NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
Kernel Anti-Cheat Is an Overreach (nooneshappy.com)
km144 6 hours ago [-]
> So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

The article makes an argument that anti-cheat is not worth the trade-off, yet the author admits they are a non-gamer. Then they go on to present one example of anti-cheat that tells us all we need to know about actual gamers' preferences—FACEIT. For those who don't know, FACEIT is a third-party matchmaking service, primarily for CS2. People choose to go through the hoops of using third-party service that installs kernel-level anti-cheat on their computer because it helps to keep cheaters out of their games. This seems like pretty strong evidence that the author's argument is not a good representation of gamers' thoughts on this. I don't know what the actual solution is. I suspect if Valve made their own kernel-level anti-cheat people might trust it more, but it's still the same problem.

giov4 10 hours ago [-]
Uninstalled riot years ago, not playing games that dont run on linux with proton, problem solved and you should do the same.

Avoiding to play games that take over my system on a low-level is a no go, I can live without LoL or BF6 and I live even better :)

ignoring this problems means you don't care about your identity, data, privacy and you prefer to keep ignoring this and play the games that hype abd you like, but inside you know that long term your are profiled and such profiling will be used against you!

n3rv 8 hours ago [-]
Letting RIOT into your ring ZERO is not a risk I'm willing to take.

It just sits nagging in the back of your mind. So why take the risk.

Hikikomori 8 hours ago [-]
Are you playing games on a different user? If not a user space program can already access all your files and memory of running processes.
giov4 4 hours ago [-]
yama? ptrace scope? namespaces? selinux? apparmor?

of course depends also on system defaults, but then why I cannot dump ssh-agent process from same user?

oh maybe that's also the reason why the move to the kernel level in general? or that's not necessary with different privileges and they could stay on user space without taking over kernel? (insert here philosoraptor meme pls)

again having low leve drivers from external corps that could ready anything anytime from my system and exfiltrate without me even knowing is even more scary than running a recent microsoft os! and should be avoided if possible!

Hikikomori 3 hours ago [-]
Talking about Windows here as we're discussing kernel anti cheat.

>again having low leve drivers from external corps

What do you think drivers are then?

nubinetwork 9 hours ago [-]
> During setup, I did a clean Windows 11 install

> Unfortunately the install was legacy MBR

> I was forced to convert the disk with mbr2gpt and spent about an hour manually rebuilding the boot drive to work under UEFI.

I'm surprised Windows 11 even booted on MBR, I was under the impression that after 7 all Windows installs had to be GPT/EFI, regardless of whether secure boot was on or not.

ChocolateGod 18 hours ago [-]
> Riot went as far as pushing a UEFI firmware update to Valorant players to close a hardware attack — the first time an anti-cheat has reached below the operating system to change your firmware

I don't believe Vanguard did this at all? It told users they need to update their firmware to play, it didn't touch the firmware itself.

> Cheats started in user space, so anti-cheat moved into the kernel to see them. Cheats followed into the kernel, and then below it into hypervisors

I think cheats moved into kernel space before anti-cheats did.

glitchc 14 hours ago [-]
Almost all trainers from time immemorial operate in the kernel space because they require direct access to memory addresses. The whole cheats paradigm started with altering values stored at specific addresses. Alter the right value and the player character gets infinite ammo or lives or whatnot, and it went from there. Modern day cheats embed more sophisticated logic that ultimately boils down to altering locations in memory in a specific order, which brings me to my point:

An anti-cheat mechanism can always be defeated if the cheater can access a lower order of abstraction from the mechanism. An arms race is the inevitable outcome. It's either that or competitive gaming is not viable.

jjmarr 11 hours ago [-]
> An arms race is the inevitable outcome. It's either that or competitive gaming is not viable.

I'd rather just give my passport and do one of those face turning challenges to play competitive video games. Then if I get caught cheating, my real life identity can't play anymore, rather than make a new account and "get better at cheating".

If I am a habitual cheater in literally any other sport on Earth, governing body figures that out and issues me a lifetime ban. At that point, I'm blacklisted. Even my Tuesday night dodgeball league can issue bans that actually stick because they know my real identity.

ButlerianJihad 13 hours ago [-]
> The whole cheats paradigm

You are limited in envisioning a game where the client device is being trusted for ground truth about the game.

