Now if only they could more clearly communicate when games are playable offline.

  • Woodstock@lemmy.world
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    1
    ·
    22 days ago

    Can someone explain like I’m stupid on kernel level anti cheat and why I should watch out for it? Not a dig at all, a genuine question!

    • ArchRecord@lemm.ee
      link
      fedilink
      English
      arrow-up
      102
      ·
      edit-2
      22 days ago

      To put it very simply, the ‘kernel’ has significant control over your OS as it essentially runs above everything else in terms of system privileges.

      It can (but not always) run at startup, so this means if you install a game with kernel-level anticheat, the moment your system turns on, the game’s publisher can have software running on your system that can restrict the installation of a particular driver, stop certain software from running, or, even insidiously spy on your system’s activity if they wished to. (and reverse-engineering the code to figure out if they are spying on you is a felony because of DRM-related laws)

      It basically means trusting every single game publisher with kernel-level anticheat in their games to have a full view into your system, and the ability to effectively control it, without any legal recourse or transparency, all to try (and usually fail) to stop cheating in games.

      • ampersandrew@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        65
        ·
        22 days ago

        And it’s worth noting that trusting the game developer isn’t really enough. Far too many of them have been hacked, so who’s to say it’s always your favorite game developer behind the wheel?

        • sp3ctr4l@lemmy.zip
          link
          fedilink
          English
          arrow-up
          21
          ·
          22 days ago

          Or, even better, when you let a whole bunch of devs have acces to the kernel…

          sometimes they just accidentally fuck up and push a bad update, unintentionally.

          This is how CrowdStrike managed to Y2K an absurd number of enterprise computers fairly recently.

          Its also why its … you know, generally bad practice to have your kernel just open to fucking whoever instead of having it be locked down and rigorously tested.

          Funnily enough, MSFT now appears to be shifting toward offering much less direct access to its kernel to 3rd party software devs.

      • barlescharkley@lemmy.world
        link
        fedilink
        English
        arrow-up
        59
        ·
        22 days ago

        More importantly, if traditional anticheat has a bug, your game dies. Oh no.

        If kernel level anticheat has a bug, your computer blue screens (that’s specifically what the blue screen is: a bug in the kernel, not just an ordinary bug that the system can recover from). Much worse. Sure hope that bug only crashes your computer when the game is running and not just whenever, because remember a kernel-level program can be running the moment your computer boots as above poster said

      • FeelzGoodMan420@eviltoast.org
        link
        fedilink
        English
        arrow-up
        10
        ·
        22 days ago

        Not all anti cheats run at startup. Some only run when you play a game. I think vanguard for valorant ran all the time at first and people were pissed. Meanwhile easy anti cheat runs only with a game. So it depends. It all sucks though.

        • ArchRecord@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          ·
          22 days ago

          That’s definitely true, I probably should have been a little more clear in my response, specifying that it can run at startup, but doesn’t always do so.

          I’ll edit my comment so nobody gets the wrong idea. Thanks for pointing that out!

      • Katana314@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        21 days ago

        It’s not just trust of the game developer. I honestly believe most of them just want to put out profitable games. It’s trust that a hacker won’t ever learn how to sign their code in a way that causes it to be respected as part of the game’s code instructions.

        There was some old article about how a black hat found a vulnerability in a signed virtual driver used by Genshin Impact. So, they deployed their whole infection package together with that plain driver to computers that had never been used for video games at all; and because Microsoft chose to trust that driver, it worked.

        I wish I could find an article on it, since a paraphrased summary isn’t a great source. This is coming from memory.

        • catloaf@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          21 days ago

          It’s trust that a hacker won’t ever learn how to sign their code in a way that causes it to be respected as part of the game’s code instructions.

          That’s not an accurate description of the exploit you describe. It sounds like the attacker bundled a signed and trusted but known vulnerable version of the module, then used a known exploit in that module to run their own unsigned, untrusted code with high privileges.

          This can be resolved by marking that signature as untrusted, but that requires the user to pull an update, and we all know how much people hate updating their PC.

    • ℍ𝕂-𝟞𝟝
      link
      fedilink
      English
      arrow-up
      35
      ·
      edit-2
      22 days ago

      Making it super simple, it runs with full access on your machine, always. It can fuck anything up, and see everything. It can get your browser history, banking details or private messages you enter, activate your webcam or mic without you knowing, or brick your computer even.

      And you can’t even check what it’s really doing on your computer because it’s a crime under US law.

      Finally, it can get hacked and other people than the creator can do all these to your computer as well,as it already happened once.

      • scarilog@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        22 days ago

        And you can’t even check what it’s really doing on your computer because it’s a crime under US law.

        Is this specifically for kernel level anticheat? Because this isn’t a thing for software in general right??

        • ℍ𝕂-𝟞𝟝
          link
          fedilink
          English
          arrow-up
          4
          ·
          22 days ago

          It’s a thing for any measure said to enforce copyright under the DMCA.

          So it’s a thing for most proprietary software.

        • Miaou@jlai.lu
          link
          fedilink
          English
          arrow-up
          1
          ·
          22 days ago

          If anything reverse engineering is more permissible in the USA than many other places, IIRC

    • yamanii@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      22 days ago

      Easy, a bug in battle eye forced me to reinstall windows, this kernel access has to go.

    • LoboAureo@lemm.ee
      link
      fedilink
      English
      arrow-up
      8
      ·
      22 days ago

      Also, the most games that don’t work in linux is for this reason (and steamdeck works in linux)

    • mrvictory1@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      21 days ago

      Imagine a game having higher privileges than what you get with “Run as administrator”