I also always hear a lot of people complain about cheaters in Valorant, so all of that compromised personal security doesn't actually stop cheaters.
Honestly I feel like you should only use kernel anticheat on a dedicated machine that's kept 100% separate from any of your personal data. That's a lot to ask of people, but you really shouldn't have anything you don't consider public data on the same hardware.
> you should only use kernel anticheat on a dedicated machine that's kept 100% separate from any of your personal data.
Correct. Unfortunately, what you've just described is a gaming console rather than a PC. This problem fundamentally undermines the appeal of PC gaming in a significant way, imo.
We could have a better discussion around this if we recognize that failing to stop 100% of something isn't a prerequisite to rigorously evaluating the tradeoffs.
About halfway in the article, there's a brief nod to CS:GO. It uses a tick system and the server controls what is possible, such as physics or awarding kills. Fighting genre games use the same server-based game logic.
Cheating is a big draw to Windows for semi-pro gamers and mid streamers. What else is there to do except grind? Windows gives the illusion of "kernel level anti-cheat," which filters out the simplest ones, and fools most people some of the time.
But anti-cheat hasn't been about blocking every possible way of cheating for some time now. It's been about making it as in convenient as possible, thus reducing the amount of cheaters.
Is the current fad of using kernel level anti-cheats what we want? hell nah.
The responsibility of keeping a multi-player session clean of cheaters, was previously shared between the developers and server owners. While today this responsibility has fallen mostly on developers (or rather game studios) since they want to own the whole experience.
> Honestly I feel like you should only use kernel anticheat on a dedicated machine that's kept 100% separate from any of your personal data. That's a lot to ask of people, but you really shouldn't have anything you don't consider public data on the same hardware.
Wouldn't it be sufficient to simply have a minimal system installed on a separate partition or on a separate drive (internal or external). Boot that for gaming, and never give it the password for the encryption of your non-gaming volumes.
This is why (even though everybody hates my for saying this) - the only way to do security is by enforcing root of trust - which is why Windows 11 forcing secure boot and TPM is a necessary change.
The idea that we should allow arbitrary code execution at some point, then we claw back security by running mass surveillance on your PC is clearly insane.
The only way to go forward is what BF6 has done - ensure the PC is in a pristine state, and nothing bad was loaded in the kernel - which is ironically why their anticheats conflicted - they don't allow loading random crap in the kernel.
Not to mention, people who develop these invasive security modules don't have the expertise, resources or testing culture to muck about in the kernel to the degree they do.
As to how dangerous this actually got actually showcased by Crowdstrike last year.
> Honestly I feel like you should only use kernel anticheat on a dedicated machine that's kept 100% separate from any of your personal data. That's a lot to ask of people, but you really shouldn't have anything you don't consider public data on the same hardware.
Yes, and at that point, you may as well use Windows for that machine.
Strongly agreed. Some people want kernel-level anticheat for Linux. I think that's a huge mistake. Ideally, kernel-level anticheat would be done away with altogether. More realistically, I'm just going to avoid any games which use kernel-level anticheat, even if it means missing out.
I got roasted on linux subreddits for saying as much. We should not be encouraging this crap to come to Linux, it needs to go away for good.
IIRC, even Microsoft was getting fed up with hands in the kernel after Cloudstrike so we may see it disappear eventually if Microsoft starts cracking down.
The way I described it to a friend was to use this analogy:
Imagine you have someone over for game night, and before you play they say "Oh, by the way, I need the keys to the filing cabinet where you keep all your tax returns and whatnot." To which you might respond, "Wait, you need to read my tax returns before we can play this game?" And they say, "Oh, I'm not going to read them, I just need to hold the key while we play."
And you would rightly tell them to piss off and get out of your house, because that makes no sense. If you really wanted to torture the metaphor, you could I guess argue that they need full access to your house just in case you decide to pull some loaded dice out of the filing cabinet or something, but that's not really the important thing to me. The important thing is that, regardless of whether or not I trust the developer of the anti-cheat, the game just isn't that important.