In client-server models, it is possible to limit trust such that many cheat modes and methods are impossible. Furthermore is the “remote GPU streaming” model like Stadia, which nearly obsoletes conventional techno-cheating, and likewise obsoletes kernel-mode anti-cheat.

jjmarr 11 hours ago [-]
You can buy an autoclicking device or software that recognizes screen pixels of enemy avatars and instantly clicks to kill them. This works in "remote streaming" situations and is ~30% of the cheating dataset detected by Riot's kernel level anticheat:

https://www.riotgames.com/en/news/vanguard-on-demand

> A “pixelbot” is a computer vision cheat that injects player input for the purposes of aiming at heads or casting spells with perfect timing. Coming in “external” (hardware microcontroller) and “internal” (python script) varieties, pixelbots can be extremely impactful in VALORANT due to the low time-to-kill, sometimes just simply pulling the trigger for the cheater when an enemy enters their reticle (also known as a “triggerbot”).

iscoelho 9 hours ago [-]
This isn't possible in Valorant. Their kernel module is extremely particular about input devices:

1) only allows a single mouse input device at a time

2) completely ignores virtual mouse input

3) flags "special"/"uncommon" input devices

Their anti-cheat is actually much more involved and effective than most would assume.

Hikikomori 8 hours ago [-]
Websites that sell DMA devices also sell devices that merge mouse usb and hdmi signals that allows you to run the cheat on another machine and let it display en ESP overlay and do aimbot. It's likely that a naive implementation of such an usb device would be detected. But can you create such a device that uses a normal mouse usb driver and looks like a normal mouse?
iscoelho 8 hours ago [-]
At least in Valorant, DMA is becoming impossible due to IOMMU / Memory Integrity enforcement. The only option is becoming pixel bots.

As for faking the input device: I'm sure it's possible, but I'm also sure that perfectly spoofing an input device is much easier said than done.

Even if it is possible, all they have to do is make it hard enough to where the percentage of players cheating is at the point where you will rarely if ever encounter a cheater in your matches. As far as I'm aware, Valorant is one of the only games that has accomplished that.

pona-a 9 hours ago [-]
But really, if HID becomes suspect too, then why do you even need kernel level anti-cheat, if all you can do is behavioral detection?
ChocolateGod 9 hours ago [-]
If you're in the kernel you at least have raw access to the USB controller and input events, thus can try pick out real mouses from fake ones.
pona-a 5 hours ago [-]
If the point of those events is to be registered by the game program, you already have all the data you need, otherwise you're building a keylogger.

The most the kernel can try to tell you is what's plugged in, but the cheater can easily make the fake HID interposed between the real keyboard and USB.

glitchc 4 hours ago [-]
User input is always sourced at the client device. There is no other source of truth, therefore any hacks that manipulate input will not be detected server-side. Additionally, using only the server state gives a distinct advantage to the better/faster connection. This was true in Quake 2, but games have become a great deal more sophisticated since then.
Hikikomori 9 hours ago [-]
Aimbot will always be possible, it only uses what you see. ESP/wallhack can be somewhat curbed and has already been done in cs and valorant, but it really only works well with small player count and simple geometry maps. Stadia is dead, but it and geforce now had way too much delay to be enjoyable for competitive games where anti cheats are needed.
iscoelho 8 hours ago [-]
Aimbot is actually very solvable!

1) When DMA is fully blocked, Aimbot resorts to being a pixel bot.

2) Once you're relying on a pixel bot, all the anti-cheat has to do is "bait" the bot. After you click the bait a few times, you're banned. (:

RuneScape is actually the pioneer of this technique.

myrmidon 5 hours ago [-]
Baiting alone is not a reliable long-term solution, because it both interferes with competitive games (a lot) and because it requires you to basically stay on top of a captcha escalation (especially once cheaters limit themselves to "realistic" reaction time constraints), and this is a bad position to be in (because it means continuous effort for the developer).

The most helpful approach in my view is to make fresh accounts expensive for cheaters so they can't iterate easily; if the game developer can extract profit from such ban circumvention attempts then all the better.

charcircuit 11 hours ago [-]
Windows has no security between processes reading and writing each other's memory as long as they are from the same user. You doing need kernel level access to do it.
glitchc 3 hours ago [-]
That hasn't been true since Windows 98/ME. Windows uses virtual addressing plus ASLR and DEP for process isolation/protection. See here:

https://learn.microsoft.com/en-us/windows-hardware/drivers/g...

