Kernel anti-cheat is an overreach

(nooneshappy.com)

104 points | by zdw 2 days ago ago

117 comments

  • km144 a day ago ago

    > So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

    The article makes an argument that anti-cheat is not worth the trade-off, yet the author admits they are a non-gamer. Then they go on to present one example of anti-cheat that tells us all we need to know about actual gamers' preferences—FACEIT. For those who don't know, FACEIT is a third-party matchmaking service, primarily for CS2. People choose to go through the hoops of using third-party service that installs kernel-level anti-cheat on their computer because it helps to keep cheaters out of their games. This seems like pretty strong evidence that the author's argument is not a good representation of gamers' thoughts on this. I don't know what the actual solution is. I suspect if Valve made their own kernel-level anti-cheat people might trust it more, but it's still the same problem.

    • avadodin a day ago ago

      Faceit has cheaters too by all accounts and some of the cheats have advanced to the point that not even kernel access under secure boot helps as they don't even run on the same device.

      Behavioral patterns are a much better target.

      If your cheats make you play like a legit player, who cares? It's the same as in the gym. People are bothered by people who look like Ahnold, and still can't lift one plate. Not the fattie who takes t to look like a normal person.

      I think that's the spirit of VAC.

      The only issue is it can't —or won't— detect people helicopter–hopping no–scope sniping around the map or terrible players who shoot you in the face every time in 12ms.

      • literallyroy 20 hours ago ago

        Saying FACEIT has cheaters “by all accounts” feels like a bad faith argument without including that it has significantly fewer cheaters (at least at higher ranks). As well as having the ability to report to real human moderators.

        I have too many hours in cs:go and cs2 and am level 10 FACEIT. I have had many awful cheater experiences in the native competitive systems but have never had an obvious cheater (never reported someone) in a FACEIT match.

        It works. It raises the bar high enough that cheating is significantly less frequent.

      • ____mr____ 9 hours ago ago

        > If your cheats make you play like a legit player, who cares?

        Many people

    • lenkite 14 hours ago ago

      The only acceptable and correct trade-off for anti-cheat is fully remote gaming + locked-down console, where the Game companies own the software and servers and hardware and just rent you a "play slice" via their locked-down console. I suspect even then, they will want to install tools to monitor you to satisfy their "analytics"

    • nomel a day ago ago

      I suspect the only technical alternative would be the extreme of "this is not your system at all" mode, and necessarily involve dedicated hardware, where you can boot your computer as a "game console". I also suspect this would mean that mode would necessarily be the "primary" mode [1], PS2 style.

      [1] https://en.wikipedia.org/wiki/Linux_for_PlayStation_2

  • giov4 2 days ago ago

    Uninstalled riot years ago, not playing games that dont run on linux with proton, problem solved and you should do the same.

    Avoiding to play games that take over my system on a low-level is a no go, I can live without LoL or BF6 and I live even better :)

    ignoring this problems means you don't care about your identity, data, privacy and you prefer to keep ignoring this and play the games that hype abd you like, but inside you know that long term your are profiled and such profiling will be used against you!

    • Parae 13 hours ago ago

      I play fighting games. Didn't even bother to try 2XKO on Windows because I knew I won't be able to play on Linux due to Vanguard.

    • a day ago ago
      [deleted]
  • SwellJoe 14 hours ago ago

    I have purchased every Civilization (and closely related) game since III. I have played more hours of any single Civ than all other games combined.

    I didn't buy Civ VII, because I don't buy malware. As long as it's got Denuvo, it's not a game I'm buying or playing.

    • preisschild 14 hours ago ago

      Fuck Denuvo's parent company (Irdeto) too. They have been making DRM cards for austrian state TV for decades and thus making it a PITA to do something like broadcasting your TV signal over IP to the TVs in the house...

  • ChocolateGod 2 days ago ago

    > Riot went as far as pushing a UEFI firmware update to Valorant players to close a hardware attack — the first time an anti-cheat has reached below the operating system to change your firmware

    I don't believe Vanguard did this at all? It told users they need to update their firmware to play, it didn't touch the firmware itself.

    > Cheats started in user space, so anti-cheat moved into the kernel to see them. Cheats followed into the kernel, and then below it into hypervisors

    I think cheats moved into kernel space before anti-cheats did.

    • glitchc 2 days ago ago

      Almost all trainers from time immemorial operate in the kernel space because they require direct access to memory addresses. The whole cheats paradigm started with altering values stored at specific addresses. Alter the right value and the player character gets infinite ammo or lives or whatnot, and it went from there. Modern day cheats embed more sophisticated logic that ultimately boils down to altering locations in memory in a specific order, which brings me to my point:

      An anti-cheat mechanism can always be defeated if the cheater can access a lower order of abstraction from the mechanism. An arms race is the inevitable outcome. It's either that or competitive gaming is not viable.

      • jjmarr 2 days ago ago

        > An arms race is the inevitable outcome. It's either that or competitive gaming is not viable.

        I'd rather just give my passport and do one of those face turning challenges to play competitive video games. Then if I get caught cheating, my real life identity can't play anymore, rather than make a new account and "get better at cheating".

