The updated rootkit will be uploaded and installed to your computer kernel automatically upon closure of the deal.
I posted this to /c/news where it was promptly removed of course
For good reasons of course
It’s not hard to see why the post was deleted on the other comm, the mods there take editorializing very seriously, you especially crossed that line with the FUD headline and post.
The updated rootkit will be uploaded and installed to your computer kernel automatically upon closure of the deal.
This isn’t in defense of EA, and I’m aware of their anti-cheats and many like it having kernel-level access, but how do you know this? Where is this coming from? How will it be magically installed once the deal is closed? When will it be installed? Who’s to say it hasn’t been “installed” already, years long before any of this deal thing came up? Would you have come up with that conclusion if Saudi Arabia’s PIF wasn’t part of the deal/mentioned in the article? Does this apply to every single EA game from their catalogue (IIRC some games aren’t locked-in to the Origin client)?
If these questions are difficult to answer, then there’s your problem.
How will it be installed once the deal closes?
Assuming default settings, the EA App runs a background service with elevated privileges (often as TrustedInstaller on Windows), and automatic updates are enabled by default. That means:
- No user action is required for software updates, including those that install kernel-mode drivers.
- Kernel-level components can be silently updated or extended through routine game patches or EA App updates.
- Any newly introduced or modified driver (e.g., an anti-cheat update) would be signed by EA, but users are not alerted to the depth of the update unless they manually inspect it, which is virtually impossible given the encrypted/proprietary nature of the codebase.
So, once the acquisition closes, any architectural changes to anti-cheat or telemetry mechanisms can be deployed silently as part of routine patching cycles. This does not require a new game release or user intervention.
Has it already been installed?
This is a fair assumption under standard security threat modeling practices.
- EA has already shipped kernel-level drivers (e.g., EAAntiCheat.sys) since 2023, and these are typically installed alongside online multiplayer titles such as EA Sports FC and Battlefield 2042.
- These drivers run with the highest system-level privileges, and the EA App has full access to update them.
- The compiled binaries are not open-source, not auditable, and may include encrypted segments or obfuscated logic, meaning users and third parties have no reliable way to verify what the software is actually doing.
Security best practices assume that any installed kernel-level driver is capable of full system access, including:
- Reading any file or memory region
- Installing persistence mechanisms
- Monitoring user input
- Communicating externally, including via encrypted channels
So yes, if you’ve installed a modern EA game, the capability is already there. The only real change under a new ownership model is intent.
Could this be a concern if the acquirer wasn’t Saudi Arabia’s PIF?
The kernel-level threat model doesn’t change based on ownership, the capabilities remain the same. But the motivations and likely use cases absolutely do.
It is a factual and well-documented reality that Saudi Arabia is:
- An authoritarian regime with little tolerance for dissent
- Known for surveillance and digital repression (including use of spyware such as Pegasus)
- Responsible for state violence, including the murder of journalist Jamal Khashoggi
- Building a significant intelligence and cyber operations apparatus under the guise of technological investment
In that context, PIF’s ownership of a widely installed, privileged software platform, with millions of endpoints and baked-in telemetry infrastructure, is not just theoretical risk, it’s an active national security concern.
It’s reasonable to assume that whatever institutional restraint EA may have had about using anti-cheat for more than gameplay integrity may now be loosened, or removed entirely.
Does this apply to all EA games? Is it properly disclosed?
EA claims that kernel-level anti-cheat is used “selectively”, primarily in high-profile online multiplayer titles. However:
- There is no centralized or transparent disclosure list showing which games install kernel drivers.
- The EA App and installers do not consistently warn users at install time that a kernel-level driver will be added to their system.
- Detection is only possible after installation, by manually inspecting the installed drivers or using tools like Autoruns, Process Hacker, or Sigcheck.
So while it’s technically true that not all EA games use kernel anti-cheat, the lack of disclosure and difficulty in verifying makes it functionally impossible for the average user to know which games are safe, especially given the bundled update system that can install new software silently at any time.
Games purchased outside the EA App (e.g., on Steam or Epic) often still require the EA launcher to run, meaning kernel drivers can still be deployed through those channels.
Not to my computer they don’t.
Yeah, I’m running deadspace in a sandbox from now on.
I don’t play EA games it’s being years. My Steam profile description is “#NoEAGames #NoUbisoftGames”.
There’s even some really good old games from EA but I just don’t play it, and that’s it.
You can just pirate those older titles.
