Kernel anti-cheat systems are currently the bane of Linux/Steam Deck gaming, haven’t actually proven to be effective at stopping cheaters (see Valorant for an example), and lead to various security concerns from giving 3rd parties full access to your machine to being used to install ransomware and malware.
Windows tried to restrict kernel access years ago, but backed down under pressure from various companies. However Crowdstrike’s outages have shown the sever consequences of leaving kernel access open, and we might finally see kernel access to be cut off.
what kills me is we Solved Cheating in the 90s and early 00s. It’s called dedicated servers. People would buy a game someone would setup a server and if you were a dick or cheat you would get kicked and each sever was like a community just like it is here.
But the companies want control they want to be able to shut download the game on their timetable and get you to buy the next game. A tool or system is never going to fix this people and breaking communities into manageable chunks can.
Hell back in the day servers were hacked on purpose to create new types of games. Anyone remember CS Surfing and Sniper only maps in TFC.
the point is people can hack away break the game beyond recognition but they can do that off in their own space.
Now I know that breaks global leader boards and other ego driven things but I’m just talking about having fun with games.
Those were the days for sure. Dedicated servers were fantastic, you’d often run across the same people in the same server as well and get to know folks. A community, like you said.
yeah remember heat.net?
I don’t but it’s probably pretty region dependent. In Australia I used to play on Internode servers a lot.
ah cool yeah it was this thing in the US where you connected into rooms that had dedicated servers attached to them but under the hood it was all peer to peer I think that would be a server browser for games that didn’t have that like quake, quake 2 and mechwarrior 2, decent. It was run by sega.
What made it crazy awesome is you generated points by logging in and playing to spend in the heat store and they sold like GPUs like voodoo 2 2000s and gaming mice, etc.
It all crashed in a blaze once people figured out you could just camp in games an minimize and keep generating points.
By that point Half-life and Quake 3 was out and had the server browser built in so it was on the way out anyway.
Oh nice that sounds awesome! The only similar kinda thing I remember from back in the day was Microsoft Zone. Used to play a bit of Total Annihilation on there.
I mean we have entire genres only because people back in the day modded the shit out of game servers. Team fortress and DotA were both mods before becoming actual games.
I remember those days, but this was before Microtransactions and battlepasses.
Back then when you bought a game it was complete and you owned it…
There was global leader boards way back in the day. I think it was called the Quake World League, it was one that would count Counter-Strike. I am not 100% but I think it used gamespy to do much of its work. I remember when it showed millions of people active and I was able to reach a top 20 in Counter-Strike one week. I was able to break the top 100 many times before it changed.
yeah you’re right so it was eventually better than I remembered back then
MS had this implemented originally in NT4 then started allowing more drivers direct access for performance.
They tried again with VISTA but McAfee and Symantec cried to the EU and forced MS to back down.
Apparently apple got away with implementing it however.
Apple implemented a kernel API for security software and made it good enough that they forced their own tools to use the API.
MS’s own tools depended on kernel access but they tried locking out 3rd party vendors without building a replacement like Apple did.
McAfee and Symantec correctly pointed out how this would be using monopolist powers to block competitors.
Microsoft needs to shut up and do the work to make their kernel secure.
Apple implemented a kernel API for security software and made it good enough that they forced their own tools to use the API.
I haven’t looked at the Security API in depth but I have looked at the iOS APIs… Apple gets away with their own apps having MUCH MUCH deeper access than what they give 3rd parties… I would be SHOCKED if their kernel API is all they use in their own tools.
Microsoft needs to shut up and do the work to make their kernel secure.
The EU ruling is very broad however, if it has just been security tools YES MS could have just built out the APIs and used them for defender, but the EU ruling makes it so open we have wonderful video game anti cheat and DRM drivers from all sorts of providers playing around in driver / kernel space.
Apple got away with implementing it
I have no idea either way - floating a question.
Did apple previously allow kernel access and then restrict it again? It seems the specific issue with MS vs McAfee etc is due to originally being allowed access, but microsoft restricted it, affecting their products?
Yes, System extensions on macOS Catalina 10.15 or later allow software https://developer.apple.com/support/kernel-extensions/
I read dilemma as diarrhea and didn’t think much of it…
if they build a proper API for it, wouldn’t we be in the same place as now ?
Finally windows get some kind of improvement after going downhill so much.
roblox on linux?
If stopping any and all cheating 100% perfectly and forever is your only metric on “stopping cheating.” Then you have a distorted view on the effectiveness of current anti-cheat tools.
