times, so it's not like I am unaware of the potentialities. It's just not that big of a deal to me. Given that you and I have vastly different life experiences and perspectives, the divergence in what we prioritize is naturally going to be different. I don't mean to constantly be getting overly philosophical with you; just trying to explain an alternate viewpoint as to possibly why a million people are doing something that you find abhorrent that doesn't involve them being idiots.

Kosumo wrote on Feb 11, 2024, 21:03:

Burrito of Peace wrote on Feb 11, 2024, 20:49:
[quote="Teddy"Feb 11, 2024, 20:36"20096

And it's an enormously fun game if that doesn't bother you.

A person is an idiot if it doesn't. So ~1 million idiots and counting.

Or some people are just beyond letting that bother them.

But sure, just bush them all as idiots if that's how you view the world.

Lol, this reminded me of a conversation I just had with a work buddy saying the LOTR movies are terrible and boring. I told him, well, 1 billion people can't be wrong, can they? He said, yes, that 1 billion stupid people. I guess he's the 1 correct person on this planet, lol.

That said, I'm surprised by the popularity of this game. Didn't think the original was ever that big of a hit.

Prez wrote on Feb 12, 2024, 10:10:
Calling people idiots because they don't know about/don't care about rootkits is a bit harsh. I'm fairly sure that rootkits aren't scary to most people because they either have no idea what they are or have never experienced first-hand anything close to the worst case scenario because of them so they are viewed as a low or non-threat. They are the digital bogeyman to them.

It's more than that, Prez. My field has spent decades, and probably billions of dollars, at this point trying to get people to stop treating their computers and devices like toaster whores and educating them on the dangers they face. Everyone from tier one techs up to senior system architects have been sending the same messages and have personal, direct experience with the fallout from users that keep themselves intentionally and malignantly ignorant. We've made the message clear, we've made the message "fun" (for certain definitions of the word), we've made the message scary. We know it takes one machine, one, to plant the seed for a nightmare scenario to take root and flourish. One user's willful idiocy means headaches and fear for many other people. There's only so much myself and colleagues can do on the backend.

To put it another way, you tell someone "Don't touch the stove. It's hot and you'll burn yourself" and they keep touching the stove. Over and over and over again. They get burned, usually badly, every single time they do. At what point do you tell them "You're an idiot"?

Jim wrote on Feb 12, 2024, 00:02:
so in other words you gots nothing, so you are just going to go with theoretical scenarios. like someone is going to spend the time and effort it takes to develop a hack that can only target 1 million PCs that have this game installed. You know why apple computers don't have viruses? Because their market share is so small it isn't worth it.
.

The three examples I gave you? They were not theoretical. Those are actual examples of real world rootkits. You were provided another example by a different poster of the problems that arose from the last time Sony decided to throw a rootkit out in the world.

As for Apple computers not having viruses? Now you're just showing your ignorance. Here's an article from Gizmodo, posted just three hours ago at the time of this writing, that debunks that. Oh, Apple has a page on their own site telling you how to protect your Mac from malware, too. It also covers the latest version of MacOS, too, which means it can not be simply dismissed and handwaved away with "But that's on older versions".

Not even my beloved Linux is safe from malware. POSIX based systems make it harder but not immune.

There are people whom still compute like it's the early 2000s and they are idiots in my opinion.

Amen
The internet world is not as it was decades ago.

Calling people idiots because they don't know about/don't care about rootkits is a bit harsh. I'm fairly sure that rootkits aren't scary to most people because they either have no idea what they are or have never experienced first-hand anything close to the worst case scenario because of them so they are viewed as a low or non-threat. They are the digital bogeyman to them.

Jim wrote on Feb 11, 2024, 21:27:
so.... aside from rootkits being "scary" - how has one ever affected people? yeah, no doubt "computer slowdown" but they say that about everything so the phrase is meaningless.

