Kernel anti-cheat systems are currently the bane of Linux/Steam Deck gaming, haven’t actually proven to be effective at stopping cheaters (see Valorant for an example), and lead to various security concerns from giving 3rd parties full access to your machine to being used to install ransomware and malware.
Windows tried to restrict kernel access years ago, but backed down under pressure from various companies. However Crowdstrike’s outages have shown the sever consequences of leaving kernel access open, and we might finally see kernel access to be cut off.
MS had this implemented originally in NT4 then started allowing more drivers direct access for performance.
They tried again with VISTA but McAfee and Symantec cried to the EU and forced MS to back down.
Apparently apple got away with implementing it however.
Apple implemented a kernel API for security software and made it good enough that they forced their own tools to use the API.
MS’s own tools depended on kernel access but they tried locking out 3rd party vendors without building a replacement like Apple did.
McAfee and Symantec correctly pointed out how this would be using monopolist powers to block competitors.
Microsoft needs to shut up and do the work to make their kernel secure.