        If I am a habitual cheater in literally any other sport on Earth, governing body figures that out and issues me a lifetime ban. At that point, I'm blacklisted. Even my Tuesday night dodgeball league can issue bans that actually stick because they know my real identity.

      • gopher_space 2 days ago ago

        I mean the assumption here is that administration needs to be automated. Cheating is an intermittent problem at worst on moderated servers.

      • charcircuit 2 days ago ago

        Windows has no security between processes reading and writing each other's memory as long as they are from the same user. You doing need kernel level access to do it.

      • ButlerianJihad 2 days ago ago

        > The whole cheats paradigm

        You are limited in envisioning a game where the client device is being trusted for ground truth about the game.

        In client-server models, it is possible to limit trust such that many cheat modes and methods are impossible. Furthermore is the “remote GPU streaming” model like Stadia, which nearly obsoletes conventional techno-cheating, and likewise obsoletes kernel-mode anti-cheat.

        • jjmarr 2 days ago ago

          You can buy an autoclicking device or software that recognizes screen pixels of enemy avatars and instantly clicks to kill them. This works in "remote streaming" situations and is ~30% of the cheating dataset detected by Riot's kernel level anticheat:

          https://www.riotgames.com/en/news/vanguard-on-demand

          > A “pixelbot” is a computer vision cheat that injects player input for the purposes of aiming at heads or casting spells with perfect timing. Coming in “external” (hardware microcontroller) and “internal” (python script) varieties, pixelbots can be extremely impactful in VALORANT due to the low time-to-kill, sometimes just simply pulling the trigger for the cheater when an enemy enters their reticle (also known as a “triggerbot”).

          • pona-a 2 days ago ago

            But really, if HID becomes suspect too, then why do you even need kernel level anti-cheat, if all you can do is behavioral detection?

            • ChocolateGod 2 days ago ago

              If you're in the kernel you at least have raw access to the USB controller and input events, thus can try pick out real mouses from fake ones.

              • pona-a a day ago ago

                If the point of those events is to be registered by the game program, you already have all the data you need, otherwise you're building a keylogger.

                The most the kernel can try to tell you is what's plugged in, but the cheater can easily make the fake HID interposed between the real keyboard and USB.

          • iscoelho 2 days ago ago

            This isn't possible in Valorant. Their kernel module is extremely particular about input devices:

            1) only allows a single mouse input device at a time

            2) completely ignores virtual mouse input

            3) flags "special"/"uncommon" input devices

            Their anti-cheat is actually much more involved and effective than most would assume.

            • Hikikomori 2 days ago ago

              Websites that sell DMA devices also sell devices that merge mouse usb and hdmi signals that allows you to run the cheat on another machine and let it display en ESP overlay and do aimbot. It's likely that a naive implementation of such an usb device would be detected. But can you create such a device that uses a normal mouse usb driver and looks like a normal mouse?

              • iscoelho 2 days ago ago

                At least in Valorant, DMA is becoming impossible due to IOMMU / Memory Integrity enforcement. The only option is becoming pixel bots.

                As for faking the input device: I'm sure it's possible, but I'm also sure that perfectly spoofing an input device is much easier said than done.

                Even if it is possible, all they have to do is make it hard enough to where the percentage of players cheating is at the point where you will rarely if ever encounter a cheater in your matches. As far as I'm aware, Valorant is one of the only games that has accomplished that.

        • glitchc a day ago ago

          User input is always sourced at the client device. There is no other source of truth, therefore any hacks that manipulate input will not be detected server-side. Additionally, using only the server state gives a distinct advantage to the better/faster connection. This was true in Quake 2, but games have become a great deal more sophisticated since then.

        • Hikikomori 2 days ago ago

          Aimbot will always be possible, it only uses what you see. ESP/wallhack can be somewhat curbed and has already been done in cs and valorant, but it really only works well with small player count and simple geometry maps. Stadia is dead, but it and geforce now had way too much delay to be enjoyable for competitive games where anti cheats are needed.

          • iscoelho 2 days ago ago

            Aimbot is actually very solvable!

            1) When DMA is fully blocked, Aimbot resorts to being a pixel bot.

            2) Once you're relying on a pixel bot, all the anti-cheat has to do is "bait" the bot. After you click the bait a few times, you're banned. (:

            RuneScape is actually the pioneer of this technique.

            • myrmidon a day ago ago

              Baiting alone is not a reliable long-term solution, because it both interferes with competitive games (a lot) and because it requires you to basically stay on top of a captcha escalation (especially once cheaters limit themselves to "realistic" reaction time constraints), and this is a bad position to be in (because it means continuous effort for the developer).

              The most helpful approach in my view is to make fresh accounts expensive for cheaters so they can't iterate easily; if the game developer can extract profit from such ban circumvention attempts then all the better.

              • iscoelho a day ago ago

                You'd be surprised to know that this strategy works quite well! Pixel bots require a hardware fake display when faced with kernel anti-cheat. They also depend on color/pattern recognition, as AI is not yet capable of operating at the frame rates required for competitive games. That allows the bait to be seen by a bot, but invisible to the eye.

