It's been a long time coming. I wonder if the overhead of user space interacting with the kernel api is gonna be noticeable.
>Another big area of Windows that uses kernel-level drivers is anti-cheating engines for games. Microsoft has been speaking with game developers about how to reduce the amount of kernel usage, but it’s a more complicated use case as cheaters often have to purposefully tamper with their machine to disable protections and get cheating engines running.
>“A lot of [game developers] would love to not have to maintain kernel stuff, and they are very interested in how they do that,” Weston says. “We’ve been talking about the requirements there, and I think we’ll have more to say on that in the near future.” Riot Games told me last year that it’s willing to follow potential Windows security changes and “recede from the kernel space.”
With anti-cheat the obvious (lazy, stupid) future is remote attestation. It's another way to kick the can down the road of actually going to "real" approaches to anti-cheat like less client trust, behavioral analysis, and statistics that you would have to do if you had no choice, like for online Chess games or something like that. Of course even for fast-paced games like FPS games, you can now cheat using a capture card, ML models and a fake HID keyboard/mouse device so I'm sure the arms race will evolve to include forced HDCP and signed, encrypted HID devices and other dumb bullshit before there is finally some realization that there is no longer any possible, reasonable way to shortcut anti-cheat anymore. The shortcuts are just too much cheaper and easier. (I'm sure we'll keep remote attestation anyways afterwards, because it's impossible to have nice things.)
I think a lot of these problems are exacerbated by the developers themselves. Dedicated servers were removed (so that games could be sunset-ed to avoid competing with sequels) erasing community and human moderation leaving players entirely dependent upon algorithms and spotty reporting. F2P games are pushed to get people on the micro-transaction treadmill which makes the cost of being cause nothing but also can create a financial incentive to cheat for items. Now everyone has to jump through a bunch of extra hoops because the control they demanded isn't enough to solve the problem they made worse with it. The answer is always to add more hoops.
Fly-by, but HDCP is already cracked. There's no shortage of HDCP strippers from AliExpress; although they use clever marketing terms to avoid spelling out the fact (presumably to avoid legal troubles)
Less client trust means some game designs are impossible. The latency caused by the speed of light leads to unacceptably bad player experiences if you don't trust the client, at least for shots from their p.o.v.
Personally I don't mind if fast-paced adversarial multiplayer FPS games stop existing, but that's a minority opinion.
Game clients need to have zero trust. there has never been a truly working anticheat that doesn't punish the user in some way.
Be it you can't game on Linux (steam deck) or if you have some specific software installed you're flagged as a cheater (autohotkey) or other dumb things.
That said even in some AAA games it feels like the game cheats anyway either intentionally or unintentionally (read about how modern warfare basically decides the outcome of an encounter before it happens to keep your k/d ratio close to 1)
> I wonder if the overhead of user space interacting with the kernel api is gonna be noticeable.
‘Luckily’, the overhead of antivirus software already can be quite high at times [1]. So, if this API can keep the number of kernel-userspace transitions down, I think the relative impact could be barely noticeable.
Anecdotally, for some gaming friends of mine, the only reason they maintain a Windows install is for games that don't run on linux/proton due to anti-cheat kernel integration. So for that portion of the population, it seems in Microsoft's interests to keep it going.
It's really the last thing that keeps any trustworthy source from recommending switching to linux for gaming without reservation. As soon as you want to play any competitive online multiplayer games, which to my understanding is the vast majority of people, you're going to have problems with some anti-cheat not working on Linux sooner or later.
I'm not saying it's the only thing that stops mass adoption of Linux for gaming, but I think we'd see a massive uptick very quickly, if this problem went away.
I’ve mostly just stopped playing online games with the public as anti-social sociopath cheaters have ruined the fun.
There’s one “solution” to cheating that publishes seem loathe to offer these days: server executables so people can host their own servers.
When I played BF1942, we just banned anyone we thought was cheating. Having a reputation for being actively moderated and typically cheater-free meant the server was popular and often full. When I ran a Minecraft server, I used a whitelist so it was a complete non-issue.
The only online game I still occasionally play is WoW where cheating is mostly non-existent and what cheating that does exist doesn’t typically affect the gameplay experience of normal players.
Excited for this and the anti-cheat systems moving out of the kernel. This should/would make it easier to emulate them on systems like Proton on Linux and thus push the world one step closer to having cross-platform (Windows, Linux, macOS?) multiplayer gaming. But maybe I'm too optimistic :)
Many of the more sophisticated video game cheats (not anti-cheats) run at the kernel level or lower (hypervisor, or even external hardware). So yes, I would say you are being too optimistic.
The value in anti-cheat systems is in being difficult to emulate. Once they become easy they will either have evolved into something even worse (for some definition of worse) or just stopped existing.
Following this with cautious but sizeable optimism. Great progress has been made in the printer and WiFi driver departments before, if they could actually deliver on this, that'd be ecstatic.
So after pondering this for a few days, why wouldn't the "easiest" anti-cheat, be to
a) have windows attest to the servers that its running in "secure" mode
b) have windows provide the ability to apps/games to run in a validated / secure mode, where the OS would not let things like debuggers and the like attach to the game, as well as validate the game executables and assets that are loaded. i.e. part of "A" would be attesting that the executable it loaded had a specific signature and the game itself would then test the signature of all the assets they load.
Crowdstrike deserved to go bankrupt for this nonsense, they weren't testing properly, and they rolled their crap update out to the whole world without a staged rollout or canary system: https://x.com/cyb3rops/status/1821096079372251203
Just googled their share price and they are 34% higher than they were before the shitstorm they caused.
