Gaming on Linux and Security

[Adam94]

It's entertaining and concerning to watch "Linux gaming challenge" as a daily Linux user. I'm not a gamer, but watching Linus struggle with the challenge and resort to advise like - go to github, download and run random script, shows that the poor support for gaming on Linux is so bad that it is even hazardous.

[LIGISTX]

41 minutes ago, Adam94 said:

It's entertaining and concerning to watch "Linux gaming challenge" as a daily Linux user. I'm not a gamer, but watching Linus struggle with the challenge and resort to advise like - go to github, download and run random script, shows that the poor support for gaming on Linux is so bad that it is even hazardous.

And this is why linux isn’t for the mainstream user. Lol.

 

Most people don’t realize if you run what looks like an innocent little line of code, it could pull down some fantastical pwnage onto your machine. The mainstream user just can’t be expected to understand this, and why linux has to get much more polished and standardized for it be a windows replacement. 

[KaitouX]

Just now, LIGISTX said:

And this is why linux isn’t for the mainstream user. Lol.

 

Most people don’t realize if you run what looks like an innocent little line of code, it could pull down some fantastical pwnage onto your machine. The mainstream user just can’t be expected to understand this, and why linux has to get much more polished and standardized for it be a windows replacement. 

The same can be said about most .exe, and those usually can't be easily analyzed even if you know what you're doing.

[Adam94]

I think Linus does know the dangers of executing an untrusted EXE, but doesn't realise that he is doing an equivalent dangerous activity on Linux.

[BobVonBob]

5 minutes ago, KaitouX said:

The same can be said about most .exe, and those usually can't be easily analyzed even if you know what you're doing.

While true, the advice for solving any problem a non-power user can get into on Windows is almost never "download this random .exe some guy made", it's either something built in to the OS or "download this well known and trusted software". Linux isn't big enough to have that ecosystem, and tons of problems a normal user can encounter will lead to solutions involving random scripts from the Arch wiki or someone's blog.

[Adam94]

In Linux/macOS/Windows there is a vast infrastructure there to keep you safe - to the credit of macOS and Windows, at least you get pop-ups telling you that your executing some unsigned app or permission-over-reaching activity. Linux doesn't implement safety is a hard mana like that - it has an assumption that you know how to keep safe. That aspect is not obvious for an average user coming into Linux.

[KaitouX]

2 minutes ago, BobVonBob said:

While true, the advice for solving any problem a non-power user can get into on Windows is almost never "download this random .exe some guy made", it's either something built in to the OS or "download this well known and trusted software". Linux isn't big enough to have that ecosystem, and tons of problems a normal user can encounter will lead to solutions involving random scripts from the Arch wiki or someone's blog.

The talk here is about either a random script in the official GitHub repository of GoXLR(or similar) or downloading a random .exe from the same repository.

 

2 minutes ago, Adam94 said:

In Linux/macOS/Windows there is a vast infrastructure there to keep you safe - to the credit of macOS and Windows, at least you get pop-ups telling you that your executing some unsigned app or permission-over-reaching activity. Linux doesn't implement safety is a hard mana like that - it has an assumption that you know how to keep safe. That aspect is not obvious for an average user coming into Linux.

Linux sudo isn't really any different from the admin rights on Windows, if you want to open a software with sudo, you have to explicitly do it the same way you do on Windows admin rights. Most people ignore admin warnings on Windows the same way many ignore sudo on Linux.

[Alexeygridnev1993]

Well, before running some random .sh script from the internet, look through it to make sure you understand what it is doing

 

[Giganthrax]

56 minutes ago, Alexeygridnev1993 said:

Well, before running some random .sh script from the internet, look through it to make sure you understand what it is doing

 

What about people like me who dont know any coding?

[KaitouX]

7 minutes ago, Giganthrax said:

What about people like me who dont know any coding?

You install it without confirming the contents just like you do with .exe files.

But in general you just need to confirm that all the links and names in the script matches what you are trying to do/install and that other users haven't brought up any issues with it.

[xAcid9]

What about those peoples that randomly download script from Github to "debloat" their Windows 10? 

Or those peoples that install a shady looking program that claim it will make their gaming smoother and windows feels lighter? 

[LIGISTX]

5 hours ago, KaitouX said:

The same can be said about most .exe, and those usually can't be easily analyzed even if you know what you're doing.

*most* people know not to go online and download random files. Its a little different when now you can't even type things into your PC... There is a mental disconnect with most folks here - I shouldn't download things I see on the internet vs I shouldn't type things into my PC I see on the internet. The second is not something most people fully understand. 

[Sauron]

8 hours ago, BobVonBob said:

While true, the advice for solving any problem a non-power user can get into on Windows is almost never "download this random .exe some guy made", it's either something built in to the OS or "download this well known and trusted software".

I don't know, one of the most common pieces of recommended software here is crystaldiskinfo...

 

[Chunchunmaru_]

9 hours ago, Adam94 said:

In Linux/macOS/Windows there is a vast infrastructure there to keep you safe - to the credit of macOS and Windows, at least you get pop-ups telling you that your executing some unsigned app or permission-over-reaching activity. Linux doesn't implement safety is a hard mana like that - it has an assumption that you know how to keep safe. That aspect is not obvious for an average user coming into Linux.

