It’s not just privacy. Kernel level anti cheat software opens up a new attack vector for malicious actors, e.g. your computer is less secure. Your system also becomes less stable and is prone to crash more often. This is all dependent on the skill of the software engineers writing the kernel level anti cheat of course.
Unfortunately, most software, if not most of modern IT is a house of cards.
Kernel level anticheat software opens up a new attack vector for malicious actors
This is one of my favorite techniques used by threat actors.
Essentially, for those of you who aren’t familiar with the BYOVDD technique, code is signed by companies when it is set to publish. This signature is proof that the company actually released the code, and generally, if the code is signed by someone you trust, it means that it doesn’t contain malware.
However, programmers are often bad about writing secure code. Security is hard, and kernel-level code is complex, so things slip through the cracks and the code becomes vulnerable to exploitation from the threat actor.
The fun part is when there is signed code that operates at the kernel level. To an OS and many security systems, signed code is good code. If a threat actor exploits signed code to arbitrarily do things like download and execute malware, or just behave maliciously, security software often throws up its hands and goes “Well, it is signed by a trusted company, it’s probably fine lol.” But because this code operates at such a privileged level, the amount of damage that can be done is devastating.
This was used in 2022 by threat actors to spread ransomware. The vulnerable kernel-level software they used was Genshin Impact’s anticheat.
Thankfully, crafting an exploit like this is pretty difficult to do, and since the signatures used for the code is revoked when malicious activity is seen, it is unlikely that you will see this specific technique used against you on your personal computer. But your IT and/or cybersecurity team might see the Helldivers anticheat used to ransom their systems sometime in the future.
I’m sorry to tell you this but once code has arbitrary code execution on your local device it’s already over, installing an anti cheat that is 100% necessary in today’s gaming landscape doesn’t change that at all. Name a single game with non verbal anti cheat that matters in 2024.
No. There’s a huge difference if a program runs in user space or ring 0. Depending on the security policies and admin rights management on your system, malicious software can’t do anything. If you, the user, blindly click “ok” in Windows UAC prompts or run sudo on Linux without thinking, that’s on you. However, kernel-level anti-cheat software always has access and thus is a much more dangerous and sought-after attack vector.
Hell, if you wanted to make extra sure you could spin up a VM with GPU pass-through and play on there. But this is also not possible with kernel-level anti-cheat software because most detect they’re being run in a VM and refuse to start the game.
That’s only the security side of things. If software has shoddy code it will at worst crash itself if it’s not interacting with drivers too much (like games and graphics drivers - and even then the crashes happen because of bugs in the drivers in the first place). If it’s ring zero it can make your system unstable, crashing your entire system and not just the software itself.
Regarding “games that matter”, define your benchmark.
Are we talking about games that have the absolute top financial success? Sure, it’s all the competitive matchmaking games that rely on a somewhat believable competitive integrity of their games. But then again, most kernel-level anti-cheat systems don’t even prevent cheating. It’s a never-ending cat-and-mouse game at the cost of the customer’s privacy, security and stability of their system. Riot themselves have a recent blog post detailing that 1 in 15 League of Legends games had cheaters/scripters on average. Not only that, their new-ish kernel-level anti-cheat Vanguard - like all others - has been defeated. So they need to update. Change methods. Become more invasive. Just never-ending. And new/changed code always has the potential for new bugs, bringing us full circle to security and stability problems.
Or are we simply talking about games that are fun for the individual? There’s a wealth of Singleplayer/Co-op and/or PvE only games that are successful without any kind of invasive anti-cheat.
To name a few (you only wanted one, but I’m in the mood): Cyberpunk 2077, Vampire Survivors (and all its offspring), Factorio, Satisfactory, Borderlands (1, 2, Pre-Sequel, 3, Tiny TIna’s Wonderlands), Skyrim, Fallout (3, 4, New Vegas), Starfield (I agree it was a flop, but it mattered), Baldur’s Gate 3 (which had incredible success).
Do I need to go on? This list isn’t even just a personal preference of mine. A lot of these titles were highly anticipated and are hugely successful.
So yeah, you should be sorry for spouting nonsense.
I thought as much. But I also believe you shouldn’t just let misinformation like that go unchallenged. Not for people like him of course, but for everyone else reading this trying to learn and/or form an opinion.