                If you are successfully baited and detected, you also get HWID banned, so it only takes once. This makes cheating via pixel bot unviable.

                On the contrary, DMA is so desired because it eliminates this risk.

    • sitzkrieg 2 days ago ago

      long beforehand naturally. the arms race is as good of an excuse as any to trample user rights though

  • nubinetwork 2 days ago ago

    > During setup, I did a clean Windows 11 install

    > Unfortunately the install was legacy MBR

    > I was forced to convert the disk with mbr2gpt and spent about an hour manually rebuilding the boot drive to work under UEFI.

    I'm surprised Windows 11 even booted on MBR, I was under the impression that after 7 all Windows installs had to be GPT/EFI, regardless of whether secure boot was on or not.

  • cowthulhu 2 days ago ago

    This article reminds me of Chesterton Fence - the author is complaining about something, without ever experiencing why it exists.

    • CursedSilicon 2 days ago ago

      I must admit I immediately questioned the credibility of the article when the author admitted they "aren't a gamer" and then started making allusions to vague political threads. Not to say these criticisms aren't valid, but they're a weird jumping off point

      The reality is none of the companies want to do these things. Every step in this process locks out some subset of customers. And that's not including the ones who meet the technical requirements but are turned off enough by the decision to just avoid the games anyway

      They're an unfortunate response to how utterly profitable and expansive cheating in online games has become. They cost the companies precious development time that could be spent making the game better to instead make it just vaguely "playable" for normal people

      • orbital-decay a day ago ago

        >The reality is none of the companies want to do these things. (...) They're an unfortunate response to (...)

        This reasoning can be used to justify pretty arbitrary behavior, don't you think? Intent is irrelevant for malice, incentives are enough.

    • orbital-decay a day ago ago

      I used to host pretty popular servers for several games (mostly the PvP survival kind), built a community around them, and developed custom admin software. It's hard to say I haven't experienced this first-hand, I fully understand the reasons for this to exist. Yet I 100% agree with the author, this went way too far long ago. This will NOT stop until the personal computers are forcibly locked into a fully attested hardware chain, for everyone not just gamers. The control over your personal computer will be eventually taken from you even if you never played a game in your entire life. And then cheats will simply move outside the machine entirely. No entertainment is worth it.

      Starting from a certain point, the solution for cheating is better game design, more human involvement, and community building, not adding more restraints which will be circumvented in any case.

    • ronsor 2 days ago ago

      Unlike the Fence, kernel anti-cheat wasn't always there and won't be effective in the future with new AI-powered cheats growing.

      • ramon156 2 days ago ago

        Cheaters are a problem, that's the focus you should be taking, not that KAC is an overreach. Everyone knows its not a solution.

        Writing an article about a problem without addressing the problem shows the author never had the problem i. The first place

      • fastball 2 days ago ago

        The analogy of Chesterton's Fence does not imply / require that the fence has been "always there".

  • sgjohnson 2 days ago ago

    I’m actually surprised how a lot of commenters here are defending kernel-level anticheat.

    • throwing_away 2 days ago ago

      Same. I write cheats for CS2 for my own amusement and it's 100% detectable by replay analysis.

      If I'm reacting to information that I shouldn't have at a rate much much greater than the general population, then I'm not psychic, I'm just cheating.

      This is also true for aiming, spray control, etc. All current cs2 cheaters are producing a very large and detectable audit trail of very suspicious plays in game, even if they think they're being sneaky. The resolution of the data looks like keeping track of your location and where you're aiming about every 15ms.

      Here's some recent research that's related: https://arxiv.org/html/2508.06348v1

      I can hide from a kernel module, but I can't hide from my own data trail.

      There's only really two paths:

      * We do kernel anti-cheat in trusted execution environments, which is bad for all the reasons in the article. When I break through this, you'll get the full "having a cheater" experience in your game.

      * We do AI/ML heuristic-based detection to the point where cheaters are forced to behave exactly like non-cheating teammates or risk detection, cheating maybe only 10-20% above their previously established skill patterns. When I break through this, you'll have a normal game and I'll be kind of bored and nobody will be having the "cheaters in my game" experience even though I'm actually cheating.

      In either case, I'm still going to try and beat the system for fun. Because video games.

      • myrmidon a day ago ago

        Heuristic detection is iffy IMO, because while this might look trivial now (=> before cheaters optimize for it) false positives could easily ruin the user experience after a few rounds of cat & mouse: Even if you manage to keep sensitivity high (detecting >90% of cheaters), if you have like single digit percentages of cheaters and false positives, a lot of your bans are innocent.

        If you keep the heuristics "tolerant", on the other had, you end up perpetually chasing in a cat-and-mouse game, and a lot of cheaters go undetected inbetween detection upgrades.

        I feel heuristic detection is a "metagame" that developers don't really want to engage in, because you basically can't really win and it's perpetual work/spending.

        • ffaccount2 7 hours ago ago

          Even better way to think of false positives: If you judge 0.1% of players wrong, you just banned A LOT of innocent players.

      • Hikikomori 2 days ago ago

        Valve has already discussed using ai? There's also some commercial alternatives. I haven't seen that it works well yet, so it doesn't seem easy to solve.

