It is easy to say things like: “Only run well-know software from trusted sources!! This is what I already do for my most important PC as good as possible. The most safe way to achieve this is a completely closed system – like it is the case on modern gaming consoles. But this is not what I want. I want to be able to run arbitrary software and not a guardian telling me what is allowed and what is unauthorized software.
Trying various homebrew software is fun and that is what gaming consoles are for: Fun. There is more than Luma3DS and FBI to install commercial games – and even this is potentially problematic if a user obtains their .CIA files from illegal sources – I’m shielded from that kind of problem because I obtained my games from the eShop and from cartridges, but I guess many members of this forum are more morally flexible with that. At least for the Switch there have been malicious files (effectively trashing the OS) claiming to be Pokemon games. So it has happened.
While bricking or infecting PC motherboards (BIOS/UEFI) is possible, I’ve never heard of any big attacks in the wild – just proof of concept. Normal computer malware does some damage to the software. Worst case is normally overwriting the HDD/SSD and reinstalling the OS. I’m pretty confident that the malware which is currently in the wild can’t do permanent damage to my stuff (prove me wrong – I’m really interested and hope to learn something). Being able to run arbitrary software on a device where this was never intended by the manufacturer is a worse situation than on a PC. Reinstalling for example Windows is intended (new Windows version, real bad misconfiguration, HDD died, experiments…). This BIOS/UEFI as a minimalist software stays and allows this. No problem here.
Reinstalling the operating system of a Nintendo console is not intended. You’re not supposed to be able to damage the OS in the first place. There is no “Plan B” for the end user¹→ Messing up CBHC means “GAME OVER!” Not being able to restore from software damage makes consoles with CFW an easier target than PCs (not even taking software caused actual hardware damage in account). Writing very few bytes to the NAND can make a gaming console inoperable² to a point where advanced soldering skills are needed to revive it – given a backup exists – if not: that's careless.
Long story short: Consoles being so vulnerable is terrible. Any ideas to minimize risks besides “Just don’t run any non well-known software!”
____________________
¹ ntrboothax on the 3DS family and fusee-gelee on early Switch models – possible because of security flaws – are a very welcome exception.
² I also have some other, possibly worse, ideas what malicious software might do on a console.
Trying various homebrew software is fun and that is what gaming consoles are for: Fun. There is more than Luma3DS and FBI to install commercial games – and even this is potentially problematic if a user obtains their .CIA files from illegal sources – I’m shielded from that kind of problem because I obtained my games from the eShop and from cartridges, but I guess many members of this forum are more morally flexible with that. At least for the Switch there have been malicious files (effectively trashing the OS) claiming to be Pokemon games. So it has happened.
While bricking or infecting PC motherboards (BIOS/UEFI) is possible, I’ve never heard of any big attacks in the wild – just proof of concept. Normal computer malware does some damage to the software. Worst case is normally overwriting the HDD/SSD and reinstalling the OS. I’m pretty confident that the malware which is currently in the wild can’t do permanent damage to my stuff (prove me wrong – I’m really interested and hope to learn something). Being able to run arbitrary software on a device where this was never intended by the manufacturer is a worse situation than on a PC. Reinstalling for example Windows is intended (new Windows version, real bad misconfiguration, HDD died, experiments…). This BIOS/UEFI as a minimalist software stays and allows this. No problem here.
Reinstalling the operating system of a Nintendo console is not intended. You’re not supposed to be able to damage the OS in the first place. There is no “Plan B” for the end user¹→ Messing up CBHC means “GAME OVER!” Not being able to restore from software damage makes consoles with CFW an easier target than PCs (not even taking software caused actual hardware damage in account). Writing very few bytes to the NAND can make a gaming console inoperable² to a point where advanced soldering skills are needed to revive it – given a backup exists – if not: that's careless.
Long story short: Consoles being so vulnerable is terrible. Any ideas to minimize risks besides “Just don’t run any non well-known software!”
____________________
¹ ntrboothax on the 3DS family and fusee-gelee on early Switch models – possible because of security flaws – are a very welcome exception.
² I also have some other, possibly worse, ideas what malicious software might do on a console.