Just like other security software that's big right now, I'm sure the news that it took down most of the IT systems on earth was great news to shareholders that the software had solid market penetration and most of all that even perhaps one of the biggest outages didn't cause people to leave.
The same with Zscaler - people about as far from tech I'm friends with complain to me about how much they hate it so you know /it's everywhere/
Oh come on, we all know and expect bugs, but this was something spectacularly bad. They caused the very thing people were paying them to try and defend from. This incident had very real and serious consequences. https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_ou...
You have to, because attackers aren't using canary systems. What good is it, if someone finds a new unauthenticated RCE in Windows, and you have to wait a week to make sure your detection method works correctly? By the time the week is over, every computer in the world already has the virus. And then you have to wait another week to test your removal tool.
I remember old setup wizards on Windows 9x that would commonly advise disabling any antivirus software before proceeding with an installation. Even back then, we knew those programs could break basic functionality like app installations, yet the platform owner never truly intervened.
This whole situation now feels like too little, too late. We currently have a vast market of "security" software built on top of their platform, and everyone is compelled to use it, often due to compliance requirements. Now, Microsoft has to walk on thin ice by restricting these "snake oil" vendors without getting into trouble for anticompetitive behavior by restricting a market on top of their platform that should have never existed in the first place.
Given my experience with the scammy, spammy, parasitic mess that have been the vast majority of antivirus software providers I've tried here and there, good riddance. Good to see this. Now what to do about the spammy, scammy, parasitic mess that is called Windows 11?
I installed Avira Free Antivirus for a day around three months ago, just to check something. When I uninstalled it, it left three browser extensions hidden somewhere on my system. I have several browser profiles, several user-data-dirs, and every time I create a new profile or install a new browser like Vivaldi, I get a popup pressuring me grant permission to those extensions.
Fuck these AntiVirus software vendors, they are just as much scum as the baddies are. What once was just Norton, today is everyone.
I'm glad that they're getting less access to the system, even if it's for another reason.
Readit News
>Another big area of Windows that uses kernel-level drivers is anti-cheating engines for games. Microsoft has been speaking with game developers about how to reduce the amount of kernel usage, but it’s a more complicated use case as cheaters often have to purposefully tamper with their machine to disable protections and get cheating engines running.
>“A lot of [game developers] would love to not have to maintain kernel stuff, and they are very interested in how they do that,” Weston says. “We’ve been talking about the requirements there, and I think we’ll have more to say on that in the near future.” Riot Games told me last year that it’s willing to follow potential Windows security changes and “recede from the kernel space.”
I hope it spreads to anti cheats as well.
Fly-by, but HDCP is already cracked. There's no shortage of HDCP strippers from AliExpress; although they use clever marketing terms to avoid spelling out the fact (presumably to avoid legal troubles)
Personally I don't mind if fast-paced adversarial multiplayer FPS games stop existing, but that's a minority opinion.
Be it you can't game on Linux (steam deck) or if you have some specific software installed you're flagged as a cheater (autohotkey) or other dumb things.
That said even in some AAA games it feels like the game cheats anyway either intentionally or unintentionally (read about how modern warfare basically decides the outcome of an encounter before it happens to keep your k/d ratio close to 1)
And the ultimate "cheat" would be an android hooked up to the computer and indistinguishable from a meat-based person :)
I don't play fps anymore not trying to cheat lol
‘Luckily’, the overhead of antivirus software already can be quite high at times [1]. So, if this API can keep the number of kernel-userspace transitions down, I think the relative impact could be barely noticeable.
[1] https://www.tomsguide.com/us/av-software-least-system-impact...:
“For example, McAfee Total Protection had a relatively light background impact, slowing down the Lenovo laptop by only 9% after installation”
I'm not saying it's the only thing that stops mass adoption of Linux for gaming, but I think we'd see a massive uptick very quickly, if this problem went away.
There’s one “solution” to cheating that publishes seem loathe to offer these days: server executables so people can host their own servers.
When I played BF1942, we just banned anyone we thought was cheating. Having a reputation for being actively moderated and typically cheater-free meant the server was popular and often full. When I ran a Minecraft server, I used a whitelist so it was a complete non-issue.
The only online game I still occasionally play is WoW where cheating is mostly non-existent and what cheating that does exist doesn’t typically affect the gameplay experience of normal players.
a) have windows attest to the servers that its running in "secure" mode b) have windows provide the ability to apps/games to run in a validated / secure mode, where the OS would not let things like debuggers and the like attach to the game, as well as validate the game executables and assets that are loaded. i.e. part of "A" would be attesting that the executable it loaded had a specific signature and the game itself would then test the signature of all the assets they load.
Just googled their share price and they are 34% higher than they were before the shitstorm they caused.
The same with Zscaler - people about as far from tech I'm friends with complain to me about how much they hate it so you know /it's everywhere/
This whole situation now feels like too little, too late. We currently have a vast market of "security" software built on top of their platform, and everyone is compelled to use it, often due to compliance requirements. Now, Microsoft has to walk on thin ice by restricting these "snake oil" vendors without getting into trouble for anticompetitive behavior by restricting a market on top of their platform that should have never existed in the first place.
Fuck these AntiVirus software vendors, they are just as much scum as the baddies are. What once was just Norton, today is everyone.
I'm glad that they're getting less access to the system, even if it's for another reason.