Add a note for gamers (and others) about core isolation and stack protection

Affected section of the guide

Windows 11 Hosts/VMs

Short description

By default, Windows 11 will have Hardware-enforced Stack Protection on, and this prevents an unvetted/whitelisted (by Microsoft) process from attaching to another running process.

Problem: this prevents many anti-cheats from working or any process that would need to attach to another running process (for malware analysis for example).

Result: Those anti-cheats advise users to disable this. Yet this will also result in cheating software being able to work. Or any malware to work and attach to a running process.

Conclusion AFAIK: Don't listen to the anti-cheat devs recommending disabling this important feature. The reason is that they're lazy and didn't complete the vetting process of MS in time. KInda similar to default Secure Boot keys.

At least they should be aware of this risk. It's not only about anti-cheat but any malware that could compromise a VM or the Host system using an undiscovered exploit for example.

Those anti-cheat devs are just asking people to make their Windows systems less secure.

Research

Example of such a recommendation by a well-known anti-cheat, the first topic in their FAQ.

https://www.battleye.com/support/faq/

For a gamer, a game using this anti-cheat will not work at all and prevent the gamer from well ... gaming.

Example for understanding what this protection does and why (with official references from MS):

https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815

Required checks

• This is not an opinion. It is fact. It is backed by [my own] research.
• I agree to the PSA Code of Conduct.

Adding, this is a nice feature that existed before but it now active by default on W11. This could affect for example, Tor Browser users (the simplest route) who are not using the "safest" mode (without JS which breaks practically every website) if there is an unknown/undisclosed/0day exploit within JS. This is just my personal opinion.

[nopeitsnothing]

It is a nice protection against ROP exploits, sure. I don't enable this in my VM because the VM is simply firewalled and I have a lot of segregation from Windows to my Host OS (Qubes w/ Whonix). It's significantly better for a malware analysis VM to have this disabled for proper execution and dynamic testing of functions in malware. But I digress, this is a strong protection for Windows users in any way not using Windows as a VM of which can be disposed. I recommend leaving it on and this will affect gaming, naturally, due to Anti Cheat software like the above.

There are known exploits for Tor Browser versions so you should be careful with JS. I do not recommend enabling it at any point unless you can trust the website, and even then it is a huge risk for some, who may be targeted by those hunting whistleblowers or journalists and using drive-by exploits. The FBI has done this before for darknet vendors and other reasons I won't discuss here.

Bottom line: the protection is enabled for a reason.

[nopeitsnothing]

I will probably add a section in Windows setup of the guide for those who wish to use their computer for gaming (not in a VM, however, which is not covered because of hardware compatibility and passthrough). More importantly, there needs to be a section about stack anyways.

Or non-gamers if they just use Tor Browser with some JS exploit ...

Gamers should complain to the game devs about anti-cheats being too lazy to fill the MS forms for vetting their software.

[nopeitsnothing]

I doubt the vendors would even reply to requests for information regarding their software to prevent cheating. It's as simple as "if we tell you what exactly it does, it would defeat the purpose of Anti Cheat". The onus is on the computer owner and that's sad, but true.