        But it seems that will just push cheat devs to adjust their aimbot to become more human in behavior? For the average gamer the top 0.1% will look like cheaters anyway.

    • sushid 2 days ago ago

      Have you played games with a ton of cheaters? It's infuriating, and I'm glad that kernel-level anti-cheat makes it such that you can have an enjoyable gaming experience. Now, I no longer play competitive shooters due to my age, but this was a huge issue back in the day.

      • Akronymus 2 days ago ago

        On private/community hosted/moderated servers my experience was that cheating was mostly a non-issue. Only with the advent of forced matchmaking/only official servers and such has it become a real problem.

        • ThatPlayer a day ago ago

          You might not have noticed, but that's also where anti-cheats started. All 3rd party anti-cheats started on community servers because well you aren't getting them into official servers easily. And then game developers saw that and integrated it for the users. Quake 3 even had Punkbuster added at some point for example.

          Plenty of modern community servers still do the same. Face-it servers for Counter-Strike 2 will have additional anticheat, not less. Modded Grand Theft Auto V servers, FiveM, built their own anticheat they call adhesive before RockStar ever added anticheat to the full game, and this prevents it from running on Linux to this day.

        • 2 days ago ago
          [deleted]
        • dannersy 2 days ago ago

          I think this is the answer. You get a lot more false positives, but at least the players can do something about it and aren't at the mercy of devs who can stop support at any time and also are fighting a losing battle.

        • iscoelho 2 days ago ago

          That's a different type of game entirely. Private/community servers cannot be competitive at the scale of modern competitive games.

          • slumberlust a day ago ago

            Why? I have a hard time imagining anyone would care more about the integrity of the game than the community. Private servers are an IP play, allowing companies to pull the plug completely when it is convenient for them.

            • vel0city a day ago ago

              Say you've got a game that's specifically designed for 5v5 play. In this game, things become imbalanced and overly chaotic when there's more than that many players, the main game mechanics start to fall apart.

              So now let's say you only have private servers. A bunch of 10-seat servers, and each match takes ~30-40 minutes. How does this work in practice? You have servers with like 8 or 9 players sitting around waiting, hoping for someone to join. How long will they sit there waiting? We potentially have hundreds of these partially filled servers waiting for other players to join. Wouldn't it be nice if there was some system that would automatically send people towards your nearly full server? Some kind of...matchmaking system?

              How do we ensure somewhat even levels of skill among those players? Some kind of system that tracked past performance against players of other skill levels and could help you find other players around your skill level? Some kind of service to help you find matches, like some kind of...matchmaking service?

              Not all games need matchmaking services, I agree. A lot of games do benefit considerably from having matchmaking services.

      • HDBaseT a day ago ago

        Yes, but the problem is highly exaggerated and Counter Strike has multiple mechanisms for isolating or preventing cheaters, even outside of "traditional" anti-cheat tooling.

        I play at moderately high elo in Counter Strike (Faceit Level 10, 25k Premier) in a lesser populated region and even Valve matchmaking is mostly fine. I have a multi-thousand dollar inventory, old Steam account and over 7,000 hours in Counter Strike, all of these things (likely) impact my trust factor.

        Trust Factor doesn't detect cheaters, but it sure does expose me to way way less cheaters. It's pretty uncommon to see an obvious cheater in CS2, the number of closet cheaters likely increased. In CS:GO rage cheaters were more common, but they are (for the most part) detected a little bit better now.

      • sgjohnson a day ago ago

        Yes. I'm an avid Dota 2 player. I used to play the remastered CoD MWs too, and had a Counter-Strike phase as well.

        Cheaters using external tools in Dota are rare. Smurfs are a much bigger problem than scripters/maphackers.

        In my experience, MW and CS aren't that bad. I see a cheater only about once in 20 games.

        I also play online chess. No kernel level anticheat is going to help you there.

      • goolz a day ago ago

        I would much rather the games have cheaters than give someone like Riot access to Ring 0.

    • Hikikomori 2 days ago ago

      Most of the worries that people focus on already apply to programs running in userspace.

  • galkk 2 days ago ago

    > So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

    You’re not a gamer so you don’t have a word here. I was a competitive gamer and I would happily accept even the game where you need a government id to be allowed to play in ranked/matchmaking. I do dual boot for gaming/home stuff though.

  • _aavaa_ 2 days ago ago

    > So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

    Yeah except that’s not the options here. Even with ring-0 there are lots of cheaters. Without it the game would be completely infested with them.

    • bigstrat2003 2 days ago ago

      I would still rather have that than let some game run in ring 0 TBH.

      • anon7000 2 days ago ago

        I think that’s a choice people can make for themselves. Thing is, cheating is an existential threat to the entire business model. Games like Valorant rely on a player base that keeps coming back, and a competitive scene where if you work hard, you can move up the ranks and maybe even make money one day. Players quit over cheating. You log in, you play hard and good, but you just can’t win because there are cheaters. These are games you’re trying to be good at… It’s incredibly demoralizing. Happens enough times, and you’ll find a different game not plagued by the same issue. And then your game is dead. You make money off it being a live service, and so maybe your business is dead too.

