•

u/vcprocles 4h ago

VM is not a solution since all these anticheats have VM recognition

•

u/Legofanboy5152 4h ago

most can be spoofed if you enable hyper-v

•

u/CrimsonAndGrover 11h ago

Thank you. I was wondering about doing something like that. I don't have much experience with VMs, but if need be I'll learn. I do have 2 SSDs in my PC. If I were to install separate Windows 11 installations on each:

1. Would I need to encrypt (given that they are physically separate drives?)

2. Would it be safe to have the smaller secondary drive (B) used only for the games that have kernel access and put everything else, including non-kernel games, on the other drive (A)?

3. What consequences would likely occur if kernel trouble happens on drive B?

4. What would you do (personally) to mitigate that? Having zero personal information on drive B (or even close to zero) sounds difficult. I'd have to login to Steam and some other things.

Thank you.

•

u/WelpSigh 9h ago

I am not sure I understand the threat posture. What, actually, are you protecting from?

First, understand that the anti-cheat isn't the only thing operating at kernel level. Kernel-mode drivers, like your video card drivers, are also doing so. These are much larger and more plausible attack surfaces than anti-cheat, and Nvidia has seen multiple exploits against them. Kernel-level anti-cheat is not ideal, but it's really not that interesting of an attack surface.

Second, the real danger of kernel-level malware is the ability to mitigate your existing protections like Windows Defender. However, *any* malware that makes it onto your system is dangerous, even if it's just in userland. Kernel-mode gives it special powers, but it still has more than enough to erase or steal all your data without it. In fact, nearly all malware does not need to operate at the kernel level.

So, let's forget about it being kernel level at all. If your kernel is compromised, then your userland has also been totally pwned, and you're in big trouble either way. Let's say you want to mitigate the threat of malware on one OS from dealing with the other.

1. Would you need to encrypt? Yes. Although this would not necessarily stop, say, ransomware from doing its thing.

2 + 3. If either OS gets malware, and one OS is able to mount the other drive, both drives can be affected.

1. The best mitigation is not getting malware in the first place. Keep Windows Defender on, keep your OS + software up to date, don't download weird stuff, backup data that's really important.

•

u/GarThor_TMK 11h ago

https://security.stackexchange.com/questions/85801/is-it-possible-for-malware-to-be-in-the-bios-or-in-hardware

If you have kernel level access, there's nothing stopping you from writing to the bios for a permanent injection path...

Do with that information what you will.

•

u/WelpSigh 9h ago

There is something stopping you - TPM and Secure Boot being active in all new computers for the past few years.