tl;dr: Security concerns for my Linux partition, when running Vanguard on Windows?
Now that Vanguard is out, I can’t play LoL on Linux anymore. I’m running a dual boot setup with windows and I’m using it only for stuff I can’t get to work on Linux, so there is no personal data on there.
- Are there any security risks for my Linux partition, if Vanguard is installed and running on my Linux partition?
- Could Vanguard potentially access my ext4 Linux file system via Windows?
- If my NAS is mounted on Windows, could that also be a security concern?
I’m grateful for any kind of feedback, since I’m not very informed in terms of rootkits and kernels!
The risk isn’t installing vanguard, the risk is that you might install league of legends or valorant along side it. Truly horrifying.
It’s kernel level anticheat, it can do whatever it wants. It’s on the same level as the operating system.
Realistically? Nobody’s gonna bundle Linux filesystem drivers in malware just in case. If someone is to exploit Vanguard for malware I’d expect a credentials stealer to take your Steam and Discord accounts. Ransomware would likely spread to the NAS but that can be mitigated with readonly permissions where appropriate, and backups/shadow copies.
Specifically it’s at Ring 0.
Sooooo, exactly what the person you responded to said. Kernel level.
Not really, the source is more about the entire concept in computer science. It’s extremely comprehensive, for those who want to know it inside and out. TLDR : Ring 0 means anything directly controlling the hardware, which is usually the kernel. There’s also rings beyond zero in the negatives that are reserved for specific things, for example -1 for hypervisors like KVM & Hyper-V.
Thanks, your answer made it clearer to me what Vanguard can do. For now I’ll unmount my NAS and I guess I should be safe ‘enough’.
- probably not, Linux isn’t running when you’re in Windows, and Windows isn’t running when you’re in Linux
- it could, but I think you’d need a targeted attack for malware to jump from Windows to Linux, since that’s a pretty niche target
- yes, if it has write access, you’re open to ransomware attacks, which are a fairly common form of malware; if your NAS has a rollback option, you’re probably fine, but definitely make sure your remote backup restore works (you do have off-site backups, right?)
If you want to be extra secure, encrypt your Linux partition. They could still corrupt your Linux partition, but they wouldn’t be able to read anything on it without your password. Both of my Linux machines (laptop and desktop) use an encrypted root partition, and they run games and whatnot just fine (I don’t notice a slowdown).
Only advice: Don’t install on the same hard drive.
I dont care how many people say “oh it works for me” it works for everyone until it doesnt, and then you spend days fucking about with utilities that you shouldnt be fucking with, and at best it works until it stops working again.
There’s likely little risk that any attack goes after a potential linux partition, but there’s much more risk that either your linux or Windows partition bricks the other.