        So it makes a lot of sense for a company releasing a new FPS game centered around competitive gaming to pull out all the stops to prevent that issue.

        Now, the bigger question here is why can I play a game like Overwatch 2 on Linux, but not Valorant? Does Overwatch have a bigger cheating problem? If not, then Valorant should take a look at why their anticheat is just as effective without requiring kernel access.

        • ryandrake 2 days ago ago

          > I think that’s a choice people can make for themselves.

          Users do not have meaningful choice. On most games that use Anticheat, it is required to play the game. I can’t choose to use a non-anticheat version of games. It’s either submit to it or don’t play. Not much of a meaningful choice.

          • cowthulhu 2 days ago ago

            That’s a fair point, but I think the issue is that the other players don’t want to play with you unless you’re running the anti cheat. Some games do have servers with anti cheat disabled, but a few minutes of playing on one of those servers will reveal why self-selecting into a population not running the anti cheat is not very fun.

            This is a long winded way of saying that there isn’t a good way to have a multiplayer game give you the choice while still being fun.

          • LoganDark 2 days ago ago

            This rhetoric comes up all the time. It goes like this: "if you don't like it, don't buy it." / "don't play it." / "find something else." It's everywhere: don't like non-repairable devices? Well don't buy those then. don't like proprietary operating systems? Well don't use those then. don't like games with anticheats? Well don't play those then. I've found this argument to be entirely antisocial because it completely ignores the biggest problem which is that the presence of those qualities entirely taints whatever it is attached to. The problem isn't that you can't use another operating system or play another game or buy another device. The problem is that operating systems and games and devices end up unusable. Sure you can start arguing about how most people don't care and will never care so it's not / will never be a problem, but at that point you are entirely leaving advice territory and entering cargo cult mentality.

            Here's an example. ARC Raiders recently added Denuvo. There's basically no game like it that doesn't have anticheat. None. You can't just go play another similar game that doesn't have anticheat, you just don't get to play those games

            Linux and some BSDs are basically the only free operating systems nowadays. Maybe HarmonyOS. Too bad most anticheats don't work with it, too bad most companies only release broken windows drivers and maybe mac drivers but not linux, etc etc. You just don't get to use that hardware or play those games or etc.

            Good luck getting anything like any iPhone or Android flagship that has a replaceable battery. When you choose something like pocophone you are giving up every piece of the bleeding edge to choose outdated components for their repairability. Which is repairable but not fast. Also depending on your choice of vendor you might lose out of netflix / google pay / etc because of course.

            Some like framework laptop can have better value for money because their upgrade model is to replace the entire computer (logic board) so they can still vertically integrate it / be decently fast. Nobody has tried that yet with phones

            It's terrible that we even have to deal with this. I don't want to be forced to accept an anticheat for games. I don't want to be forced to use any operating system for anything (even though I genuinely believe mac is best). I don't want to be forced to replace a whole device when the battery dies etc. Or spend hours removing dozens of tiny screws in order to do it myself. And I certainly wouldn't put up with a slower device just because it's repairable or just because of nearly anything ever.

            ARC Raiders once forced me to update windows because it was too outdated or something, one of the system DLLs expired from their allowlist or whatever. Nobody cares, I should be able to play on windows 10 as far as they're concerned. Windows updates are a hazard nowadays, asking someone to update is asking them to risk all their data. I do everything in my power to block windows update. I never asked and I never consented.

            Meanwhile I update all my apple devices the day each beta releases because apple is not a stupid bonehead

            • vel0city 2 days ago ago

              > I don't want to be forced to accept an anticheat for games.

              I don't want to be forced to play with cheaters due to some people's philosophical concepts of what software I should be allowed to run on my computer when there's technology to radically minimize their numbers for the games I'd like to play.

              If I want to have a computer that's locked down to be a platform for playing games online with a low likelihood of encountering cheaters shouldn't I have the freedom to be able to choose that?

              • laughing_man 2 days ago ago

                I don't think the vast majority of people who install anti-cheat realize the extent to which they're opening the security kimono.

              • LoganDark 2 days ago ago

                > If I want to have a computer that's locked down to be a platform for playing games online with a low likelihood of encountering cheaters shouldn't I have the freedom to be able to choose that?

                This is exactly why I choose Mac and iPhone. I actually trust Apple to do this. I do not however trust Microsoft or third-party app developers to do this. But I absolutely believe in that freedom and exercise it myself.

            • pibaker 2 days ago ago

              Comparing non reparable devices to games is a huge stretch. Not buying a phone or a car in many places means you can't get a job at all. But if you don't play games you lose little. There are more than enough games of all kinds to spend your time on. Plus you can always, you know, just stop staring at the screen and do something else.

              • LoganDark 2 days ago ago

                Low stakes vs high stakes version of the same problem. Sure it's not catastrophic if you simply can't play some or most games. But the basic idea is the same, and the common rhetoric is the same and the choices you're given are the same. Toxic thinking taints a product, making you no longer want to use it, but if you don't use it then you have to lose out on the entire product, not just the part you don't agree with. There are so many things out in the world, that are packaged together with such toxic thinking. So many things you have to miss out on, so many things you discover you'd otherwise want.