ChocolateGod 2 hours ago [-]
You can use system APIs to get the memory space of another application in Windows as long as their run by the same user.

However iirc processes can opt out of this so only administrators can.

charcircuit 2 hours ago [-]
ReadProcessMemory and WriteProcessMemory are APIs Windows exposes for using other processes memory. Even if a process changes the default DACL to block it, admin level access can bypass it.

https://learn.microsoft.com/en-us/windows/win32/api/memoryap...

https://learn.microsoft.com/en-us/windows/win32/api/memoryap...

charcircuit 2 hours ago [-]
don't need
gopher_space 13 hours ago [-]
I mean the assumption here is that administration needs to be automated. Cheating is an intermittent problem at worst on moderated servers.
sitzkrieg 16 hours ago [-]
long beforehand naturally. the arms race is as good of an excuse as any to trample user rights though
galkk 9 hours ago [-]
> So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

You’re not a gamer so you don’t have a word here. I was a competitive gamer and I would happily accept even the game where you need a government id to be allowed to play in ranked/matchmaking. I do dual boot for gaming/home stuff though.

sgjohnson 14 hours ago [-]
I’m actually surprised how a lot of commenters here are defending kernel-level anticheat.
throwing_away 11 hours ago [-]
Same. I write cheats for CS2 for my own amusement and it's 100% detectable by replay analysis.

If I'm reacting to information that I shouldn't have at a rate much much greater than the general population, then I'm not psychic, I'm just cheating.

This is also true for aiming, spray control, etc. All current cs2 cheaters are producing a very large and detectable audit trail of very suspicious plays in game, even if they think they're being sneaky. The resolution of the data looks like keeping track of your location and where you're aiming about every 15ms.

Here's some recent research that's related: https://arxiv.org/html/2508.06348v1

I can hide from a kernel module, but I can't hide from my own data trail.

There's only really two paths:

* We do kernel anti-cheat in trusted execution environments, which is bad for all the reasons in the article. When I break through this, you'll get the full "having a cheater" experience in your game.

* We do AI/ML heuristic-based detection to the point where cheaters are forced to behave exactly like non-cheating teammates or risk detection, cheating maybe only 10-20% above their previously established skill patterns. When I break through this, you'll have a normal game and I'll be kind of bored and nobody will be having the "cheaters in my game" experience even though I'm actually cheating.

In either case, I'm still going to try and beat the system for fun. Because video games.

myrmidon 4 hours ago [-]
Heuristic detection is iffy IMO, because while this might look trivial now (=> before cheaters optimize for it) false positives could easily ruin the user experience after a few rounds of cat & mouse: Even if you manage to keep sensitivity high (detecting >90% of cheaters), if you have like single digit percentages of cheaters and false positives, a lot of your bans are innocent.

If you keep the heuristics "tolerant", on the other had, you end up perpetually chasing in a cat-and-mouse game, and a lot of cheaters go undetected inbetween detection upgrades.

I feel heuristic detection is a "metagame" that developers don't really want to engage in, because you basically can't really win and it's perpetual work/spending.

Hikikomori 8 hours ago [-]
Valve has already discussed using ai? There's also some commercial alternatives. I haven't seen that it works well yet, so it doesn't seem easy to solve.

But it seems that will just push cheat devs to adjust their aimbot to become more human in behavior? For the average gamer the top 0.1% will look like cheaters anyway.

Hikikomori 8 hours ago [-]
Most of the worries that people focus on already apply to programs running in userspace.
sushid 13 hours ago [-]
Have you played games with a ton of cheaters? It's infuriating, and I'm glad that kernel-level anti-cheat makes it such that you can have an enjoyable gaming experience. Now, I no longer play competitive shooters due to my age, but this was a huge issue back in the day.
Akronymus 11 hours ago [-]
On private/community hosted/moderated servers my experience was that cheating was mostly a non-issue. Only with the advent of forced matchmaking/only official servers and such has it become a real problem.
iscoelho 9 hours ago [-]
That's a different type of game entirely. Private/community servers cannot be competitive at the scale of modern competitive games.
slumberlust 7 hours ago [-]
Why? I have a hard time imagining anyone would care more about the integrity of the game than the community. Private servers are an IP play, allowing companies to pull the plug completely when it is convenient for them.
vel0city 5 hours ago [-]
Say you've got a game that's specifically designed for 5v5 play. In this game, things become imbalanced and overly chaotic when there's more than that many players, the main game mechanics start to fall apart.