2) The anti-cheat is the game's entire reason for being. It is the main focus of the development and marketing. People buy Valorant for the anti-cheat; they are willing to accept a kernel driver as a trade off for fairer competition.
Based on the install base and the level of access it could theoretically provide, I think a 0-day has a good shot at being worth more than $100k. Definitely worth more than that if you happen to know your high-value target plays League.
Fair competition is all well and good, but there are other ways to do it and I can already tell you that the war on kernel-level anti cheat is well under way. There are already people cheating in Valorant, and that will not slow down. If anything, it's going to get more common because cheaters and cheat creators are some of the most diligent people out there.
Honest question: do you segment your activities on your computer on different users?
No? In which case, what practical spyware risk does a kernel level driver add that user mode software can’t do?
User mode software can spy on your clipboard, surreptitiously take screenshots, and take data out of your system. That spooks me enough that, if I don’t trust a software manufacturer, I don’t install it. Kernel mode makes no practical difference in my security posture.
- Creating a unique ID that is directly bound to hardware.
- Accessing the memory of any process, including browsers or messengers.
- Installing persistent background processes that are hidden from the rest of the system.
But I think that's the wrong question. Talking about the kernel driver is a distraction.
The abuse scenario that I think is most likely would be that the game and/or anticheat vendor uses the hardware ID for user profiling instead of just ban enforcement, and that the "logging" functionality is coopted to detect software or activities that aren't related to cheats at all, but are just competition of the vendor or can once against be used for profiling, etc.
None of that strictly requires a kernel driver. Most of that stuff could be easily done with a usermode daemon. But under normal circumstances, there is no way I'd install such a program. Only in the name of cheat prevention, suddenly it gets permissible to make users install that stuff if all they want to do is play some game.
> User mode software can spy on your clipboard, surreptitiously take screenshots, and take data out of your system
Not on any properly secured Linux machine. But yes, it's generally a bad idea to install software you don't trust, a category that anticheats slot nicely into, given their resistantance to auditing and analysis.
This is adjacent to how Linux users claim their default system is inherently more malware-resistant than Windows, when either way you're trusting anything you run in user space with almost everything important.
It is the same stance as calling Windows games, developed for Windows, using DirectX, without any consideration of the studios to ever target GNU/Linux, even though they might actually target Android/Linux with other titles, Linux games.
Because somehow Proton is better than standing for actual GNU/Linux games.
So like IBM with OS/2 and Windows, studios keep ignoring Linux, and let Valve do whatever is needed, it is Valve's problem to sort out.
They don't audit them. Private cheat sellers user signed drivers because they have a small set of customers so they're unlikely to be reported or detected.
- … but successfully, more or less, prevents most cheating attempts which would also make the game unplayable regardless.
For anyone saying “just do server side,” no, it’s physically impossible to stop all cheating that way until we have internet faster than human perception.
I actually think this is one area where AI and statistics applied to player behavior are actually the right answer, similar to how they catch chess cheaters.
I've seen videos where cheats are particularly easy to detect if you are also cheating. I.e. when you have all the information, you can start to see players reacting to other players before they should be able to detect them. So it should be possible to build a repertoire of cheating examples and clean examples using high level players to catch a fair amount of cheating behavior. And while I understand that there are ways to mitigate this and its an arms race, the less obvious the cheats are, the less effective they are, almost by definition.
If someone is consistently reacting outside the range of normal human reaction times, they're cheating. If they randomize it enough to be within human range, well, mission accomplished, kind of.
If they're reacting to other players in impossible ways by avoiding them or aiming toward them before they can be seen with unusual precision or frequency, they're cheating.
A lot of complex game dynamics can be simplified to 2D vectors and it shouldn't be that computationally intensive to process.
Sure, but you could stop the most blatant wallhacks at least, but most times I see a video of a cheater, it's something stupid like that. It can't be that hard to do occlusion calculations server-side, right?