EA makes third-rate games. Why couldn’t the Saudi PIF invest in Square Enix or Sega or Koei Tecmo?
The updated rootkit will be uploaded and installed to your computer kernel automatically upon closure of the deal.
Is this for real? I don’t think EA was purchased for the kernel-anticheat. There are Israeli companies that make spyware, Jared Kushner wouldn’t need EA for that.
Insert “2025 year of Linux Desktop” meme.
Honestly though, the only thing keeping gamers on Windows are the requirement of these Rootkits and inertia.
2025 was the year I finally ditched Windows and stopped dual booting.
I was going to proudly mention we don’t have any EA titles on our families steam libraries, thinking of their biggest names.
But then I found some abandonware like title in one of my kids libraries. So now I need to do more digging (oops, found more). Ofcourse all our machines run Linux (do I need to mention the distro? I feel I do but you can probably guess) so kernel mode access isn’t likely. But I think I need to pay more attention to sandboxing and isolating games.
It’s Hannah Montana Linux, isn’t it? You sly dog got it to run on a modern machine and now even your kids use it.
If it’s not Bazzite or Arch you need to do some explaining.
What’s the absndonware EA game?
I shouldn’t call it abandonware. First thing I found was Plants vs Zombies came up under EA in one of my kids libraries - sort of thing that runs well on his under powered school laptop. Think I mixed it up with Bad Piggies and all those old Rovio mobile games that basically got abandoned as publishers moved to adware and pay to win crap.
When I think of EA titles I think of Sims and sports and battlefield - which we don’t really play. I found It Takes Two and a few really old titles like Mirrors’s Edge that nobody plays and I don’t think are installed anywhere. Wasn’t sure about their relationship with Crytek. Not going to go too crazy removing stuff but its a good reminder to have a think about game sandboxing.
Well, I won’t be playing Battlefield ever again.
Will you do retain this attitude when all of culture has been put behind the dignity-wall and requires a neuralink brainchip for digital rights management purposes ?
What will you do when the last DRM unencumbered piece of entertainment is playing with a bunch of rocks and sticks ?
Well then I guess I’ll be playing with rocks and sticks. After all, sticks and stones may break the bastards bones.
Here’s hoping GOG will still be around when that time comes.
Tell us, oh oracle, wisest among us. What would you have us do? 🙄
disconnect the glass fiber that is flashing heinous light into my house and be happy with whatever still lives
Proton needs to be updated to run everything in podman containers.
Podman, docker etc are all linux namespaces, cgroups, seccomp, capablities etc underneath. You can get similar restrictions with systemd or flatpack/flatseal(bubblewrap) or firejail or other solutions. It could be built into Steam or wine or via flatpak. Podman/docker isn’t very friendly for gamers coming from windows but its good for more advanced users. Something like distrobox. Ideally focus all the effort on flatpak and make it great for everyone else.
Try dockur/windows container image.
Lmao
I posted this to /c/news where it was promptly removed of course
The removal might be duplicate post or original title related? I see this another post in the community with the same article here:
https://lemmy.ml/post/36868753
If you check the web UI, the cross post section should have links to those other posts.
As for the title rule, I’m not a mod there but we have a similar rule in [email protected]. What I’ve recommended to people is to keep the original title and then add extra context in the post body. The exception being when people add updates or fix clickbait with some indication that the title was modified. Or alternatively, make a text post where it’s clear that you wrote the title, and add the link(s) as supporting evidence in the post body.
Even if your custom title is correct, the rule is needed since it gets difficult for mods to weigh in on every post and decide on what’s correct and what’s misleading/disinformation
? I see this another post in the community with the same article
No, that post you mention, was posted 2 hours ago
my post https://lemmy.ml/post/36863093/21361452
Was posted 5 hours ago and came first
Certainly, the true reason of the deletion is that my title was too evocative of the underlying consequences of this purchase.
Rather than the establishment-spun neutral titled crafted my the mind washing specialists at the pseudo-journalistic outfit of “apnews” Who did not seek to cause trouble for shareholders.I’m sure if pushed the moderators would have rules-based legalese with completely above board reasonnable reasons for the deletion of my post, it’s not even worth asking what they were. they even have catch-all overbroad rules for this exact purpose anyway. We live under the constant crush of censorship even in these nominally decentralized spaces.
A great fire is well over due.
Or, ya know… Its rule 4 of the community that “post title must match article title”.
Very common rule on news communities to prevent people adding heavily editorialised statements that have no mention in the article they’re sharing. You’re welcome to add your editorialising in the post subtitle/text as far as I’ve seen. Pretty simple.