So now let's say you only have private servers. A bunch of 10-seat servers, and each match takes ~30-40 minutes. How does this work in practice? You have servers with like 8 or 9 players sitting around waiting, hoping for someone to join. How long will they sit there waiting? We potentially have hundreds of these partially filled servers waiting for other players to join. Wouldn't it be nice if there was some system that would automatically send people towards your nearly full server? Some kind of...matchmaking system?

How do we ensure somewhat even levels of skill among those players? Some kind of system that tracked past performance against players of other skill levels and could help you find other players around your skill level? Some kind of service to help you find matches, like some kind of...matchmaking service?

Not all games need matchmaking services, I agree. A lot of games do benefit considerably from having matchmaking services.

dannersy 11 hours ago [-]
I think this is the answer. You get a lot more false positives, but at least the players can do something about it and aren't at the mercy of devs who can stop support at any time and also are fighting a losing battle.
10 hours ago [-]
cowthulhu 15 hours ago [-]
This article reminds me of Chesterton Fence - the author is complaining about something, without ever experiencing why it exists.
orbital-decay 3 hours ago [-]
I used to host pretty popular servers for several games (mostly the PvP survival kind), built a community around them, and developed custom admin software. It's hard to say I haven't experienced this first-hand, I fully understand the reasons for this to exist. Yet I 100% agree with the author, this went way too far long ago. This will NOT stop until the personal computers are forcibly locked into a fully attested hardware chain, for everyone not just gamers. The control over your personal computer will be eventually taken from you even if you never played a game in your entire life. And then cheats will simply move outside the machine entirely. No entertainment is worth it.

Starting from a certain point, the solution for cheating is better game design, more human involvement, and community building, not adding more restraints which will be circumvented in any case.

CursedSilicon 14 hours ago [-]
I must admit I immediately questioned the credibility of the article when the author admitted they "aren't a gamer" and then started making allusions to vague political threads. Not to say these criticisms aren't valid, but they're a weird jumping off point

The reality is none of the companies want to do these things. Every step in this process locks out some subset of customers. And that's not including the ones who meet the technical requirements but are turned off enough by the decision to just avoid the games anyway

They're an unfortunate response to how utterly profitable and expansive cheating in online games has become. They cost the companies precious development time that could be spent making the game better to instead make it just vaguely "playable" for normal people

orbital-decay 3 hours ago [-]
>The reality is none of the companies want to do these things. (...) They're an unfortunate response to (...)

This reasoning can be used to justify pretty arbitrary behavior, don't you think? Intent is irrelevant for malice, incentives are enough.

ronsor 14 hours ago [-]
Unlike the Fence, kernel anti-cheat wasn't always there and won't be effective in the future with new AI-powered cheats growing.
ramon156 12 hours ago [-]
Cheaters are a problem, that's the focus you should be taking, not that KAC is an overreach. Everyone knows its not a solution.

Writing an article about a problem without addressing the problem shows the author never had the problem i. The first place

fastball 12 hours ago [-]
The analogy of Chesterton's Fence does not imply / require that the fence has been "always there".
_aavaa_ 19 hours ago [-]
> So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

Yeah except that’s not the options here. Even with ring-0 there are lots of cheaters. Without it the game would be completely infested with them.

bigstrat2003 18 hours ago [-]
I would still rather have that than let some game run in ring 0 TBH.
anon7000 17 hours ago [-]
I think that’s a choice people can make for themselves. Thing is, cheating is an existential threat to the entire business model. Games like Valorant rely on a player base that keeps coming back, and a competitive scene where if you work hard, you can move up the ranks and maybe even make money one day. Players quit over cheating. You log in, you play hard and good, but you just can’t win because there are cheaters. These are games you’re trying to be good at… It’s incredibly demoralizing. Happens enough times, and you’ll find a different game not plagued by the same issue. And then your game is dead. You make money off it being a live service, and so maybe your business is dead too.