Was going to post this on a now-deleted comment about anticheat being a hard problem, so popping it here because it might be relevant:
Anticheat is only hard because people are looking for a technical solution to a social problem. The actual way to get a good game in most things is to only play with people you trust and, if you think someone is cheating, stop trusting them and stop playing with them.
This doesn't scale to massive matchmaking scenarios of course - and so many modern games don't even offer it as an option - so companies would have to give up the automatic ranking of all players and the promise of dopamine that can be weaponised against them, but it works for sports in the real world and it worked for the likes of Quake, UT, etc. so I don't think it's a necessarily bad idea. Social ostracism is an incredibly powerful force.
However, it does mean that the big publishers wouldn't have control over everything a player does. Getting them to agree to that is probably the real hard problem.
> Anticheat is only hard because people are looking for a technical solution to a social problem. The actual way to get a good game in most things is to only play with people you trust and, if you think someone is cheating, stop trusting them and stop playing with them.
As much as I reminisce about the days of private servers for Quake/2/3, UT99, CS1.6, etc., saying this is really ignorant of how modern gaming and matchmaking works. Some games would simply not be possible without public matchmaking; I don't care how much of a social butterfly you are, you are not going to get 99 friends to get a PUBG match going. Even getting 11 other people to run a game of Overwatch or CS would be a pain. Other games need public matchmaking to have a fair ranking system. You go onto say ranking is "weaponised" but, ranking is a feature, and a lot of people like that feature.
> However, it does mean that the big publishers wouldn't have control over everything a player does. Getting them to agree to that is probably the real hard problem.
The demand for anticheat, and matchmaking/ranking systems, are entirely player-driven, not publisher-driven. If developers and publishers could get away with only implementing player-managed servers and letting players deal with cheaters, they would! It's a lot less work for them.
As a sibling comment mentioned, even in the days of private servers you ended up with community-developed tools like Punkbuster. I remember needing to install some anti-cheat crap when I signed up for Brood War's private ICCUP ladder.
Large-player count community server driven games actually have a pretty big advantage compared to smaller player count ones: it makes it easier to have somebody with the permission to ban cheaters online at approximately all times.
Squad has 100 player games, and despite its anticheat having well-known bypasses, I don't see a lot of hacked client cheating. Why? Because I play on servers that consistently have a couple people online during the hours I play that ban anybody who cheats.
Community servers have a lot more moderators than the game devs could possibly afford, because they can build trust with volunteers.
> this is really ignorant of how modern gaming and matchmaking works.
If you listen to the people complaining about cheating... it doesn't.
> I don't care how much of a social butterfly you are, you are not going to get 99 friends to get a PUBG match going.
True, but my county is able to get more than that number of people into a cricket league. You don't need to personally know everyone, just be confident that there is a system of trust in place that would weed out any rotters. Is such a system going to be perfect? No, but neither are any of the top-down approaches attempted in videogames. At least this one doesn't require me to install an umpire in my home at all times.
> As a sibling comment mentioned, even in the days of private servers you ended up with community-developed tools like Punkbuster.
The difference is that you could have played the game without doing that. If you didn't trust the people on that server, how likely would you be to install those tools?
This. Back in the day, when you played an FPS on a private server, you'd also be able to observer other players when you died so cheating was discovered pretty quickly. When we had ranked clan matches there'd also be 3rd party observers both for fun (ranked matches were a bit event) and to look for signs of cheating.
> I don't care how much of a social butterfly you are, you are not going to get 99 friends to get a PUBG match going.
Good bot AI is the solution. Playing with 99 bots that you can be sure aren't cheating, is better than playing with 99 people you don't know who might be cheating.
My naive take is that technical solutions are possible, but critically they can’t be fully automated. The most effective anti-cheat solution possible probably looks something like a full-time in-house team comprised of seasoned ITSEC, data nerds, a couple of ML people, and a few devs. A team like that could probably pick out and boot cheaters with a very low rate of false positives given adequate data to crunch, and they’d only get better over time as they build a roster of patterns and behaviors to match against.