Ah yes, it’s a cat and mouse game so we should just stop trying huh?
Maybe we should stop testing for doping in professional sports completely because people beat the test haha.
It’s exactly for “competitive integrity” and providing a fair space that it’s necessary. Riots system while not perfect, is OUTSTANDING in valorant, compared to counterstrike. Join a game of Dust right now on csgo, I bet you get a blatant spin botter or something similar in the open lobby. Do people still slip through? Yes of course. 100% isn’t necessary, just enough that other systems like bans and reporting can be effective. League has tons of scripters and macro users it’s true, xereth bots are for whatever reason pretty popular. But it’s better then it was, and continues to work reasonably on things that aren’t some kids saved macro on his gamer mouse.
People cry about this every time. The biggest of course being when steam did it. I just did a search and wow no surprise who has it, exactly who I expect . Valorant, pubg, fortnite, apex, R6 siege, tons more (325+).
Cheaters destroy games. They destroy the in game economy, they destroy the sense of achievement for hard to attain goals, they destroy any sense of fairness in ranked or competitive play. Game developers are allowed to protect against it. If you’re going to cry over arbitrary lines in the sand, that’s on you. The rest of us will continue to play.
I even write bots for popular games that I play so it’s not like I’m not disadvantaged by this either. You just need to find some actual conflict in your life and stop making this such a big issue. Will some anti cheat make a mistake and crash some machines or something inevitably? Yes for certain. But people will be fine, and they will get absolutely dragged on social media, gamer news outlets, etc. It’s a non issue.
Ah yes, it’s a cat and mouse game so we should just stop trying huh? Maybe we should stop testing for doping in professional sports completely because people beat the test haha.
It’s a nice straw man you put up there. Nobody said to stop trying other than you. So far I’ve only been pointing out all the negatives that come with kernel-level anti-cheat software. The cat and mouse phrase was specifically used to demonstrate that the ongoing struggle leads to the need to update the anti-cheat software resulting in the potential for more bugs, in turn increasing the odds of running into security and stability problems. I’m arguing for other, less invasive anti-cheat measures which don’t put the end user under general suspicion and force them to grant absolute control over their system to a third party.
But while we’re at it, you raise a good point. Doping in professional sports is done only at a high level. If we were to compare kernel-level anti-cheat measures to doping tests: Imagine you join a tiny local sports club in the middle of nowhere. Not only would they require you to take doping tests, but they would also gain permanent entry to your home and install cameras and microphones everywhere, promising - fingers crossed - to only use their tools to see if you’re above board and not doping.
Having a third party have permanent entry to your home and constant surveillance sure sounds like a big security risk to me, especially when you consider that their measures aren’t 100% safe and can breached and abused by malicious actors. And yes, that is the equivalent of what is happening to your computer.
To reiterate: I’m not saying to let cheaters be and stop anti-cheat measures altogether. I’m arguing for less invasive and less dangerous anti-cheat software. Since the next three paragraphs you wrote are all about arguing against the straw man you put up, I’m ignoring those.
I even write bots for popular games that I play so it’s not like I’m not disadvantaged by this either.
I’m not sure why you wrote that. You’re part of the problem you helped to create and suffer from it, too. Do you want sympathy for suffering the consequences of your own actions?
You just need to find some actual conflict in your life and stop making this such a big issue. Will some anti cheat make a mistake and crash some machines or something inevitably? Yes for certain. […] It’s a non issue.
At this point, we’re entering personal opinion territory. For me, it is a big issue. Handing a third party the keys to my kingdom for a game seems wildly ignorant and naive to me. However, a lot of people simply don’t know about kernel-level anti-cheat, what they are and how they work. So I’m here to provide information which people can use to decide for themselves if they’re fine with it or not.
Personally, I value the privacy, security and stability of my system. You don’t and that’s fine. But I can still criticize the currently employed methods and hope to influence how things are done.
I mean look at Payday 2, it had a pretty big cheater problem. I agree that if it’s not PvP then you don’t need an aggressive anti cheat, but there should be some kind of “You’re using cheats? Can’t matchmake with legit players.” system.
None of this requires anything at the kernel level. It can be done entirely in userland. It is absolutely a violation of standard system security principles.
