Reddit - The heart of the internet
www.reddit.com

I’d like to start by saying that I don’t have any skin in the game and progress is progress, regardless of how it’s done. What worries me is the amount of misinformation that I’ve seen in this (and other) subs about how dangerous the hypervisor method is and people being confidently incorrect about how to mitigate any potential risks that might come as a result of disabling security features on your device. If you want to use it, that’s completely fine, but you should know what you’re getting into. I work in security, so take this as you will.

EDIT: I’m adding this here since it seems that it wasn’t clear for some people. The risks that I’m talking about below are centered around the idea that you get infected with a kernel / firmware level rootkit / bootkit, not your usual run of the mill malware. If you’re not familiar with what these types of infections are and how it’s possible for them to survive even full wipes, I recommend reading up on them: https://en.wikipedia.org/wiki/Rootkit / https://www.crowdstrike.com/en-us/cybersecurity-101/malware/bootkits/

Here’s some of the things that I’ve seen thrown around:

“I’m only using it temporarily then re-enabling all the security features once I’m done with the game”- This would be completely useless. It’s like putting on a bulletproof vest after getting shot.

“I turn off my internet when I use the hypervisor method so I’m safe” - If a really bad infection gets on your system, then it’s gonna stay there. It doesn’t matter if you temporarily turn off your internet. This is useless and at most you’re only avoiding the inevitable (unless you never connect that PC to the internet / LAN ever again).

“I use Windows on a secondary partition for hypervisor games / I will format my PC once I’m done with the hypervisor games” - For the type of infections that you’re exposing yourself to with this method, it doesn’t matter if you use a separate partition or if you format your PC. These are persistent.

“The hypervisor method is open source so it’s safe” - Open source doesn’t mean safe. Are you looking at the code / understanding it every single time you’re downloading a new hypervisor bypass? If not, then this means literally nothing unless big brained people analyze every single crack that’s out there. There’s been numerous popular pieces of open source software that were vulnerable / contained malicious artifacts and were undiscovered for months. Just look at the latest incident with Notepad++. This is one of the biggest misconceptions when it comes to open source, with people automatically assuming that it’s 100% safe.

“If anything was malicious people would report it / it would be immediately obvious” - False, and I’m going to point to Notepad++ again. If I was a threat actor and I wanted to do the most amount of damage, I’d play it smart and infect all of my releases but not do anything about it for some time. Malware can lay dormant for as long as you want. You can release “cracked” games for years, then once you have enough compromised PC, activate the “sleeper agent”.

This is the smartest way to go about it because as we’ve seen already, people are very quick to say “oh yeah, this release is safe, I played it and it worked perfectly, I had no issues”, legitimizing potentially compromised cracks.

“Third party kernel anti cheat is just as dangerous” - theoretically true, but in practice, no. Multi billion dollar corporations want you to keep playing their games and unless they get severely compromised, their anti cheats will never steal all of your personal / financial information. With a hypervisor bypass you’re trusting random strangers on the internet with the keys to your house and hoping they don’t break in and steal everything.

“Windows Defender is still active so I’m protected” - Defender might as well be a piece of wood at that point. If the “brain” of your computer is compromised, you can’t trust your AV to actually work as it should anymore

So, what can you do? Realistically, the only truly safe option that you have is to use an isolated PC with its own network that never gets to interact with any of your other home devices. It goes without saying that you shouldn’t log into any sensitive accounts on there.

You’d need to be extremely careful with peripherals / external storage as well and not share anything between your computers. Any type of device that has its own memory can turn into an attack vector, depending on how sophisticated the infection is.

I’m not trying to spread fear, but you need to be aware that unfortunately the hypervisor method is objectively the worst way to crack / bypass a game and the risk that you’re exposing to by using it is extremely high. Will it happen to you? Nobody knows, but before you do it, ask yourself if you’re ok with potentially compromising all of your devices and losing access to your accounts.

The fact that a very large group of people have suddenly started disabling security features without questioning the stuff that they’re running on their machines is sure to attract the eyes of bad actors. It’s free real estate and you have to be absolutely native to think that nobody will want to make use of this attack vector

Be smart, please