The problem is that this costs more than game companies are willing to spend, even when they’re raking in cash hand over fist. As long as the problem isn’t so bad that it’s making players quit, it’s cheaper to employ more automated, less effective strategies. The end goal isn’t player happiness, it’s higher profit margins.
I work on one of the games mentioned in this article and you're underestimating cheaters and cheat developers. We're doing this already and we're one of the smaller studios, so the larger studios are for sure doing it on a larger scale. Cheaters are still managing.
Always wondered if some distribute fake cheats that snitch or worse. That'd put the cheaters on defense instead of just offense. Yeah people can make their own, but most aren't.
I think this is the most reasonable take I've seen here. As my sibling comment mentions, people are already doing this. I think that - if anything - my point is that this is being done, but separately to the social element. You could get a hundred PhDs to look at the data and identify a cheater, but what you really want to avoid is someone that 9/10 people don't want to play with... and only the players can really tell you who that is. Data from the PhDs would help, though!
I've not really thought about it so deeply until right exactly now (thanks, all!), but I think doing so might have led me to a very unpopular opinion - I might be prepared to say that this problem can't be solved in an anonymous environment. Unless you have a reputation to ruin (or, say, an xbox account to lose), then being outed as a cheater costs you nothing. Again, this is incompatible with a lot of current multiplayer modes - and most of what I love about PC gaming - but, ultimately, I'd rather be judged by my peers than a rootkit.
I agree with you the issue is scale, but the scale when it worked was when gaming was niche. You can't put that back into the bottle.
The history of plenty of anticheats start with community servers, not matchmaking. Even Team Fortress Classic had enough of a cheating issue that community members developed Punkbuster, which went on to get integrated into Quake 3 Arena. A lot of 3rd party anticheats were developed in that era for community servers. BattlEye for BattleField games. EasyAntiCheat for Counter-Strike. I even remember Starcraft Brood War's 3rd party ICCUP server with 'antihack'.
You still see this today with additional anticheats on community server solutions. GTA V's modded FiveM servers had anticheats before it was added to the official game. CS2 Face-IT and ESEA servers have additional anticheats as people do not think VAC is effective enough.
There are quite a few games that are fun because they throw dozens of players into the same event. I don't have over 100 friends to play with, let alone over 100 friends I trust not to cheat.
For some games the small group approach works, but even a game as simple as Counter Strike requires at least a dozen players to make the most of.
That said, there are perverse incentives in many of the games hit worst by cheaters. Games that invent more and more prestigious rewards and titles for accounts that do well in hopes of them spending more money on microtransactions, or the microtransaction hell-holes like GTA Online that exist as a vessel to take your money more than to be of any fun. Adding upgrades and other desired items behind a gambling mechanic makes the whole ordeal extra shitty, praying on the psychological weaknesses of the unfortunate souls to get a digital gambling addiction so they can be sucked dry by billion dollar companies.
I've personally never run into anticheat issues because I find most of the games that require anticheat for online play just aren't worth the time and effort to play online in.
But still, the old SW Battlefront II wouldn't be fun without the massive online matches, and those require some form of anticheat to stay fun.
Making sure you can get enough people together for a game is one thing; making sure you can get enough people together for a game that you know aren't cheating is even harder. Most "friends" these days are online-only acquaintances that you simply can't know well enough to know if they're cheating or not. In the heat of the moment while playing a game it's tough to tell if someone's cheating or just good at the game. The toxicity of people being accused of cheating and defending themselves will quickly split apart any acquaintance group.
I think there's immense value in being able to just press a button and jump into a game, without having to actually know people and build up a community.
However, I wonder if you could have that while still removing features that make cheating seem appealing. For example, as you said, you can have games with randoms without an automatic ranking of all players. (Or maybe you rank players so you can match people of similar skill levels, but you don't tell anyone what their rank is.)