It’s a really fun game though so idk I don’t care (about the privacy concerns, your opinion is valid regardless)
It’s not just privacy. Kernel level anti cheat software opens up a new attack vector for malicious actors, e.g. your computer is less secure. Your system also becomes less stable and is prone to crash more often. This is all dependent on the skill of the software engineers writing the kernel level anti cheat of course.
Unfortunately, most software, if not most of modern IT is a house of cards.
This is one of my favorite techniques used by threat actors.
Essentially, for those of you who aren’t familiar with the BYOVDD technique, code is signed by companies when it is set to publish. This signature is proof that the company actually released the code, and generally, if the code is signed by someone you trust, it means that it doesn’t contain malware.
However, programmers are often bad about writing secure code. Security is hard, and kernel-level code is complex, so things slip through the cracks and the code becomes vulnerable to exploitation from the threat actor.
The fun part is when there is signed code that operates at the kernel level. To an OS and many security systems, signed code is good code. If a threat actor exploits signed code to arbitrarily do things like download and execute malware, or just behave maliciously, security software often throws up its hands and goes “Well, it is signed by a trusted company, it’s probably fine lol.” But because this code operates at such a privileged level, the amount of damage that can be done is devastating.
This was used in 2022 by threat actors to spread ransomware. The vulnerable kernel-level software they used was Genshin Impact’s anticheat.
Thankfully, crafting an exploit like this is pretty difficult to do, and since the signatures used for the code is revoked when malicious activity is seen, it is unlikely that you will see this specific technique used against you on your personal computer. But your IT and/or cybersecurity team might see the Helldivers anticheat used to ransom their systems sometime in the future.
Not to mention Sony itself has been busted multiple times installing goddamn rootkits
On audio CDs iirc.
That statement isn’t a theory and sounds more like a verifiable fact. Is that true more Helldivers 2?
I’m sorry to tell you this but once code has arbitrary code execution on your local device it’s already over, installing an anti cheat that is 100% necessary in today’s gaming landscape doesn’t change that at all. Name a single game with non verbal anti cheat that matters in 2024.
No. There’s a huge difference if a program runs in user space or ring 0. Depending on the security policies and admin rights management on your system, malicious software can’t do anything. If you, the user, blindly click “ok” in Windows UAC prompts or run sudo on Linux without thinking, that’s on you. However, kernel-level anti-cheat software always has access and thus is a much more dangerous and sought-after attack vector.
Hell, if you wanted to make extra sure you could spin up a VM with GPU pass-through and play on there. But this is also not possible with kernel-level anti-cheat software because most detect they’re being run in a VM and refuse to start the game.
That’s only the security side of things. If software has shoddy code it will at worst crash itself if it’s not interacting with drivers too much (like games and graphics drivers - and even then the crashes happen because of bugs in the drivers in the first place). If it’s ring zero it can make your system unstable, crashing your entire system and not just the software itself.
Regarding “games that matter”, define your benchmark.
Are we talking about games that have the absolute top financial success? Sure, it’s all the competitive matchmaking games that rely on a somewhat believable competitive integrity of their games. But then again, most kernel-level anti-cheat systems don’t even prevent cheating. It’s a never-ending cat-and-mouse game at the cost of the customer’s privacy, security and stability of their system. Riot themselves have a recent blog post detailing that 1 in 15 League of Legends games had cheaters/scripters on average. Not only that, their new-ish kernel-level anti-cheat Vanguard - like all others - has been defeated. So they need to update. Change methods. Become more invasive. Just never-ending. And new/changed code always has the potential for new bugs, bringing us full circle to security and stability problems.
Or are we simply talking about games that are fun for the individual? There’s a wealth of Singleplayer/Co-op and/or PvE only games that are successful without any kind of invasive anti-cheat. To name a few (you only wanted one, but I’m in the mood): Cyberpunk 2077, Vampire Survivors (and all its offspring), Factorio, Satisfactory, Borderlands (1, 2, Pre-Sequel, 3, Tiny TIna’s Wonderlands), Skyrim, Fallout (3, 4, New Vegas), Starfield (I agree it was a flop, but it mattered), Baldur’s Gate 3 (which had incredible success).
Do I need to go on? This list isn’t even just a personal preference of mine. A lot of these titles were highly anticipated and are hugely successful.
So yeah, you should be sorry for spouting nonsense.
They arent sorry and waisting your time was there goal. Thank you for a good write up regardless.