So it makes a lot of sense for a company releasing a new FPS game centered around competitive gaming to pull out all the stops to prevent that issue.

Now, the bigger question here is why can I play a game like Overwatch 2 on Linux, but not Valorant? Does Overwatch have a bigger cheating problem? If not, then Valorant should take a look at why their anticheat is just as effective without requiring kernel access.

ryandrake 16 hours ago [-]
> I think that’s a choice people can make for themselves.

Users do not have meaningful choice. On most games that use Anticheat, it is required to play the game. I can’t choose to use a non-anticheat version of games. It’s either submit to it or don’t play. Not much of a meaningful choice.

cowthulhu 15 hours ago [-]
That’s a fair point, but I think the issue is that the other players don’t want to play with you unless you’re running the anti cheat. Some games do have servers with anti cheat disabled, but a few minutes of playing on one of those servers will reveal why self-selecting into a population not running the anti cheat is not very fun.

This is a long winded way of saying that there isn’t a good way to have a multiplayer game give you the choice while still being fun.

LoganDark 15 hours ago [-]
This rhetoric comes up all the time. It goes like this: "if you don't like it, don't buy it." / "don't play it." / "find something else." It's everywhere: don't like non-repairable devices? Well don't buy those then. don't like proprietary operating systems? Well don't use those then. don't like games with anticheats? Well don't play those then. I've found this argument to be entirely antisocial because it completely ignores the biggest problem which is that the presence of those qualities entirely taints whatever it is attached to. The problem isn't that you can't use another operating system or play another game or buy another device. The problem is that operating systems and games and devices end up unusable. Sure you can start arguing about how most people don't care and will never care so it's not / will never be a problem, but at that point you are entirely leaving advice territory and entering cargo cult mentality.

Here's an example. ARC Raiders recently added Denuvo. There's basically no game like it that doesn't have anticheat. None. You can't just go play another similar game that doesn't have anticheat, you just don't get to play those games

Linux and some BSDs are basically the only free operating systems nowadays. Maybe HarmonyOS. Too bad most anticheats don't work with it, too bad most companies only release broken windows drivers and maybe mac drivers but not linux, etc etc. You just don't get to use that hardware or play those games or etc.

Good luck getting anything like any iPhone or Android flagship that has a replaceable battery. When you choose something like pocophone you are giving up every piece of the bleeding edge to choose outdated components for their repairability. Which is repairable but not fast. Also depending on your choice of vendor you might lose out of netflix / google pay / etc because of course.

Some like framework laptop can have better value for money because their upgrade model is to replace the entire computer (logic board) so they can still vertically integrate it / be decently fast. Nobody has tried that yet with phones

It's terrible that we even have to deal with this. I don't want to be forced to accept an anticheat for games. I don't want to be forced to use any operating system for anything (even though I genuinely believe mac is best). I don't want to be forced to replace a whole device when the battery dies etc. Or spend hours removing dozens of tiny screws in order to do it myself. And I certainly wouldn't put up with a slower device just because it's repairable or just because of nearly anything ever.

ARC Raiders once forced me to update windows because it was too outdated or something, one of the system DLLs expired from their allowlist or whatever. Nobody cares, I should be able to play on windows 10 as far as they're concerned. Windows updates are a hazard nowadays, asking someone to update is asking them to risk all their data. I do everything in my power to block windows update. I never asked and I never consented.

Meanwhile I update all my apple devices the day each beta releases because apple is not a stupid bonehead

pibaker 15 hours ago [-]
Comparing non reparable devices to games is a huge stretch. Not buying a phone or a car in many places means you can't get a job at all. But if you don't play games you lose little. There are more than enough games of all kinds to spend your time on. Plus you can always, you know, just stop staring at the screen and do something else.
LoganDark 15 hours ago [-]
Low stakes vs high stakes version of the same problem. Sure it's not catastrophic if you simply can't play some or most games. But the basic idea is the same, and the common rhetoric is the same and the choices you're given are the same. Toxic thinking taints a product, making you no longer want to use it, but if you don't use it then you have to lose out on the entire product, not just the part you don't agree with. There are so many things out in the world, that are packaged together with such toxic thinking. So many things you have to miss out on, so many things you discover you'd otherwise want.

