Microsoft has enforced mandatory digital signatures for drivers, and getting a digital signing key from Microsoft costs a ton of money. So, presumably they do care.
In contrast, consider nProtect GameGuard, the anti-cheat system in Helldivers 2. It is a rootkit, and runs in the kernel. Why does Microsoft permit this? Shouldn’t this be blocked? It must be using either an exploit like the article, or a properly signed driver. Either way, Microsoft could fix it – by patching the exploit, or revoking the signing key.
The fact that Microsoft hasn’t done anything about malicious anticheat rootkits is a sign that they really don’t care. They just want their payment.
Pretty much. This is one particular form of damage control for an attacker who has the keys to your system. I think there were more urgent security concerns that occur in the untrusted zone.
Doesn’t having admin privileges mean you can load any driver into the kernel anyway, including blatantly malicious drivers?
Microsoft has enforced mandatory digital signatures for drivers, and getting a digital signing key from Microsoft costs a ton of money. So, presumably they do care.
In contrast, consider nProtect GameGuard, the anti-cheat system in Helldivers 2. It is a rootkit, and runs in the kernel. Why does Microsoft permit this? Shouldn’t this be blocked? It must be using either an exploit like the article, or a properly signed driver. Either way, Microsoft could fix it – by patching the exploit, or revoking the signing key.
The fact that Microsoft hasn’t done anything about malicious anticheat rootkits is a sign that they really don’t care. They just want their payment.
Pretty much. This is one particular form of damage control for an attacker who has the keys to your system. I think there were more urgent security concerns that occur in the untrusted zone.