Steam store pages received a new Anti-cheat field. Disclosure is mandatory for kernel-level anti-cheat solutions. And recommended for other anti-cheat solutions (like server-side or non-kernel-level client-side).

The field discloses the anti-cheat product, whether it is a kernel-level installation, and whether it uninstalls with the product or requires manual removal to remove.

Screenshot of anti-cheat indications

  • Saik0@lemmy.saik0.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    12 days ago

    Stopping processes is actually a user space action. You can do it without admin rights btw. Even if it popped the admin screen that’s still not a kernel level action.

    Absolutely not. Task management is the job of the operating system/kernel. You can request to end a job/task. The kernel will do it on it’s own time. UAP prompts are attempts to elevate permissions so that you can access higher kernel calls.

    https://linux-kernel-labs.github.io/refs/heads/master/lectures/syscalls.html#linux-system-calls-implementation

    https://unix.stackexchange.com/questions/111625/how-does-linux-kill-a-process

    You can make requests the to the kernel. If you have permission/ownership to the process the kernel will work through the sigterm/sigkill to meet your request. It is not a user space action at all to kill a process, you make requests to the kernel to do it. Hell in linux it’s even more obvious as you can instruct the kernel on HOW you would like to kill the task and even then it may not follow your direction. https://www.man7.org/linux/man-pages/man1/kill.1.html with kill being a kernel tool. If you spawned the process, then you have permission/ownership to the process. But my point in the previous post was that anti-cheats can reach into the system, reading dlls and such that are absolutely NOT user space to begin with, require elevation beyond user space to install.

    Yeah that it’s considered malware. I did Google it and there’s nothing saying that.

    Seriously? You can’t find anything? You sure about that? Cause I can literally pull up thousands of articles and forum threads by literally typing “is vanguard anti-cheat malware?” or “is easy anti-cheat malware?”

    https://forums.malwarebytes.com/topic/288793-easy-anti-cheat-launcher-detection/

    Heuristics detect these things for what they are. Anti-virus software have to whitelist them because people choose to play the games anyway.

    https://www.techguy.org/threads/is-valorant-vanguard-a-malicious-rootkit-or-not.1267682/

    https://www.pcgamer.com/the-controversy-over-riots-vanguard-anti-cheat-software-explained/

    The name is appropriate, because Vanguard doesn’t just sniff around for cheats when Valorant is running: It starts up with Windows and keeps an eye on other processes whether or not you’re playing Valorant at the time. […] Vanguard detects software with vulnerabilities which could be exploited by cheat makers, and blocks some of it.

    https://www.sp-cy.com/article/is-valorants-anticheat-spyware/

    Vanguard cannot be easily fully disabled since after manually quitting the process, a system reboot will be required to be able to open Valorant again.
    The EULA prevents any legal recourse against Riot Games.
    Valorant/Vanguard sends encrypted data to Riot. Which is Chinese owned by a giant corporation called Tencent.

    Let’s attack this question from another perspective. Do you trust a games developer to properly develop kernel code? Most people BARELY trust Microsoft to do it these days. And you can’t review/evaluate it yourself at all. You have no fucking clue what they’re doing and never will. We’ve seen what happens when random companies inject shit into the kernel like crowdstrike did. You think that these anti-cheat softwares are acting in your interest when they’re being implemented and paid by a corporation? How can you look at these anti-cheats that have made backdoors on systems, cause people everywhere unstable kernels/BSODs, send data about your system without permission, interacts with software on your system that isn’t their code, etc… and say they’re not malicious?

    • GetOffMyLan@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      12 days ago

      Pretty much all code is making requests to the kernel. That isn’t what is happening here.

      It’s side stepping the kernel. That’s the whole point. You don’t know what you’re talking about.

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        12 days ago

        Stopping processes is actually a user space action.

        Now you backpedal and say

        Pretty much all code is making requests to the kernel.

        But I don’t know what I’m talking about? Sure. We’ll go with that if it makes you feel good. I only literally taught it at a post-grad level at an R1 institution, but what do I know.

        It’s side stepping the kernel. That’s the whole point.

        You’re getting it! Kind of at least. The anti-cheat actually modifies the kernel (in an extension kind of way, like drivers do). That’s the point though. Which seems to have repeatedly whooshed over your head. But I can only say it in so many ways and be ignored. Good luck. Hope I don’t run into your code.

        • GetOffMyLan@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          12 days ago

          Not back peddling you are misunderstanding what kernel access means.

          You don’t need kernel level access (the thing we are literally discussing) to kill processes. Which was literally your example.

          Obviously the OS handles it. How the fuck else would it work?