> For example, as you said, you can have games with randoms without an automatic ranking of all players
Good skill matching is one of the most important advancement in gaming over the last few decades. Being able to consistently play against people who are fair competition for you makes the games so much more fun, especially if you are much better or much worse than the average player. In the old days, you could alternate between opponents that were no challenge at all and opponents you would have no chance against; both types of games get old really fast.
In some ways, good skill matching can alleviate the harm cheaters do; if the cheating makes them way better than everyone else, then good matchmaking should start to match them up only against other cheaters. In many ways, this is the ideal scenario - cheaters play against each other, and everyone else plays against people who are close in skill level.
That still exists in many games with server browsers. The game just goes through the server list to find a populated one with low latency and “official” settings (ie not knife only or modded).
Works basically the same as matchmaking does now, albeit in only matching on server quality and not player skill.
> However, I wonder if you could have that while still removing features that make cheating seem appealing. For example, as you said, you can have games with randoms without an automatic ranking of all players.
This does not stop cheaters whatsoever. Anyone who played during the private server era of FPS in the late 90s/early 00s knows this; wallhacking, modified character models with big pointy spikes indicating player locations, aimbots, etc. ran rampant, even when nothing was on the line.
Thanks. Personally, I simply refuse to install games with anti-cheats, be it on Linux or on Windows. This mostly leaves me with FOSS games and small communities. For instance, Zero-K. Zero-K is curiously fine for large team games - you will usually find players to play with anytime - but if you are looking for PvP you have to be there when the right players are usually online. Being there and available for a game can be a way to contribute to a FOSS project too.
In some cases there are numerous public servers, which can mitigate the "player availability" problem.
Also, for these online FOSS games the servers are community-owned and moderated. Cheaters, trolls, inappropriate chats are monitored by someone who is interested in, and generally quite knowledgeable about, the game.
> The actual way to get a good game in most things is to only play with people you trust and, if you think someone is cheating, stop trusting them and stop playing with them.
One of the games mentioned in this article is Rust. Playing with only people you trust defeats the point because it's a game full of betrayal. At best you'll be able to get a group together once and then destroy your relationships more than Monopoly would.
I cannot agree. Getting a Quake game up in the early 2000s could take hours worth of sitting in IRC pickup channels, if it happened at all. I don't feel publishers are at fault here. I figure the vast majority of players would pick an instant game with potential cheaters over an hour wait for a 50% chance at a game.
That's because few people played Quake, it got elitist really fast. I had the same issue with it. I had zero issues with CS, though, finding a match was pretty easy. PUGs aren't a thing of the past, PUBG players used to do them for example.
So how am I supposed to play a game of PUBG if I don't have 99 friends who I trust not to cheat who also play it? How is any community going to establish and continuously monitor that their members don't cheat, while also allowing new members to join over time? I don't have a big group of friends who also like playing the same games I play at the same times I want to play, sounds like a total non-starter to me.
Targeting perfect fairness in a multiplayer video game with arbitrary latency between participants is a waste of energy. A much better target is to make it feel like no one is cheating. I don't really care too much if someone is actually better or worse than me at counterstrike. What I mostly care about is wildly implausible gameplay. No one is going to stop the guy who is getting a 5% gain on his ELO by using a 2nd computer, machine vision and a robot to move his mouse ever so slightly faster than he typically can.
However, there are ways to detect when someone is being an absolute madman with the hacks. We're talking head snapping through walls with 100% accuracy and instantaneous displacement across an entire 30 minute match. These people can simply be banned immediately by hardware/steam ID. We can write basic rules to detect stuff like this. There's no "confidence interval" for speed hacking through a map and awping the entire CT team in 3 seconds. You certainly don't need kernel drivers.
Or entire lobbies filled with bots with the same name that stand around doing nothing while one of them goes full spinbot, and auto kicks anyone who happens to join their lobby. Those bots I see week after week with the same accounts and no bans in sight.
Similar opinion on playing CS on lower rank levels few years ago, felt it's statistically improbable for MG level player to have HS% of 100% on rifle while also top-fragging. Even smurfs would spray situationally hence unlikely hit the head hitbox. I don't know if these players are purposefully put into low ELO so they get cleaned before annoying higher pools.