It's related to an idea I've had for years. You know, I've always wanted a news site that only announces products that already exist. Like things you can actually buy. I'm so tired of hearing about new innovations that don't exist yet that I want to punch whoever posts about them. I'm so tired. I don't want to hear about the future ever again. I want to hear about the present. I want to hear about stuff I can actually buy.

Likewise I am so tired of hearing about products that are harboring toxicity. I'll get so excited for something that seems so cool only to find out by surprise that I can't run it or wouldn't. And then I feel worse off than if I'd never heard of that thing.

Yes there are some markets where you need something. Like now, if you're in the comcast monopoly you can no longer manage your network without a smartphone. They retired the website, and they ripped out big sections of the LAN admin panel with pointers to go to the app. If you don't have the app you just can't do it anymore. More of the world is becoming like this, it's so exhaustingly evil and it's so normalized that stuff like that's not even a footnote.

I don't think the impact of not having a phone or car or etc matters in this discussion though. You can factor that into how badly you want/need one but in the end I'm talking about how shitty it is to have to miss out on something purely because it's tainted. Like if you miss out on a phone and you need one then you might be pretty sad you have to settle for something worse than what could've been possible. Same for a car or anything. It's just with a game you're not forced to pick an alternative and you can just be sad without having to settle for having to get something lesser. But being without the game you wanted is still sad. If that makes any sense.

And I sometimes hear "vote with your wallet". Unfortunately the product I want doesn't exist so that's not possible. I can avoid paying for the one I don't want, but then I have nothing at all. And not paying for something has also never changed anything, since no one will think the same way I do, so I am the only possible difference. So I don't bother trying. A difference of 1 is so vanishingly insignificant that I couldn't even possibly be supporting anyone with all the purchases I've ever made, let alone hurting anyone with any of the purchases I could ever not make.

vel0city 14 hours ago [-]
> I don't want to be forced to accept an anticheat for games.

I don't want to be forced to play with cheaters due to some people's philosophical concepts of what software I should be allowed to run on my computer when there's technology to radically minimize their numbers for the games I'd like to play.

If I want to have a computer that's locked down to be a platform for playing games online with a low likelihood of encountering cheaters shouldn't I have the freedom to be able to choose that?

laughing_man 11 hours ago [-]
I don't think the vast majority of people who install anti-cheat realize the extent to which they're opening the security kimono.
LoganDark 14 hours ago [-]
> If I want to have a computer that's locked down to be a platform for playing games online with a low likelihood of encountering cheaters shouldn't I have the freedom to be able to choose that?

This is exactly why I choose Mac and iPhone. I actually trust Apple to do this. I do not however trust Microsoft or third-party app developers to do this. But I absolutely believe in that freedom and exercise it myself.

Thaxll 15 hours ago [-]
Overwatch is a bit different though , it's not a pure hitscan fps such as valorant, cs or r6. Cheats in Overwatch are not as useful because the gameplay is different from other fps.
vel0city 17 hours ago [-]
> Does Overwatch have a bigger cheating problem?

Yes, considerably.

One can also look at Counterstrike running on Valve's matchmaking which uses userland cheat detection versus Faceit's kernel level anticheats for the exact same game. It's been incredibly rare for me to run into obvious cheaters on Faceit but I'll often run into cheaters in Valve's matchmaking. It's the same game, the same executables.

laughing_man 11 hours ago [-]
I finally stopped playing Counterstrike because of all the cheating. It was difficult enough to detect that I never knew when I got killed because someone was good, because they were lucky, or because they were cheating.
_aavaa_ 4 hours ago [-]
Nobody is forcing you to play a game with kernel anti-cheat.

I want to play the game, not deal with mass cheating. Unless the people against kernel-level anti cheat can provide an alternative with similar level of protection, there isn’t anything to discuss as far as I’m concerned.

Thaxll 15 hours ago [-]
Since you're not a gamer sorry but your opinion does not means much, you don't seem to realize how cheating is a problem in online games, it's not just an inconvenience, it kills games.
wronex 10 hours ago [-]
I play a lot. Competitive shooters mostly. Most of them are unplayable for one or two reasons. Cross play (controllers with aim assist) and cheaters. As a PC player I would like to see no aim assist and actual consequences for cheating. I’ll gladly verify my real world identity, if it meant cheaters where banned once and forever. I’ve heard this is how it works in Korea (claim not verified) and could see it work here too as most of Europe has access to very UX friendly state sponsored digital ID.