 

Actually is not the truth

Most desktop environments actually warn you before running an .sh script or another program, first you must mark them as an executable, gnome by default opens them with a text editor, etc and KDE warns you are running a program

Also when running .exe from wine you are prompted to make it executable

And most of the software is supposed to be downloaded and installed via the package management system, which basically is always secure and there would be no need to more security measures

If only people would understand that and think about maintain packages instead of crappy other methods (yes VMWare, I'm talking about your "windows-like" installer)

[Adam94]

52 minutes ago, Chunchunmaru_ said:

 

Actually is not the truth

Most desktop environments actually warn you before running an .sh script or another program, first you must mark them as an executable, gnome by default opens them with a text editor, etc and KDE warns you are running a program

Also when running .exe from wine you are prompted to make it executable

And most of the software is supposed to be downloaded and installed via the package management system, which basically is always secure and there would be no need to more security measures

If only people would understand that and think about maintain packages instead of crappy other methods (yes VMWare, I'm talking about your "windows-like" installer)

 

It is not the same, for a few reasons. First, there isn't a hard permission check occurring at the kernel level - although it is possible in linux with selinux, but usually has to be a really high level distribution like Android for that to be the case in a desktop scenario.

 

Second, the executable bit can be set without you knowing it, for example when you extract files out of an archive, many archive formats support the executable bit.

 

 

[maplepants]

13 hours ago, KaitouX said:

The same can be said about most .exe, and those usually can't be easily analyzed even if you know what you're doing.

About most .exe files? I have a Windows PC that I use only for gaming, and I have never had to download a random .exe file and run it as an admin to fix a problem I've had. Even really thorny problems like getting surround sound while hooked up to my LG CX did not not require anything as risky as 

sudo bash ./some-script-from-who-knows-where.sh

 

[GoodBytes]

13 hours ago, KaitouX said:

The same can be said about most .exe, and those usually can't be easily analyzed even if you know what you're doing.

Not really. Windows has an anti-virus and you have Smart Screen (digital signature), PUP (potentially unwanted program), and you have UAC prompt as your last line of defense.
 

When you run a Linux script file, typing "sudo" before the name, isn't seen as "last line of defense". Considering that you need to type it often, and many websites suggests to just do "su -", really makes "sudo" as valuable as if you needed to type some "run" command or whatever. It looses a lot of meaning, is what I mean. This is also not helped that your mainstream user has no idea what "sudo" means. Probably thinks it means "Sudoku" or whatever.

 

Also, under Windows, unless you are pirating, or you are desperately trying to mod the OS for something without the use of a reputable software, there is a good chance that you are asking for trouble. Downloading a random .exe to fix a problem is not common at all.

 

Here are talking about:

• You are trying to run some program/game or trying to get your hardware/peripheral to work, and it doesn't work or shows an error.
• You Google the error, and you have pages or pages of unknown websites with "solutions" that says to do random things on your system. Considering that Linux has no easy backup/restore solution like Windows System Restore which allows you to back in time to a point before you screw up, and you have OneDrive (or whatever cloud storage you want to use) which backups Documents, Pictures, and so on, or you have File History for a more local/NAS backup solution, screwing up your system under Windows, isn't the end of the world (unless you deny any backup solution, but that is a different topic).But regardless, you can have Windows, from it's recovery tools, re-install itself from the cloud, without affecting your personal files. Programs and drivers would need to be re-installed, but that is about it.

Now, in the Windows, yes you have crap websites when you randomly search for Windows error code or BSOD code, instead of using Microsoft documentation. But those essentially stops at:

Quote

[SOLVED] Disk Drive won't open when pressing button

If your disk drive button isn't working, you are not alone. Many of the users have reported that they have been facing this problem while using their computer. In this guide we will show how to fix problem:

1. Open Command Prompt as Admin and type and hit "Enter": sfc /scannow
   [ad]
2. Then run: DSIM /Online /Repair
   [ad]
3. Then Stop Windows Update services, and rerun them
   [ad]
4. Restart your PC
   [ad]

k thx bye

So, beside waiting the user some time, typically, it won't do anything.

 

As for Microsoft Windows Answers forum where "MVPs" can mark their posts as solutions, and do so for ranking (and I think to keep their MVP title, but don't quote me on this), it follows the same crap:

Quote

OP: Hello, my disk drive won't open when pressing button.

Reply: [Marked as Best Answer] 

1. Open Command Prompt as Admin and type and hit "Enter": sfc /scannow
2. Then run: DSIM /Online /Repair
3. Then Stop Windows Update services, and rerun them
4. Then run WSReset.exe
5. Restart your PC
6. If that doesn't work, please post BSOD mini dump file

And then the user comes back saying this his problem is not solved, and can't find any mini dump file or posts some age old mini dump file, completely unrelated, and the thread is dead, as it has been marked as "Best answer"

 

So again, the very worse, is that the user waisted time.

It is harder to screw up a Windows system as you can't do the equivalent of:

cd / && rm * -rf

at least without A LOT of work, even if you execute the equivalent command under Admin Command Prompt. No one is true Admin under Windows (not without a lot of work)

[Chunchunmaru_]

7 hours ago, Adam94 said:

 

It is not the same, for a few reasons. First, there isn't a hard permission check occurring at the kernel level - although it is possible in linux with selinux, but usually has to be a really high level distribution like Android for that to be the case in a desktop scenario.

 

Second, the executable bit can be set without you knowing it, for example when you extract files out of an archive, many archive formats support the executable bit.

 

 

If you are downloading a .tar.gz (which one of those which support the executable bit inside) with an executable inside, it's a really strange circumstance

To be functional it must be statically linked and the ABI must be compatible, otherwise using it on other or older distros will just break

I'm just saying that Linux distributions are based on package managers and containment systems apps (snap, flatpaks, appimages) and just the fact you are doing something else is a non-standard thing, and even if this is the case, there are still other prompts as I said before

And even not considering SELinux, which anyway is meant for very very specific purposes, Apparmor is the default on Debian based distributions (Selinux is on red-hat based ones)