Sony BMG did this same shlte in 2005 with their XCP rootkit and it allowed viruses to evade detection by anti-virus programs news.bbc.co.uk/2/hi/technology/4427606.stm

It's disingenous to say that rootkits have not "ever affected people"

Hellcinder wrote on Feb 12, 2024, 04:07:
Any game played online in an mmo capacity has a particular “root kit” security to prevent cheating.

Really?

As for the gameplay itself it looks like a pretty great game for friends to enjoy, I just want to know about longevity, I mean is it one of those games that keeps your attention for 5-10 hours and then you just don't feel like firing it up anymore or is it the real deal?

I’m truly feeling sorry for burrito guy. You write 5 paragraphs of diatribe and no joy. Any game played online in an mmo capacity has a particular “root kit” security to prevent cheating. I’ve been around decades personally so if you want to know more while enjoying this great game that in my opinion came out of left field, let’s meet in game.

Can someone explain to me why someone would intentionally put a rootkit into their game? Is it an anti cheat thing?

"homage."

Put your hand in your pocket for the license, Sony.

Jim wrote on Feb 12, 2024, 00:02:

Burrito of Peace wrote on Feb 11, 2024, 23:13:

Jim wrote on Feb 11, 2024, 21:27:
so.... aside from rootkits being "scary" - how has one ever affected people? yeah, no doubt "computer slowdown" but they say that about everything so the phrase is meaningless.

Oh my sweet summer child.

Rootkits, by their very definition, are malware. There have been many, many rootkits over the years that have affected systems and people and the sum total damages from them trends well in to the billions of dollars. They are one of the most, if not THE most, invidious types of malware around. I'm going to drop a layman level explanation of rootkits for you:

A rootkit does exactly what it says on the tin. It grants the process total access to the root of the system (root on Linux or ring 0 on Windows). Because it is now an authoritative system process, it can do whatever it wants without restriction to that system...often without the average user ever knowing it is even there. Credential theft? Easy. Use that system as a node in a DDoS network? Easy. Cryptomining? Easy. Plus many other nefarious uses.

Undoubtedly someone is going to say "But it's from Sony/whatever company they are doing business with!" The problem though is all it takes is for one dedicated person to find an exploit for it and then craft a hijack for it. Now that person has access, and can sell that access, to whatever system has that particular rootkit version installed. They don't have to do any real additional work because the targets already completed 70% of the work for them.

There are people whom still compute like it's the early 2000s and they are idiots in my opinion. We face a plethora of APTs on a level never before seen in human history. We face a corporate landscape that is exploitive to the point that it would make robber barons of the 19th century green with envy while also simultaneously putting as little money as possible, and almost zero foresight in to, protecting the data and access they have to consumers. There's a reason the concept of zero trust is such a massive deal now. Not only can you not trust third parties, you really shouldn't even be trusting the devices on your own network.

There are people who are going to call me paranoid and that's OK. I have been paid well for many years to be as paranoid as possible without having a psychotic break with reality. But I can also say that in 24 years, I have never had a single breach or infection on any system for which I have direct authority and responsibility. I didn't get that track record by being complacent and saying "Oh this rootkit is fine because it is from Name Brand Company."

so in other words you gots nothing, so you are just going to go with theoretical scenarios. like someone is going to spend the time and effort it takes to develop a hack that can only target 1 million PCs that have this game installed. You know why apple computers don't have viruses? Because their market share is so small it isn't worth it.
.

compromised rootkits are real scenarios

Burrito of Peace wrote on Feb 11, 2024, 23:13:

Jim wrote on Feb 11, 2024, 21:27:
so.... aside from rootkits being "scary" - how has one ever affected people? yeah, no doubt "computer slowdown" but they say that about everything so the phrase is meaningless.

Oh my sweet summer child.

