this post was submitted on 09 Aug 2023
74 points (95.1% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54476 readers
404 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Would installing an OS on an external ssd and booting into that to run pirated software while blocking access to other drives in your system or physically unplugging them be one way?

Or are there better ways to isolate the software you run and use as much as possible?

all 27 comments
sorted by: hot top controversial new old
[–] hogart@feddit.nu 44 points 1 year ago (2 children)

I don't know where you guys get your stuff but if you have reasons to be this causious I would suggest having your important stuff somewhere else instead of the other way arround.

It doesn't hurt to be cautious. Trusted sources have occasionally included malicious materials and blindsided users

[–] ReversalHatchery@beehaw.org 1 points 1 year ago* (last edited 1 year ago)

Of course you have. Even with genuine, non-pirated software. Have you heard about data mining?

A(n outbound) firewall is an absolute minimum.

[–] jet@hackertalks.com 40 points 1 year ago* (last edited 1 year ago) (2 children)

Depends on your threat model.

A air gap system is the gold standard.

A virtual machine is a reasonable middle ground, and of course you cut the network access.

Qubes lets you do both but it sacrifices some performance.

A word of caution about dual booting systems: if something is running on the computer, it in theory has full access to everything attached to that computer, including unmounted drives, encrypted drives, even BIOS. There are Trojans that install themselves in the boot partition, and it's possible an infected operating system could infect the non-infected operating system next time you boot.

[–] yum13241@lemm.ee 4 points 1 year ago (1 children)

Trojans that install themselves into the MBR will just screw up your boot process on a UEFI system and vice versa. Also, if you don't use a default bootloader, you'll definitely notice something on a UEFI system if it tries to delete all other bootloaders.

On BIOS systems however, it gets a little tricky, since it just blindly reads the first few sectors, without respect to what you "set" as the default, so that Trojan could just add itself and move everything over a bit, and you can't tell. See the Michelangelo MBR virus. It wiped your drive on March 6 of any year.

On a UEFI system, the best it could do is replace the Microsoft bootloader, and that would trip Secure Boot, which is enabled by default. Even then you don't need to directly modify sectors or format your drive, you can just replace the bootloader.

[–] jet@hackertalks.com 3 points 1 year ago

Agreed it's rare. But it exists, Moon bounce, Mosaic regressor, so if you're trying to segment things you should just remove the drives and not worry about it.

[–] Rabbit@lemmy.dbzer0.com 3 points 1 year ago* (last edited 1 year ago) (1 children)

Threat model is just trying to lower the chances of infecting the main drive even if stuff like games or software are from a "trusted source".

Aside from getting an enitely separate system dedicated to just running pirated games which is expensive to do.

Unmounted drives in case of dual booting still leading to infections is what made me wonder about installing an OS entirely on the external SSD and physically unplugging other drives. Of course, as you said bios is still a risk. But, more just trying to lessen chances from trusted game sources by not installing right away from release to see if anything happens to other people the first couple of weeks. And just wishing to not intermingle the two environments.

[–] jet@hackertalks.com 5 points 1 year ago* (last edited 1 year ago)

If your computer has a TPM, and secure boot, you could reasonably swap out your data drives. So you have one drive for your untrusted programs and one drive for your trusted programs. Never put them in the computer at the same time together. And that would cover a lot of the risk surface.

If you have any connected peripherals that have data storage, like fancy monitors that have a boot drive attached, or programmable keyboards, or anything like that, those are potential vectors to cross contaminate. So don't plug those into the system with the untrusted programs

[–] transientpunk@sh.itjust.works 10 points 1 year ago (1 children)

A virtual machine would be relatively safe most of the time.

[–] Rabbit@lemmy.dbzer0.com 1 points 1 year ago (2 children)

How is the performance impact these days for games compared to running natively?

[–] L26@ttrpg.network 4 points 1 year ago (1 children)

Not great but better than it used to be. Don’t do a GPU passthrough.

[–] BautAufWasEuchAufbaut@lemmy.blahaj.zone 4 points 1 year ago (1 children)

What's wrong with GPU passthrough?

[–] L26@ttrpg.network 3 points 1 year ago (1 children)

GPU passthroughs can expose the host to a potentially compromised VM.

[–] BautAufWasEuchAufbaut@lemmy.blahaj.zone 1 points 1 year ago (1 children)

Interesting, do you have more information on that? Because why is GPU passthrough a problem but not other PCI devices?

[–] L26@ttrpg.network 2 points 1 year ago* (last edited 1 year ago) (1 children)

I don’t unfortunately. This is from a conversation I had with a researcher in VM escape.

As far as I’m aware peripherals are not actually passed through exactly but rather emulated on the guest machine. When you pass through a peripheral you’re only passing the input of that device, data is not sent upstream.

Whereas passing through the GPU you’re providing a means of accessing non-emulated devices through the hardware itself bypassing the isolation provided by virtualization entirely.

[–] ozymandias117@lemmy.world 2 points 1 year ago

That’s true, but the IOMMU on your host is supposed to prevent any accesses outside of the group you passed in

As long as the GPU is the only thing in that IOMMU group, you’re reasonably safe

[–] XpeeN@sopuli.xyz 5 points 1 year ago* (last edited 1 year ago) (1 children)
[–] Quexotic@sh.itjust.works 1 points 1 year ago

I would love to know the answer to that. It's an interesting solution to be sure, but it surely has some kind of holes.

Also, it doesn't work with electron apps. Found that out the hard way.

[–] idkman@lemmy.dbzer0.com 4 points 1 year ago* (last edited 1 year ago)

KVM would be a safe way to test your pirated software. But it downgrades the performance.

[–] rambos@lemm.ee 3 points 1 year ago (1 children)

I just block apps in firewall. Never had problems with pirate software, only some I couldnt get working.

What are you trying to protect from?

You can also run another OS in VM, but performance is questionable.

If you are afraid of losing data, you need backup anyway

[–] Rabbit@lemmy.dbzer0.com 5 points 1 year ago (1 children)

Just didn't seem like a good idea to run pirated software of games on your primary system even if the stuff is from a "trusted" source.

Which was why I was wondering what steps people take to play games for those that try to lower the risks.

[–] rambos@lemm.ee 4 points 1 year ago

If you want to play games in VM you will probably need qemu/kvm and sepparate GPU for passthrough. Otherwise your VM will struggle to load anything serious. But I think others use that mostly to run windows apps on linux machine or simmilar. Maybe you can just dualboot from 2nd drive, it should be 100% safe if you unplug your main drive, but thats probably overkill. Im no expert, just putting it here so you can google

[–] gdrhnvfhj@lemmynsfw.com 2 points 1 year ago* (last edited 1 year ago) (1 children)

Not a Pirate, but I often upload stuff to virustotal.

[–] Quexotic@sh.itjust.works 2 points 1 year ago

Vitustotal uploader is the best!

[–] ReversalHatchery@beehaw.org 1 points 1 year ago

I haven't seen your stance on VMs, but a lighter approach might be confining the software to an AppArmor profile or such. The kernel will enforce the restrictions on what it can and can't do.
It won't have the overhead of virtual machines, and you can keep using a single video card, but setting this up is quite tedious, though.

[–] masterairmagic@sh.itjust.works -1 points 1 year ago