If there were actual stakes to cheating, it would be less prevalent. Now you can create another account and keep playing. Often for free!

On a side note. How come replay analysis doesn’t catch more cheaters?

iscoelho 8 hours ago [-]
> "How come replay analysis doesn’t catch more cheaters?"

1) There's too many players.

2) Closet cheaters are extremely subjective: automated & manual moderation would be full of false positives. In these cases, functional anti-cheats actually serve to vindicate these players.

grg0 14 hours ago [-]
The tl;dr from the post is that kernel anti-cheat presents both an attack vector for malware and a backdoor for firms. The former is already known to be exploited.

I don't know why comments here are so negative. PC gamers should be wary of installing this stuff, and PC users in general wary of attempts to lock down their computer. If game companies want a fully locked down PC, they already have one; it's called a console.

frollogaston 13 hours ago [-]
There are people who treat their PC almost like a console, cause all they use it for is video games anyway, but they want more than what a console offers (and will spend a lot). They install whatever. Kernel anti-cheat isn't even the worst thing on those, that'd be Windows.

It's fine. Personally I keep my Mac clean. It can play a few games, which is enough for me. I also found a spare PC in e-waste, and occasionally boot it up to play games in Win10, but wouldn't care if it died.

iscoelho 9 hours ago [-]
In my opinion, the debate about kernel anti-cheat on Windows is disingenuous fear-mongering. I'm confused why Hacker News of all places misrepresents the technical details.

You can already completely compromise the average user's privacy with an underprivileged process (nearly all of your personal information is accessible with zero privileges!), and you can already persist with administrator privileges (that is routinely given on Windows).

In regard to the "RCE attacker risk", attackers can RCE to escalate just as easily into vulnerable Windows services (there's too many to count). Kernel drivers aren't that special.

In regard to the "CrowdStrike risk", that's not privacy related and is extremely overblown.

What exactly does a kernel driver change regarding privacy? Nothing I can think of.

It's this simple: If games want your personal data, they don't need a kernel driver to get it.

ChocolateGod 9 hours ago [-]
> In my opinion, the debate about kernel anti-cheat on Windows is fear-mongering

I don't think a lot of people who complain about kernel anti-cheat actually play competitive games.

iscoelho 8 hours ago [-]
I feel someone doesn't need to play competitive games to be able to give an honest assessment of the privacy & security risks.

I'm sad I'm not seeing that honesty elsewhere in this thread.

Reubachi 6 hours ago [-]
It certainly is helpful to understand the mindset of a person who: a.) their hobby is to play competitive games which mandate kernel level (or similar intrusive anti-cheat)

b.) either accepts the requirements or builds sufficient security gapping to make it a nonconsideration.

These people exist, and would say in an honest assesmment that the above behavior is no more rights-intrusive than what 99 percent of the tech absorbing population allow today.

Hikikomori 5 hours ago [-]
>You can already completely compromise the average user's privacy with an underprivileged process (nearly all of your personal information is accessible with zero privileges!), and you can already persist with administrator privileges (that is routinely given on Windows).

Most complaints about kernel level are indeed about privacy, and as you say a user space process can already do so much that this argument is moot. Most people are not aware or ignore it to fear monger because anything kernel sounds really bad.

bob1029 10 hours ago [-]
I don't think kernel goes far enough. We are pushing down the wrong path. We don't need kernel level anti cheats.

I think there should be real world legal consequences for exploiting information systems like this. "Gaming" shouldn't magically exempt a business sector from reasonable protection against fraud and abuse. Just because it's easy to do or involves bits in a computer (that isn't physically on the game developer's premises) should not magically exempt bad actors from prosecution. Yes, it's your computer, those are technically your bits, but this is about how these things are used and the context within which they are.

We have the CFAA in the US, but you'd need a fairly loose interpretation to cover most forms of cheating today. I don't really see the distinction between client and server when the actions taken on the client side cause a dramatic loss in quality of service for other clients connected to that same server or p2p relay.