Rootkits, by their very definition, are malware. There have been many, many rootkits over the years that have affected systems and people and the sum total damages from them trends well in to the billions of dollars. They are one of the most, if not THE most, invidious types of malware around. I'm going to drop a layman level explanation of rootkits for you:

A rootkit does exactly what it says on the tin. It grants the process total access to the root of the system (root on Linux or ring 0 on Windows). Because it is now an authoritative system process, it can do whatever it wants without restriction to that system...often without the average user ever knowing it is even there. Credential theft? Easy. Use that system as a node in a DDoS network? Easy. Cryptomining? Easy. Plus many other nefarious uses.

Undoubtedly someone is going to say "But it's from Sony/whatever company they are doing business with!" The problem though is all it takes is for one dedicated person to find an exploit for it and then craft a hijack for it. Now that person has access, and can sell that access, to whatever system has that particular rootkit version installed. They don't have to do any real additional work because the targets already completed 70% of the work for them.

There are people whom still compute like it's the early 2000s and they are idiots in my opinion. We face a plethora of APTs on a level never before seen in human history. We face a corporate landscape that is exploitive to the point that it would make robber barons of the 19th century green with envy while also simultaneously putting as little money as possible, and almost zero foresight in to, protecting the data and access they have to consumers. There's a reason the concept of zero trust is such a massive deal now. Not only can you not trust third parties, you really shouldn't even be trusting the devices on your own network.

There are people who are going to call me paranoid and that's OK. I have been paid well for many years to be as paranoid as possible without having a psychotic break with reality. But I can also say that in 24 years, I have never had a single breach or infection on any system for which I have direct authority and responsibility. I didn't get that track record by being complacent and saying "Oh this rootkit is fine because it is from Name Brand Company."

so in other words you gots nothing, so you are just going to go with theoretical scenarios. like someone is going to spend the time and effort it takes to develop a hack that can only target 1 million PCs that have this game installed. You know why apple computers don't have viruses? Because their market share is so small it isn't worth it.
.

Burrito of Peace wrote on Feb 11, 2024, 23:13:

Jim wrote on Feb 11, 2024, 21:27:
so.... aside from rootkits being "scary" - how has one ever affected people? yeah, no doubt "computer slowdown" but they say that about everything so the phrase is meaningless.

Oh my sweet summer child.

Rootkits, by their very definition, are malware. There have been many, many rootkits over the years that have affected systems and people and the sum total damages from them trends well in to the billions of dollars. They are one of the most, if not THE most, invidious types of malware around. I'm going to drop a layman level explanation of rootkits for you:

A rootkit does exactly what it says on the tin. It grants the process total access to the root of the system (root on Linux or ring 0 on Windows). Because it is now an authoritative system process, it can do whatever it wants without restriction to that system...often without the average user ever knowing it is even there. Credential theft? Easy. Use that system as a node in a DDoS network? Easy. Cryptomining? Easy. Plus many other nefarious uses.

Undoubtedly someone is going to say "But it's from Sony/whatever company they are doing business with!" The problem though is all it takes is for one dedicated person to find an exploit for it and then craft a hijack for it. Now that person has access, and can sell that access, to whatever system has that particular rootkit version installed. They don't have to do any real additional work because the targets already completed 70% of the work for them.

There are people whom still compute like it's the early 2000s and they are idiots in my opinion. We face a plethora of APTs on a level never before seen in human history. We face a corporate landscape that is exploitive to the point that it would make robber barons of the 19th century green with envy while also simultaneously putting as little money as possible, and almost zero foresight in to, protecting the data and access they have to consumers. There's a reason the concept of zero trust is such a massive deal now. Not only can you not trust third parties, you really shouldn't even be trusting the devices on your own network.

There are people who are going to call me paranoid and that's OK. I have been paid well for many years to be as paranoid as possible without having a psychotic break with reality. But I can also say that in 24 years, I have never had a single breach or infection on any system for which I have direct authority and responsibility. I didn't get that track record by being complacent and saying "Oh this rootkit is fine because it is from Name Brand Company."

keep preaching bop. i also take great pleasure in stamping out stupidity with great fury.