I agree with your take on the original news article, fwiw - it’s a fair concern. But communities have posting rules and you broke them.
Well the original title is “Video gamer Electronic Arts to be bought in largest-ever private equity buyout valued at $55 billion” Which only points to “wow this is large exchange of capital”
And the text of the article is just investor-centric propaganda like
"PIF, which was currently the largest insider stakeholder in Electronic Arts, will be rolling over its existing 9.9% investment in the company. "or meaningless puff like
“The IPO came seven years after EA was founded by former Apple employee William “Trip” Hawkins, who began playing analog versions of baseball and football made by “Strat-O-Matic” as a teenager during the 1960s”Ultimately concluding with “By going private, EA will be able to retool operations without worrying about market reactions.”
“Hickey is unsure if the transaction is in shareholders’ best interest.”
“The financial backing and resources of the investor consortium should enable EA to increase its focus on long-term growth opportunities that may have been viewed as too risky or expensive as a public company,”
In other words no mention whatsoever of the ethical, cultural consideration nor even touching of the largest stakeholders in the transaction, the IP License Holders and their interest in allowing a foreign enemy nation administrative access to their computer kernel beyond their own user privileges.
This is nothing less than dereliction of duty by this “apnews” company, obviously misdirecting the attention of the reader and quieting their non-sense inapplicable fears such as return on investment levels for the C-Suite and the interest of “Freedom Capital Markets”.
These rootless bugpersons are colonizing our attention, spamming their virulent thoughts to distracts us from real, imminent dangers while our hostile leaders are selling us out to the highest bidder, instead of being lined up against a brick wall next to a deep communal ditch.
Looks like you need a blog. You could post your own articles.
Am in the clear if I haven’t installed one of those games. Or just purchase is just as bad??
Well, it’s a driver and it runs in the kernel with system level privileges. I imagine as long as it remains installed the computer will be vulnerable to whatever is in there. And it’s undecypherable compiled code so we can’t tell what it is doing. I suspect shady bits will use the TPM cryptoprocessor to hide any malicious code so we’ll never know what is in there.
Even if you uninstall it, it just says it is uninstalled but it’s not like you can verify if it really uninstalled it or just renamed the files to something innocuous.
I will re-install windows entirely as if it had been infected by malware, and I just hope there’s a way in Steam to identify all EA games and block them from every installing even by accident
install Linux… I use arch btw
I use windows 10 and debian 13 on proxmox 9 !
if you haven’t installed their games there’s nothing they can do.
Well that’s not strictly true. If you run Windows, you already have a root certificate installed on your computer from the government of Saudi Arabia (sha1 fingerprint 8351509B7DF8CFE87BAE62AEB9B03A52F4E62C79).
The purposes don’t include code signing, so they probably can’t use it directly for malware. But it includes server identification, so they could possibly intercept your traffic and resume https with their own cert (which hopefully your browser would flag, but isn’t guaranteed). That would allow them to serve malware.
An easy way to get access to your traffic is bgp hijacking: https://en.wikipedia.org/wiki/BGP_hijacking
Just play their older games that don’t have this nonsense. That’s a compromise I’d be willing to make.
It means all EA games going forward will be hostile nazi spyware. They can drop illegal documents on your computer remotely. Take all your information, and sell it off quick on the cheap… to other nazis.
Nazis like this destroy everything they touch. EA wasn’t great, and was getting worse, but never deserves to be turned into nazi spyware - especially to anyone (not necessarily stupid, but probably) that enjoys sports (and their dumbass kids).
And disable automatic updates
No, they didn’t. I use TAILS
How do you play Battlefield 1 on TAILS ?
You dont.
So isn’t that tantamount to letting the ghouls purchase culture away from us ?
500 years into the future the only thing we’ll be playing is offline games from 1984-2014
What a sad ending for humans !Sad for you perhaps
Must we abandon art for it has been poisonned ?
I’m not sure corporate greed is art, but whatever philosophy floats your boat.
That will help with the backlog.
Very few games require malware. They are not adding this requirement now, it was already there. American company requiring you to install malware to use their products is no better than a Saudi company. So who will be affected by this? A few dudes who pretend they like freedom but still install malware game on a malware os?
How can you even tell without install ghydra ?
How can normies be expected to know without strong labelling laws or whatever it takes for distributors to actually provide informed consent about their silly little game rootkitting your private computer space ?
oh no my treats!!