South Korea has laws on the books as of 2016.

https://dotesports.com/overwatch/news/ow-hacker-sentenced-pr...

dTal 9 hours ago [-]
No thanks.

>We don't need kernel level anti cheats.

More than that, they'd be illegal by your own standard, if applied fairly. You can't steal control of someone's computer just because they bought a game from you. That's a strictly more severe "exploit" with strictly more impact on "quality of service" than sending bogus data to a server. Cuts both ways.

But we all know how it'd really play out. If lying to a server counts as "hacking", but corporate rootkits and locked bootloaders are fine, all you've really done is solidify "felony infringement of business model". You haven't protected anyone. Video games are a stupid thing to immolate computing freedom for.

giov4 10 hours ago [-]
yes but you are going off topic, the point is companies installing low level malware on any gamer's system to prevent cheaters and monitoring all of them as a consequence. And not that there are not enough laws against cheaters and against people tampering with a software or system, also tampering imho has always been the base for the rest of the reversing :)
AgentMasterRace 16 hours ago [-]
what a goof. yes it's a privacy risk, but so is half the things people do on the internet.

cs2 is infested with hackers, arc raiders died because of hackers... many games I've played and loved are dead because of hackers.

vips7L 13 hours ago [-]
Hackers were only one of the many straws that killed Arc Raiders. Mostly it was a dev team that didn’t care.
vel0city 18 hours ago [-]
> I want to preface this with the fact that I’m not a gamer.

So you're prefacing it as someone who has never really dealt with the games you like to play getting totally infested with and nearly unplayable with so many cheaters in practically every lobby.

Its easy to think its something that's not needed if one never spends any time in the space.

Do they stop all cheats? No. Do they make the bar extensively higher to cheat? Absolutely. Even they point this out: "A DMA cheat is a separate FPGA card that sits in a PCIe slot and reads the game’s memory directly over the bus, while a second computer processes what it sees and feeds back aim and wallhacks..." Any random person can go run some executable they found on a forum, what percentage of the playerbase has these FPGA cards and a second computer to properly run these cheats? And even then, more modern systems can even detect these kinds of things.

Are there lots of problems with these anti-cheat platforms? Sure. Are they now often developed with ties to countries many wouldn't want have that deep of access to their computers? Sure. Is kernel-level anti-cheat overall as a concept overreach? Probably not for what a lot of players actively want. Players want systems to ensure everyone is playing on a somewhat equal playing field. Other than the games being rendered in the cloud I don't know any other real way to begin to enforce it.

> I would rather share a match with the occasional cheater

What if it wasn't "the occasional cheater" and instead was "nearly every match of every game you like to play"?

pibaker 17 hours ago [-]
Yes, it is very rich for someone with no skin in the literal game to police what others do to their computers.

I don't play any games that use anticheat. But I also don't go out of my way to tell other players who knowingly, consensually installs games with anticheat so they can play them. It's like saying it is an invasion of privacy for cycling athletes to be subjected to doping tests. It's their game. Why does it bother you?

frollogaston 13 hours ago [-]
It's everyone's problem if those PCs get turned into a botnet, but otherwise whatever.
josefritzishere 5 hours ago [-]
That sounds like malware.
charcircuit 11 hours ago [-]
The overreach of kernel anticheats that this article complains about can be done just as easily from user mode anticheats. It's not whether an anticheat is kernel mode or not for whether it is overreaching or not.

>The hardware requirements lock out Linux and the Steam Deck

Because their security is out of date. Meanwhile macOS has modern security good enough to not even require Vanguard to need kernel mode to be effective.

AuthAuth 14 hours ago [-]
>it hasn’t stopped cheating

No but it has largely reduced it to where you can play competitively and not run into cheaters. Go play f2p csgo and enjoy a hacker in nearly every single game blatantly spinning in spawn head shotting everyone.

laughing_man 11 hours ago [-]
It's hard to know. If I were cheating on a competitive server, I'd be using cheats that gave me an edge without making me dominant. That sort of thing is very difficult to detect.
dannersy 11 hours ago [-]
It doesn't take kernel level anticheat to detect that kind of behavior. This is just laziness.
facepalmz 17 hours ago [-]
[flagged]
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 18:01:05 GMT+0000 (Coordinated Universal Time) with Vercel.