I thought as much. But I also believe you shouldn’t just let misinformation like that go unchallenged. Not for people like him of course, but for everyone else reading this trying to learn and/or form an opinion.
Ah yes, it’s a cat and mouse game so we should just stop trying huh? Maybe we should stop testing for doping in professional sports completely because people beat the test haha.
It’s exactly for “competitive integrity” and providing a fair space that it’s necessary. Riots system while not perfect, is OUTSTANDING in valorant, compared to counterstrike. Join a game of Dust right now on csgo, I bet you get a blatant spin botter or something similar in the open lobby. Do people still slip through? Yes of course. 100% isn’t necessary, just enough that other systems like bans and reporting can be effective. League has tons of scripters and macro users it’s true, xereth bots are for whatever reason pretty popular. But it’s better then it was, and continues to work reasonably on things that aren’t some kids saved macro on his gamer mouse.
People cry about this every time. The biggest of course being when steam did it. I just did a search and wow no surprise who has it, exactly who I expect . Valorant, pubg, fortnite, apex, R6 siege, tons more (325+).
Cheaters destroy games. They destroy the in game economy, they destroy the sense of achievement for hard to attain goals, they destroy any sense of fairness in ranked or competitive play. Game developers are allowed to protect against it. If you’re going to cry over arbitrary lines in the sand, that’s on you. The rest of us will continue to play.
I even write bots for popular games that I play so it’s not like I’m not disadvantaged by this either. You just need to find some actual conflict in your life and stop making this such a big issue. Will some anti cheat make a mistake and crash some machines or something inevitably? Yes for certain. But people will be fine, and they will get absolutely dragged on social media, gamer news outlets, etc. It’s a non issue.
It’s a nice straw man you put up there. Nobody said to stop trying other than you. So far I’ve only been pointing out all the negatives that come with kernel-level anti-cheat software. The cat and mouse phrase was specifically used to demonstrate that the ongoing struggle leads to the need to update the anti-cheat software resulting in the potential for more bugs, in turn increasing the odds of running into security and stability problems. I’m arguing for other, less invasive anti-cheat measures which don’t put the end user under general suspicion and force them to grant absolute control over their system to a third party.
But while we’re at it, you raise a good point. Doping in professional sports is done only at a high level. If we were to compare kernel-level anti-cheat measures to doping tests: Imagine you join a tiny local sports club in the middle of nowhere. Not only would they require you to take doping tests, but they would also gain permanent entry to your home and install cameras and microphones everywhere, promising - fingers crossed - to only use their tools to see if you’re above board and not doping. Having a third party have permanent entry to your home and constant surveillance sure sounds like a big security risk to me, especially when you consider that their measures aren’t 100% safe and can breached and abused by malicious actors. And yes, that is the equivalent of what is happening to your computer.
To reiterate: I’m not saying to let cheaters be and stop anti-cheat measures altogether. I’m arguing for less invasive and less dangerous anti-cheat software. Since the next three paragraphs you wrote are all about arguing against the straw man you put up, I’m ignoring those.
I’m not sure why you wrote that. You’re part of the problem you helped to create and suffer from it, too. Do you want sympathy for suffering the consequences of your own actions?
At this point, we’re entering personal opinion territory. For me, it is a big issue. Handing a third party the keys to my kingdom for a game seems wildly ignorant and naive to me. However, a lot of people simply don’t know about kernel-level anti-cheat, what they are and how they work. So I’m here to provide information which people can use to decide for themselves if they’re fine with it or not. Personally, I value the privacy, security and stability of my system. You don’t and that’s fine. But I can still criticize the currently employed methods and hope to influence how things are done.
Why do you need anti cheat in a co-op pve game anyway?!? 🤔
I mean look at Payday 2, it had a pretty big cheater problem. I agree that if it’s not PvP then you don’t need an aggressive anti cheat, but there should be some kind of “You’re using cheats? Can’t matchmake with legit players.” system.
There is no reason to use something as invasive as a kernel-level anti cheat to do this, especially in a co-op PVE game.
Definitely, but the person I replied to mentioned any type of anti-cheat in a PvE game.
To be able to play the game itself and not a different game someone else wants to force it to be?
None of this requires anything at the kernel level. It can be done entirely in userland. It is absolutely a violation of standard system security principles.