                It's related to an idea I've had for years. You know, I've always wanted a news site that only announces products that already exist. Like things you can actually buy. I'm so tired of hearing about new innovations that don't exist yet that I want to punch whoever posts about them. I'm so tired. I don't want to hear about the future ever again. I want to hear about the present. I want to hear about stuff I can actually buy.

                Likewise I am so tired of hearing about products that are harboring toxicity. I'll get so excited for something that seems so cool only to find out by surprise that I can't run it or wouldn't. And then I feel worse off than if I'd never heard of that thing.

                Yes there are some markets where you need something. Like now, if you're in the comcast monopoly you can no longer manage your network without a smartphone. They retired the website, and they ripped out big sections of the LAN admin panel with pointers to go to the app. If you don't have the app you just can't do it anymore. More of the world is becoming like this, it's so exhaustingly evil and it's so normalized that stuff like that's not even a footnote.

                I don't think the impact of not having a phone or car or etc matters in this discussion though. You can factor that into how badly you want/need one but in the end I'm talking about how shitty it is to have to miss out on something purely because it's tainted. Like if you miss out on a phone and you need one then you might be pretty sad you have to settle for something worse than what could've been possible. Same for a car or anything. It's just with a game you're not forced to pick an alternative and you can just be sad without having to settle for having to get something lesser. But being without the game you wanted is still sad. If that makes any sense.

                And I sometimes hear "vote with your wallet". Unfortunately the product I want doesn't exist so that's not possible. I can avoid paying for the one I don't want, but then I have nothing at all. And not paying for something has also never changed anything, since no one will think the same way I do, so I am the only possible difference. So I don't bother trying. A difference of 1 is so vanishingly insignificant that I couldn't even possibly be supporting anyone with all the purchases I've ever made, let alone hurting anyone with any of the purchases I could ever not make.

        • Thaxll 2 days ago ago

          Overwatch is a bit different though , it's not a pure hitscan fps such as valorant, cs or r6. Cheats in Overwatch are not as useful because the gameplay is different from other fps.

        • vel0city 2 days ago ago

          > Does Overwatch have a bigger cheating problem?

          Yes, considerably.

          One can also look at Counterstrike running on Valve's matchmaking which uses userland cheat detection versus Faceit's kernel level anticheats for the exact same game. It's been incredibly rare for me to run into obvious cheaters on Faceit but I'll often run into cheaters in Valve's matchmaking. It's the same game, the same executables.

          • laughing_man 2 days ago ago

            I finally stopped playing Counterstrike because of all the cheating. It was difficult enough to detect that I never knew when I got killed because someone was good, because they were lucky, or because they were cheating.

            • frollogaston a day ago ago

              Or smurfing. Whether someone is cheating or just insanely good, neither person is having fun. I learned a while back to simply avoid any video game marketed as "competitive" because it means people treat it like a job or sport.

              • laughing_man a day ago ago

                Heh. I used to play Dota back when the tournament prizes were really large. There were a lot of Asian guys trying to get rich as a professional playing on the US West server because the competition wasn't as fierce in the US. They would get so angry if you were on their team and weren't playing the way they thought you should.

      • jnwatson 6 hours ago ago

        You're not forced to buy the games that require it.

      • _aavaa_ a day ago ago

        Nobody is forcing you to play a game with kernel anti-cheat.

        I want to play the game, not deal with mass cheating. Unless the people against kernel-level anti cheat can provide an alternative with similar level of protection, there isn’t anything to discuss as far as I’m concerned.

  • wronex 2 days ago ago

    I play a lot. Competitive shooters mostly. Most of them are unplayable for one or two reasons. Cross play (controllers with aim assist) and cheaters. As a PC player I would like to see no aim assist and actual consequences for cheating. I’ll gladly verify my real world identity, if it meant cheaters where banned once and forever. I’ve heard this is how it works in Korea (claim not verified) and could see it work here too as most of Europe has access to very UX friendly state sponsored digital ID.

    If there were actual stakes to cheating, it would be less prevalent. Now you can create another account and keep playing. Often for free!

    On a side note. How come replay analysis doesn’t catch more cheaters?

    • iscoelho 2 days ago ago

      > "How come replay analysis doesn’t catch more cheaters?"

      1) There's too many players.

      2) Closet cheaters are extremely subjective: automated & manual moderation would be full of false positives. In these cases, functional anti-cheats actually serve to vindicate these players.

  • Thaxll 2 days ago ago

    Since you're not a gamer sorry but your opinion does not means much, you don't seem to realize how cheating is a problem in online games, it's not just an inconvenience, it kills games.

  • SomeHacker44 7 hours ago ago

    Is there some reliable tool which can list all the kernel anti cheat that may be installed on my Windows system, and the games I need to uninstall to remove them? Or remove them directly? Thanks!

  • grg0 2 days ago ago

    The tl;dr from the post is that kernel anti-cheat presents both an attack vector for malware and a backdoor for firms. The former is already known to be exploited.

