[Inquiry]: Support for games and other GPU apps?

[Zeblote]

Description

Hi, could this system be used for apps that require the use of the GPU, such as any current multiplayer game?

Modern games are written under strict time constraints but require very high performance, leading developers to implement wildly unsafe game engines in C++. Multiplayer games are at particular risk here as huge amounts of untrusted data generated by other users have to be processed constantly.

This seems like a perfect use case of isolation to me. For example, my understanding is that it would limit the impact of bugs like the one exploited by https://github.com/tremwil/ds3-nrssr-rce to essentially nothing. Since even if the game is fully compromised, it's still contained within the sandbox and doesn't actually have any permissions that could be used to go from there.

So my questions are:

• Will this work for games? If not, are there any plans to work with GPU vendors to make it work?
• Does this allow specifying rules such as: the game can read from its installation, read/write from to its user data subfolder, and otherwise not access any files or other processes at all?

I'm very interested in using such isolation features for our game. It's been my number one feature request for windows for a very long time so I'm very happy to finally see it being worked on!

[cchavez-msft]

Hi, @Zeblote. Thank you for your inquiry. Here are some clarifications:

• The feasibility of utilizing the App Silos feature for games depends on the method of installation. Currently, for games obtained through digital distribution platforms like Steam, the feature is not yet supported, but we are working on enabling this functionality in the future. It's worth noting that App Silos do support GPU utilization.

• If you have a native installer for your game, the isolation feature can be applied more easily. However, challenges may arise when attempting to isolate games installed through other means, as mentioned previously.

Please let us know if you have any further questions or concerns.

[NathanMott]

It's worth noting that App Silos do support GPU utilization.

Does this mean App Silos will not be a good fit even for normal desktop applications that use the GPU? Chrome, Video Players, Video Editors, AutoCad, etc.

Do you have any plans to support GPU utilization?

[cchavez-msft]

Hi, Nathan. As I mentioned in the response, " It's worth noting that App Silos do support GPU utilization." So yes, any application which uses GPU is a good fit as long as it doesn't have any other features that are incompatible. In a nutshell, App Silos does supports GPU utilization.

[Zeblote]

Hi @cchavez-msft, last summer you mentioned you were working on supporting this feature for games obtained through Steam, have there been any updates on this?

[cchavez-msft]

Hi, @Zeblote. We wish you have been doing great. We are working on this to have it available in the future. We will write respective updates when the time comes. We are sorry for the inconveniences of not having this available yet, but we are working extremely hard to surpass expectations. Thank you so much for staying in touch with us.