One way to do anti-cheat on linux without compromising the sanctity of your host kernel would be to run the game inside a hardware-protected VM.
Anti-cheat does not ordinarily like to run inside a VM, because then the hypervisor can do the cheating, invisibly to the kernel. However, technologies like AMD SEV can (in theory) protect the guest from the host, using memory encryption. (And potentially also protect from DMA-based cheats, too)
What you'd need is some way for the hardware to attest to the guest "yes, you really are running inside SEV".
Even with SEV, you need hardware passed through to the VM. That means either running two GPUs or hot-swapping the machine your GPU is connected to and hoping neither driver crashes and burns (which is what you can expect from any consumer GPU driver that tries to hotplug). The software will also break the moment someone finds yet another side channel attack to break memory encryption. Intel's attempts at secure hardware hypervisors failed so bad they took the hardware out of consumer chips.
In theory you could probably get it to work on some hardware given some boot configurations with some games, but what game developer is going to develop a bespoke Linux VM? And if not the game developer, what Linux developer is going to spend time developing a platform that caters to the wishes of closed-source, rootkit-driven anticheat developers?
I don't personally see an issue that my computer can't run literal rootkits being shipped with the game. But I concede that not everyone shares my preferences, and if you wish to run this malware you should be able to do so.
Bigger showstopper is probably that video game devs won't put energy into Linux support, unless we're talking about Android. Wine isn't going to translate the anticheat.
The dismissal of the security concerns is pretty shallow.
I don't know how many vulnerable drivers the average gamer has installed. I'm sure 'at least some' is a safe assumption.
The issue I have with this is that although it may be expected, I don't find it acceptable.
The article presents having this exploitable software on your computer as benign. I don't think that's a particularly healthy attitude, especially in an article oriented towards a more general audience.
The author hasn't had a problem with the anti-cheat software that they like. This is not an argument for why this is a good solution, or why kernel-level anti-cheat is not a security risk.
Further, normalising software vulnerabilities weakens whatever case is being made. The more acceptable it is to have broken, exploitable software installed, the more acceptable it will be to ship anti-cheat software that is broken and exploitable.
By the way, on trust: having trust in the vendor is ... inadvisable.
I'm not saying it's guaranteed to backfire, but it can only backfire in one direction.
The situation in which you trust an entity with goals that are (at best) unaligned with your own is better described as one where they have leverage over you.
I miss PUBG, but the fundamental purpose of anti-cheat software is to circumvent and curtail user freedom. I don't really want affordances for that in my OS.
Anti-cheat behaves exactly like malware. It inserts itself in your system in a privileged state to monitor your activity. It's only job is to spy on your behavior.
If you want to run it I don't see a problem. Use a dedicated machine. Lets call it a console. Use it exclusively to play online pvp. Don't use it for anything else.
Privacy and security conscious people who use Linux desktops as general purpose computing devices generally don't want anti-cheat systems on their computers. I have no problem with the technology existing for other people. Don't try and force me to use it or I won't support your games/service.
I think a lot of the posturing from game publishers about anti-cheat on linux is really about dissatisfaction with Valve's control of the platform and revenue cut. Competitors aren't prepared to invest in development to build a strong platform like Valve but they are jealous of Valve's income. Nerfing their product on Linux is likely a way of pushing people to other platforms. I don't know what they are smoking because Sony, Apple, Nintendo and Microsoft aren't going to be any better for them.
Readit News
So to sum up. Valorant's anti-cheat, which the author sees something like an ideal solution:
- starts up and loads its kernel driver on boot.
- generates a persistent unique ID based on hardware serial numbers and associates this with my game account.
- stays active the entire time the system is up, whether I play the game or not. But don't worry, it only does some unspecified logging.
- is somehow not a spyware or data protection risk at all...
Honestly I feel like you should only use kernel anticheat on a dedicated machine that's kept 100% separate from any of your personal data. That's a lot to ask of people, but you really shouldn't have anything you don't consider public data on the same hardware.