I mean Valorant has a lot of cheaters, it doesn’t really seem like kernel anti-cheat has been more effective than other forms of anti-cheat. There’s also an increasing number of hardware peripherals that offer cheating assistance, and these can’t be detected by kernel anti-cheat because the cheating happens on separate hardware.
My point is that kernel anti-cheat has major privacy and security tradeoffs, which is a steep cost to pay. A steep cost is only worth it if it has a significant benefit to the users, and in practice it doesn’t.
Have you considered that the reason cheaters have to go hardware level is because kernel level anti-cheats are effective at what they’re supposed to do?
I’ll also ask this question, what do you are the alternative solutions to client side anticheats?
I’m not against client side anti-cheats in general, but kernel level ones are too big of a security risk in my opinion.
The US government is banning apps like tiktok and considering banning DJI drones due to the amount of data they collect and send back to China. Several of the most popular games using kernel anti-cheat are all Chinese owned companies, and the whole point of kernel anti-cheat is that it has full access to your computer (making it hard to hide cheating). I have a strong suspicion that even if Microsoft doesn’t restrict kernel access, we may see government bans on some of these games.
I get the privacy issue but there’s effectively no non-kernel anticheats on the market. I think VAC doesn’t run in kernel level and CS is known to have a huge cheating issue, so much that competitive CS has spun off into third party provider who among other things uses a kernel level anticheat. You can’t be for client side anticheat and be against kernel anticheat. Non-kernel anticheat simply doesn’t do its job.
I can’t imagine how Microsoft locks down Kernel so that it’s also locked down for cheat developers (because they don’t really care about regulations). If it’s locked for anticheat developers but not for cheat developers then it’s going to end up being a bad time for us.
go look at some forums for cheating, and you will see that they really do not work very well. it may be a cat and mouse game, but there is constant reverse engineering work and development being done (some of which is even paid work for paid cheats), and there is pretty much always a solution for new anticheat measures that someone finds.
the only unbeatable anticheat is a server side one
Server side is beatable too.
My point is anti cheat will never be perfect, and you just rattled off a bunch of text to say that.
Anti-cheat efforts do make an impact on the pervasiveness and culture of cheating, general hacking and griefing.
Server side is beatable as in, you could inflate your skill to that of a professional player.
The optimal serverside anti cheat would be able to recognize what gameplay is human level, and what gameplay is impossible or very unlikely to be human, and make punishment decisions based on that.
Then, the best cheat would just be almost perfectly simulating a pro player, and at that point the cat and mouse game of anti cheat and cheating would be far far less relevant.
Something like blatant tf2 spinbotting, or scoping someones head through a wall right before peeking them in r6, are absolutely detectable serverside with heuristics or machine learning models or etc, and that should be worked on rather than embedding some spyware into my uefi firmware or whatever.
Anything is beatable, hackable and abusable given the time and resources, and it shouldn’t be my system because some idiotic management took the decision to enforce ring0 access anti cheat to ban some percent more hackers.
No one said that anti cheat efforts do not make an impact, but the impact of ring0 anti cheats is massively overrated
The op said they don’t stop cheaters. Implying it makes zero impact.
haven’t actually proven to be effective at stopping cheaters
This is what OP said, and it’s completely correct. It’s not that much impact in comparison to “regular” anti cheat systems. And both of those only detect either cheap/bad or known hacks.
Server-sided and data based anti cheats is what would actually be a huge step up. You’re running a 8 K/D in a game where the best players are between 1-2? Banned. You just flicked two enemies within 100ms? Banned. Suspicious activity that’s not that blatant needs to be reviewed.
The thing is - that’s fucking expensive, complicated and needs to be done one a per-game basis, and since its just cheaper to throw you under the bus with a kernel anticheat and claim it’s the best one, that’s being done.
Even if we play make believe that they make any difference at all (they don’t), it would still be unforgivable to install malware on someone’s computer to prevent cheating in a computer game.
They do make a difference. I’ve been party to the difference that bringing these tools to a platform does.
Client side anti-cheat is inherently flawed. These games are asking an untrusted computer whether it is cheating. That’s like asking a known liar whether they’re lying at that moment. The one way to make it harder for the computer to “lie” is by increasing the permissions the AC has, which comes at the cost of privacy for people with the game, and security for every Windows user (not just the ones with a certain game installed).
Client side anti-cheat can be poked and investigated locally, with no restrictions. All it takes a skilled enough cheater is time, and they will bypass it. The only way to test server side anti-cheat is by hopping in the game, trying to learn how it works, and trying to bypass it. That is a much more time consuming and expensive process.
