Kernel anti-cheat systems are currently the bane of Linux/Steam Deck gaming, haven’t actually proven to be effective at stopping cheaters (see Valorant for an example), and lead to various security concerns from giving 3rd parties full access to your machine to being used to install ransomware and malware.
Windows tried to restrict kernel access years ago, but backed down under pressure from various companies. However Crowdstrike’s outages have shown the sever consequences of leaving kernel access open, and we might finally see kernel access to be cut off.
Finally windows get some kind of improvement after going downhill so much.
what kills me is we Solved Cheating in the 90s and early 00s. It’s called dedicated servers. People would buy a game someone would setup a server and if you were a dick or cheat you would get kicked and each sever was like a community just like it is here.
But the companies want control they want to be able to shut download the game on their timetable and get you to buy the next game. A tool or system is never going to fix this people and breaking communities into manageable chunks can.
Hell back in the day servers were hacked on purpose to create new types of games. Anyone remember CS Surfing and Sniper only maps in TFC.
the point is people can hack away break the game beyond recognition but they can do that off in their own space.
Now I know that breaks global leader boards and other ego driven things but I’m just talking about having fun with games.
Those were the days for sure. Dedicated servers were fantastic, you’d often run across the same people in the same server as well and get to know folks. A community, like you said.
yeah remember heat.net?
I don’t but it’s probably pretty region dependent. In Australia I used to play on Internode servers a lot.
ah cool yeah it was this thing in the US where you connected into rooms that had dedicated servers attached to them but under the hood it was all peer to peer I think that would be a server browser for games that didn’t have that like quake, quake 2 and mechwarrior 2, decent. It was run by sega.
What made it crazy awesome is you generated points by logging in and playing to spend in the heat store and they sold like GPUs like voodoo 2 2000s and gaming mice, etc.
It all crashed in a blaze once people figured out you could just camp in games an minimize and keep generating points.
By that point Half-life and Quake 3 was out and had the server browser built in so it was on the way out anyway.
MS had this implemented originally in NT4 then started allowing more drivers direct access for performance.
They tried again with VISTA but McAfee and Symantec cried to the EU and forced MS to back down.
Apparently apple got away with implementing it however.
Apple implemented a kernel API for security software and made it good enough that they forced their own tools to use the API.
MS’s own tools depended on kernel access but they tried locking out 3rd party vendors without building a replacement like Apple did.
McAfee and Symantec correctly pointed out how this would be using monopolist powers to block competitors.
Microsoft needs to shut up and do the work to make their kernel secure.
If stopping any and all cheating 100% perfectly and forever is your only metric on “stopping cheating.” Then you have a distorted view on the effectiveness of current anti-cheat tools.
I mean Valorant has a lot of cheaters, it doesn’t really seem like kernel anti-cheat has been more effective than other forms of anti-cheat. There’s also an increasing number of hardware peripherals that offer cheating assistance, and these can’t be detected by kernel anti-cheat because the cheating happens on separate hardware.
My point is that kernel anti-cheat has major privacy and security tradeoffs, which is a steep cost to pay. A steep cost is only worth it if it has a significant benefit to the users, and in practice it doesn’t.
Have you considered that the reason cheaters have to go hardware level is because kernel level anti-cheats are effective at what they’re supposed to do?
I’ll also ask this question, what do you are the alternative solutions to client side anticheats?
I’m not against client side anti-cheats in general, but kernel level ones are too big of a security risk in my opinion.
The US government is banning apps like tiktok and considering banning DJI drones due to the amount of data they collect and send back to China. Several of the most popular games using kernel anti-cheat are all Chinese owned companies, and the whole point of kernel anti-cheat is that it has full access to your computer (making it hard to hide cheating). I have a strong suspicion that even if Microsoft doesn’t restrict kernel access, we may see government bans on some of these games.
go look at some forums for cheating, and you will see that they really do not work very well. it may be a cat and mouse game, but there is constant reverse engineering work and development being done (some of which is even paid work for paid cheats), and there is pretty much always a solution for new anticheat measures that someone finds.
the only unbeatable anticheat is a server side one
Server side is beatable too.
My point is anti cheat will never be perfect, and you just rattled off a bunch of text to say that.
Anti-cheat efforts do make an impact on the pervasiveness and culture of cheating, general hacking and griefing.
Even if we play make believe that they make any difference at all (they don’t), it would still be unforgivable to install malware on someone’s computer to prevent cheating in a computer game.
They do make a difference. I’ve been party to the difference that bringing these tools to a platform does.
Anything is beatable, hackable and abusable given the time and resources, and it shouldn’t be my system because some idiotic management took the decision to enforce ring0 access anti cheat to ban some percent more hackers.
No one said that anti cheat efforts do not make an impact, but the impact of ring0 anti cheats is massively overrated
The op said they don’t stop cheaters. Implying it makes zero impact.
haven’t actually proven to be effective at stopping cheaters
This is what OP said, and it’s completely correct. It’s not that much impact in comparison to “regular” anti cheat systems. And both of those only detect either cheap/bad or known hacks.
Server-sided and data based anti cheats is what would actually be a huge step up. You’re running a 8 K/D in a game where the best players are between 1-2? Banned. You just flicked two enemies within 100ms? Banned. Suspicious activity that’s not that blatant needs to be reviewed.
The thing is - that’s fucking expensive, complicated and needs to be done one a per-game basis, and since its just cheaper to throw you under the bus with a kernel anticheat and claim it’s the best one, that’s being done.
Server side is beatable as in, you could inflate your skill to that of a professional player.
The optimal serverside anti cheat would be able to recognize what gameplay is human level, and what gameplay is impossible or very unlikely to be human, and make punishment decisions based on that.
Then, the best cheat would just be almost perfectly simulating a pro player, and at that point the cat and mouse game of anti cheat and cheating would be far far less relevant.
Something like blatant tf2 spinbotting, or scoping someones head through a wall right before peeking them in r6, are absolutely detectable serverside with heuristics or machine learning models or etc, and that should be worked on rather than embedding some spyware into my uefi firmware or whatever.
Client side anti-cheat is inherently flawed. These games are asking an untrusted computer whether it is cheating. That’s like asking a known liar whether they’re lying at that moment. The one way to make it harder for the computer to “lie” is by increasing the permissions the AC has, which comes at the cost of privacy for people with the game, and security for every Windows user (not just the ones with a certain game installed).
Client side anti-cheat can be poked and investigated locally, with no restrictions. All it takes a skilled enough cheater is time, and they will bypass it. The only way to test server side anti-cheat is by hopping in the game, trying to learn how it works, and trying to bypass it. That is a much more time consuming and expensive process.
I read dilemma as diarrhea and didn’t think much of it…