Kernel anti-cheat systems are currently the bane of Linux/Steam Deck gaming, haven’t actually proven to be effective at stopping cheaters (see Valorant for an example), and lead to various security concerns from giving 3rd parties full access to your machine to being used to install ransomware and malware.
Windows tried to restrict kernel access years ago, but backed down under pressure from various companies. However Crowdstrike’s outages have shown the sever consequences of leaving kernel access open, and we might finally see kernel access to be cut off.
If stopping any and all cheating 100% perfectly and forever is your only metric on “stopping cheating.” Then you have a distorted view on the effectiveness of current anti-cheat tools.
I mean Valorant has a lot of cheaters, it doesn’t really seem like kernel anti-cheat has been more effective than other forms of anti-cheat. There’s also an increasing number of hardware peripherals that offer cheating assistance, and these can’t be detected by kernel anti-cheat because the cheating happens on separate hardware.
My point is that kernel anti-cheat has major privacy and security tradeoffs, which is a steep cost to pay. A steep cost is only worth it if it has a significant benefit to the users, and in practice it doesn’t.
Have you considered that the reason cheaters have to go hardware level is because kernel level anti-cheats are effective at what they’re supposed to do?
I’ll also ask this question, what do you are the alternative solutions to client side anticheats?
I’m not against client side anti-cheats in general, but kernel level ones are too big of a security risk in my opinion.
The US government is banning apps like tiktok and considering banning DJI drones due to the amount of data they collect and send back to China. Several of the most popular games using kernel anti-cheat are all Chinese owned companies, and the whole point of kernel anti-cheat is that it has full access to your computer (making it hard to hide cheating). I have a strong suspicion that even if Microsoft doesn’t restrict kernel access, we may see government bans on some of these games.
I get the privacy issue but there’s effectively no non-kernel anticheats on the market. I think VAC doesn’t run in kernel level and CS is known to have a huge cheating issue, so much that competitive CS has spun off into third party provider who among other things uses a kernel level anticheat. You can’t be for client side anticheat and be against kernel anticheat. Non-kernel anticheat simply doesn’t do its job.
I can’t imagine how Microsoft locks down Kernel so that it’s also locked down for cheat developers (because they don’t really care about regulations). If it’s locked for anticheat developers but not for cheat developers then it’s going to end up being a bad time for us.
go look at some forums for cheating, and you will see that they really do not work very well. it may be a cat and mouse game, but there is constant reverse engineering work and development being done (some of which is even paid work for paid cheats), and there is pretty much always a solution for new anticheat measures that someone finds.
the only unbeatable anticheat is a server side one
Server side is beatable too.
My point is anti cheat will never be perfect, and you just rattled off a bunch of text to say that.
Anti-cheat efforts do make an impact on the pervasiveness and culture of cheating, general hacking and griefing.
Server side is beatable as in, you could inflate your skill to that of a professional player.
The optimal serverside anti cheat would be able to recognize what gameplay is human level, and what gameplay is impossible or very unlikely to be human, and make punishment decisions based on that.
Then, the best cheat would just be almost perfectly simulating a pro player, and at that point the cat and mouse game of anti cheat and cheating would be far far less relevant.
Something like blatant tf2 spinbotting, or scoping someones head through a wall right before peeking them in r6, are absolutely detectable serverside with heuristics or machine learning models or etc, and that should be worked on rather than embedding some spyware into my uefi firmware or whatever.
Anything is beatable, hackable and abusable given the time and resources, and it shouldn’t be my system because some idiotic management took the decision to enforce ring0 access anti cheat to ban some percent more hackers.
No one said that anti cheat efforts do not make an impact, but the impact of ring0 anti cheats is massively overrated
The op said they don’t stop cheaters. Implying it makes zero impact.
This is what OP said, and it’s completely correct. It’s not that much impact in comparison to “regular” anti cheat systems. And both of those only detect either cheap/bad or known hacks.
Server-sided and data based anti cheats is what would actually be a huge step up. You’re running a 8 K/D in a game where the best players are between 1-2? Banned. You just flicked two enemies within 100ms? Banned. Suspicious activity that’s not that blatant needs to be reviewed.
The thing is - that’s fucking expensive, complicated and needs to be done one a per-game basis, and since its just cheaper to throw you under the bus with a kernel anticheat and claim it’s the best one, that’s being done.
Read up on the dangers.
Even if we play make believe that they make any difference at all (they don’t), it would still be unforgivable to install malware on someone’s computer to prevent cheating in a computer game.
They do make a difference. I’ve been party to the difference that bringing these tools to a platform does.
Client side anti-cheat is inherently flawed. These games are asking an untrusted computer whether it is cheating. That’s like asking a known liar whether they’re lying at that moment. The one way to make it harder for the computer to “lie” is by increasing the permissions the AC has, which comes at the cost of privacy for people with the game, and security for every Windows user (not just the ones with a certain game installed).
Client side anti-cheat can be poked and investigated locally, with no restrictions. All it takes a skilled enough cheater is time, and they will bypass it. The only way to test server side anti-cheat is by hopping in the game, trying to learn how it works, and trying to bypass it. That is a much more time consuming and expensive process.