    I don't know why comments here are so negative. PC gamers should be wary of installing this stuff, and PC users in general wary of attempts to lock down their computer. If game companies want a fully locked down PC, they already have one; it's called a console.

    • frollogaston 2 days ago ago

      There are people who treat their PC almost like a console, cause all they use it for is video games anyway, but they want more than what a console offers (and will spend a lot). They install whatever. Kernel anti-cheat isn't even the worst thing on those, that'd be Windows.

      It's fine. Personally I keep my Mac clean. It can play a few games, which is enough for me. I also found a spare PC in e-waste, and occasionally boot it up to play games in Win10, but wouldn't care if it died.

  • AgentMasterRace 2 days ago ago

    what a goof. yes it's a privacy risk, but so is half the things people do on the internet.

    cs2 is infested with hackers, arc raiders died because of hackers... many games I've played and loved are dead because of hackers.

    • vips7L 2 days ago ago

      Hackers were only one of the many straws that killed Arc Raiders. Mostly it was a dev team that didn’t care.

    • HDBaseT a day ago ago

      "CS2 is infested with hackers" is either cope OR you have low trust factor.

      • literallyroy 20 hours ago ago

        My NA experience was bad at top level premier (or was ~1 year ago).

        Why assume a large swath of the community is coping or low trust factor and that instead your experience is the only accurate one?

  • nhggfu a day ago ago

    online real-money and crypto poker sites have a big cheating problem too - and face similar issues for detection.

    Alarmingly the software for one popular operator has some very invasive features - verging on spyware - including harvesting screenshots of all screens (sent to some unknown biz in india, stored under "who-knows-what" security), hardware fingerprinting, and 'remote access' wired in for future releases.

    https://pokerindustrynews.com/features/coinpoker-anti-cheat-...

  • iscoelho 2 days ago ago

    In my opinion, the debate about kernel anti-cheat on Windows is disingenuous fear-mongering. I'm confused why Hacker News of all places misrepresents the technical details.

    You can already completely compromise the average user's privacy with an underprivileged process (nearly all of your personal information is accessible with zero privileges!), and you can already persist with administrator privileges (that is routinely given on Windows).

    In regard to the "RCE attacker risk", attackers can RCE to escalate just as easily into vulnerable Windows services (there's too many to count). Kernel drivers aren't that special.

    In regard to the "CrowdStrike risk", that's not privacy related and is extremely overblown.

    What exactly does a kernel driver change regarding privacy? Nothing I can think of.

    It's this simple: If games want your personal data, they don't need a kernel driver to get it.

    • ChocolateGod 2 days ago ago

      > In my opinion, the debate about kernel anti-cheat on Windows is fear-mongering

      I don't think a lot of people who complain about kernel anti-cheat actually play competitive games.

      • iscoelho 2 days ago ago

        I feel someone doesn't need to play competitive games to be able to give an honest assessment of the privacy & security risks.

        I'm sad I'm not seeing that honesty elsewhere in this thread.

        • Reubachi a day ago ago

          It certainly is helpful to understand the mindset of a person who: a.) their hobby is to play competitive games which mandate kernel level (or similar intrusive anti-cheat)

          b.) either accepts the requirements or builds sufficient security gapping to make it a nonconsideration.

          These people exist, and would say in an honest assesmment that the above behavior is no more rights-intrusive than what 99 percent of the tech absorbing population allow today.

          • frollogaston a day ago ago

            Exactly, those people are installing Windows in the first place, it's already an entire spyware OS. It doesn't matter cause they pretty much only use it only for games.

    • Hikikomori a day ago ago

      >You can already completely compromise the average user's privacy with an underprivileged process (nearly all of your personal information is accessible with zero privileges!), and you can already persist with administrator privileges (that is routinely given on Windows).

      Most complaints about kernel level are indeed about privacy, and as you say a user space process can already do so much that this argument is moot. Most people are not aware or ignore it to fear monger because anything kernel sounds really bad.

  • bob1029 2 days ago ago

    I don't think kernel goes far enough. We are pushing down the wrong path. We don't need kernel level anti cheats.

    I think there should be real world legal consequences for exploiting information systems like this. "Gaming" shouldn't magically exempt a business sector from reasonable protection against fraud and abuse. Just because it's easy to do or involves bits in a computer (that isn't physically on the game developer's premises) should not magically exempt bad actors from prosecution. Yes, it's your computer, those are technically your bits, but this is about how these things are used and the context within which they are.

    We have the CFAA in the US, but you'd need a fairly loose interpretation to cover most forms of cheating today. I don't really see the distinction between client and server when the actions taken on the client side cause a dramatic loss in quality of service for other clients connected to that same server or p2p relay.

    South Korea has laws on the books as of 2016.

    https://dotesports.com/overwatch/news/ow-hacker-sentenced-pr...

    • dTal 2 days ago ago

      No thanks.

      >We don't need kernel level anti cheats.

      More than that, they'd be illegal by your own standard, if applied fairly. You can't steal control of someone's computer just because they bought a game from you. That's a strictly more severe "exploit" with strictly more impact on "quality of service" than sending bogus data to a server. Cuts both ways.

