[All Source Games] Add VirtualBox Guest Additions and VMWare Tools to the VAC blacklist. (For increasing security to Valve's Matchmaking Servers)

[Wadmodder]

Valve has been supporting Linux since 2012, and Proton adds in more functionality to most Linux Distributions that Steam natively supports. Yet both Proton and Wine (the latter which most of Proton's code was built from) have minor compatibility issues with certain software, but that isn't a big issue when compared to Virtual Machine software from both Oracle VirtualBox and VMWare.

Neither VirtualBox or VMWare can properly run any Windows game made with DirectX versions 10 and higher, as their DirectX/Direct3D APIs haven't been updated in years and only go up to DirectX/Direct3D version 9, you know the last version of DirectX/Direct3D that had an official Redistributable by Microsoft back in the early-2000s, as DirectX/Direct3D 10 and newer are exlcusively bundled with Microsoft's OS starting with Windows Vista and forward. In otherwords, it's notoriously difficult for any Virtual Machine program to run any DirectX/Direct3D 10 and higher games, and to be honest, it isn't really work the time and effort for either Oracle and VMWare to dedicate resources to update their DirectX/Direct3D APIs to support version 10 and newer.

In otherwords, I would suggest that Valve should blacklist both VirtualBox Guest Additions and VMWare Tools from VAC (Valve Anti-Cheat) and Valve Servers (those for Matchmaking, Items and more) in general which would generally help increase the security of Valve's official servers. In addition, adding in the Guest Additions from QEMU, Hyper-V, PCem/86Box/VARCem, Bochs and Microsoft's discontinued Virtual PC to the Valve Anti-Cheat would also help increase security to Valve's Matchmaking Servers as well.

[slender100]

I don't see much of a point to blacklisting Guest Additions/VMWare tools for VAC games, as the people who use these tools in a malicious manner make up a very small portion of cheaters compared to those that inject into the game's executable. Conclusively, a blacklist for these tools would add more bloat to an anti-cheat that already has a myriad of issues to begin with.

Also, there are people such as @sigsegv-mvm that use these same tools to run their own virtual machine of Windows for playing & bug testing source games for vulnerabilities, so a blacklist would only be more of a hindrance for them.

[TheBoctor]

At the time of writing, I can find zero public examples of full VMs being used for automating dozens of navbots on a single machine. There's just no need, when containers or namespaces can already achieve enough isolation for what cheaters are doing. The most notorious project (with public source code, so you can easily find this out) handles sandboxing multiple instances via Firejail. They also prefer to run clients in textmode. At most, all you'd be virtualizing is the network stack.

The part about D3D via software emulation completely ignores that PCIe passthrough exists, and the legitimate users gaming through it. The premise of detecting guest additions assumes they're installed at all, when in many cases like headless guests, they are technically unnecessary. Generally, someone wanting to check if they're in a VM/guest ("red pill, blue pill" routines) would approach this at a lower level (e.g., CPUID leaf values) than checking for presence of software inside of said guest.

[sigsegv-mvm]

Also, there are people such as @sigsegv-mvm that use these same tools to run their own virtual machine of Windows for playing & bug testing source games for vulnerabilities, so a blacklist would only be more of a hindrance for them.

The part about D3D via software emulation completely ignores that PCIe passthrough exists, and the legitimate users gaming through it.

Yeah, as it happens, my particular use case involved PCIe passthrough of a GPU device. (Linux host, KVM virtualization, VFIO passthru, and virtio-win guest drivers.)

And there are plenty of people who do this sort of thing; it's fairly straightforward to do since maybe ~2011 or thereabouts. (And there are big communities like /r/VFIO which attest to that..)