      But we all know how it'd really play out. If lying to a server counts as "hacking", but corporate rootkits and locked bootloaders are fine, all you've really done is solidify "felony infringement of business model". You haven't protected anyone. Video games are a stupid thing to immolate computing freedom for.

    • giov4 2 days ago ago

      yes but you are going off topic, the point is companies installing low level malware on any gamer's system to prevent cheaters and monitoring all of them as a consequence. And not that there are not enough laws against cheaters and against people tampering with a software or system, also tampering imho has always been the base for the rest of the reversing :)

  • vel0city 2 days ago ago

    > I want to preface this with the fact that I’m not a gamer.

    So you're prefacing it as someone who has never really dealt with the games you like to play getting totally infested with and nearly unplayable with so many cheaters in practically every lobby.

    Its easy to think its something that's not needed if one never spends any time in the space.

    Do they stop all cheats? No. Do they make the bar extensively higher to cheat? Absolutely. Even they point this out: "A DMA cheat is a separate FPGA card that sits in a PCIe slot and reads the game’s memory directly over the bus, while a second computer processes what it sees and feeds back aim and wallhacks..." Any random person can go run some executable they found on a forum, what percentage of the playerbase has these FPGA cards and a second computer to properly run these cheats? And even then, more modern systems can even detect these kinds of things.

    Are there lots of problems with these anti-cheat platforms? Sure. Are they now often developed with ties to countries many wouldn't want have that deep of access to their computers? Sure. Is kernel-level anti-cheat overall as a concept overreach? Probably not for what a lot of players actively want. Players want systems to ensure everyone is playing on a somewhat equal playing field. Other than the games being rendered in the cloud I don't know any other real way to begin to enforce it.

    > I would rather share a match with the occasional cheater

    What if it wasn't "the occasional cheater" and instead was "nearly every match of every game you like to play"?

    • pibaker 2 days ago ago

      Yes, it is very rich for someone with no skin in the literal game to police what others do to their computers.

      I don't play any games that use anticheat. But I also don't go out of my way to tell other players who knowingly, consensually installs games with anticheat so they can play them. It's like saying it is an invasion of privacy for cycling athletes to be subjected to doping tests. It's their game. Why does it bother you?

      • frollogaston 2 days ago ago

        It's everyone's problem if those PCs get turned into a botnet, but otherwise whatever.

  • n3rv 2 days ago ago

    Letting RIOT into your ring ZERO is not a risk I'm willing to take.

    It just sits nagging in the back of your mind. So why take the risk.

    • Hikikomori 2 days ago ago

      Are you playing games on a different user? If not a user space program can already access all your files and memory of running processes.

      • giov4 a day ago ago

        yama? ptrace scope? namespaces? selinux? apparmor?

        of course depends also on system defaults, but then why I cannot dump ssh-agent process from same user?

        oh maybe that's also the reason why the move to the kernel level in general? or that's not necessary with different privileges and they could stay on user space without taking over kernel? (insert here philosoraptor meme pls)

        again having low leve drivers from external corps that could ready anything anytime from my system and exfiltrate without me even knowing is even more scary than running a recent microsoft os! and should be avoided if possible!

        • Hikikomori a day ago ago

          Talking about Windows here as we're discussing kernel anti cheat.

          >again having low leve drivers from external corps

          What do you think drivers are then?

      • frollogaston a day ago ago

        Userspace program at least needs admin privs to read others' memory, right?

        • Hikikomori a day ago ago

          That's the thing, they don't for processes of the same user.

  • AuthAuth 2 days ago ago

    >it hasn’t stopped cheating

    No but it has largely reduced it to where you can play competitively and not run into cheaters. Go play f2p csgo and enjoy a hacker in nearly every single game blatantly spinning in spawn head shotting everyone.

    • laughing_man 2 days ago ago

      It's hard to know. If I were cheating on a competitive server, I'd be using cheats that gave me an edge without making me dominant. That sort of thing is very difficult to detect.

      • AuthAuth a day ago ago

        But because you were cheating you'd be above your level. So there would be a mismatch somewhere. You'd need to vastly improve your aim to compensate for bad game sense or use wall hacks to compensate for bad map awareness. Either way its not to hard for people to notice if they watch a replay. Not many cheaters are doing tiny adjustments because that would suggest they're already at that skill level.

        • laughing_man 7 hours ago ago

          Oh, I agree that it only makes sense if you're already a world-class player playing other world-class players.

    • dannersy 2 days ago ago

      It doesn't take kernel level anticheat to detect that kind of behavior. This is just laziness.

  • josefritzishere a day ago ago

    That sounds like malware.

  • charcircuit 2 days ago ago

    The overreach of kernel anticheats that this article complains about can be done just as easily from user mode anticheats. It's not whether an anticheat is kernel mode or not for whether it is overreaching or not.

    >The hardware requirements lock out Linux and the Steam Deck

    Because their security is out of date. Meanwhile macOS has modern security good enough to not even require Vanguard to need kernel mode to be effective.

  • valentynkit 5 hours ago ago

    [dead]

  • facepalmz 2 days ago ago

    [flagged]