Correct. Unfortunately, what you've just described is a gaming console rather than a PC. This problem fundamentally undermines the appeal of PC gaming in a significant way, imo.
doesn't actually stop all cheaters.
We could have a better discussion around this if we recognize that failing to stop 100% of something isn't a prerequisite to rigorously evaluating the tradeoffs.
Cheating is a big draw to Windows for semi-pro gamers and mid streamers. What else is there to do except grind? Windows gives the illusion of "kernel level anti-cheat," which filters out the simplest ones, and fools most people some of the time.
But anti-cheat hasn't been about blocking every possible way of cheating for some time now. It's been about making it as in convenient as possible, thus reducing the amount of cheaters.
Is the current fad of using kernel level anti-cheats what we want? hell nah.
The responsibility of keeping a multi-player session clean of cheaters, was previously shared between the developers and server owners. While today this responsibility has fallen mostly on developers (or rather game studios) since they want to own the whole experience.
Wouldn't it be sufficient to simply have a minimal system installed on a separate partition or on a separate drive (internal or external). Boot that for gaming, and never give it the password for the encryption of your non-gaming volumes.
The idea that we should allow arbitrary code execution at some point, then we claw back security by running mass surveillance on your PC is clearly insane.
The only way to go forward is what BF6 has done - ensure the PC is in a pristine state, and nothing bad was loaded in the kernel - which is ironically why their anticheats conflicted - they don't allow loading random crap in the kernel.
Not to mention, people who develop these invasive security modules don't have the expertise, resources or testing culture to muck about in the kernel to the degree they do.
As to how dangerous this actually got actually showcased by Crowdstrike last year.
Yes, and at that point, you may as well use Windows for that machine.
IIRC, even Microsoft was getting fed up with hands in the kernel after Cloudstrike so we may see it disappear eventually if Microsoft starts cracking down.
Don't worry, it's owned by Tencent.
And you would rightly tell them to piss off and get out of your house, because that makes no sense. If you really wanted to torture the metaphor, you could I guess argue that they need full access to your house just in case you decide to pull some loaded dice out of the filing cabinet or something, but that's not really the important thing to me. The important thing is that, regardless of whether or not I trust the developer of the anti-cheat, the game just isn't that important.
1) There is a 100k bug-bounty on the anti-cheat: https://hackerone.com/riot?type=team
2) The anti-cheat is the game's entire reason for being. It is the main focus of the development and marketing. People buy Valorant for the anti-cheat; they are willing to accept a kernel driver as a trade off for fairer competition.
Fair competition is all well and good, but there are other ways to do it and I can already tell you that the war on kernel-level anti cheat is well under way. There are already people cheating in Valorant, and that will not slow down. If anything, it's going to get more common because cheaters and cheat creators are some of the most diligent people out there.
No? In which case, what practical spyware risk does a kernel level driver add that user mode software can’t do?
User mode software can spy on your clipboard, surreptitiously take screenshots, and take data out of your system. That spooks me enough that, if I don’t trust a software manufacturer, I don’t install it. Kernel mode makes no practical difference in my security posture.
- Creating a unique ID that is directly bound to hardware.
- Accessing the memory of any process, including browsers or messengers.
- Installing persistent background processes that are hidden from the rest of the system.
But I think that's the wrong question. Talking about the kernel driver is a distraction.
The abuse scenario that I think is most likely would be that the game and/or anticheat vendor uses the hardware ID for user profiling instead of just ban enforcement, and that the "logging" functionality is coopted to detect software or activities that aren't related to cheats at all, but are just competition of the vendor or can once against be used for profiling, etc.
None of that strictly requires a kernel driver. Most of that stuff could be easily done with a usermode daemon. But under normal circumstances, there is no way I'd install such a program. Only in the name of cheat prevention, suddenly it gets permissible to make users install that stuff if all they want to do is play some game.
Not on any properly secured Linux machine. But yes, it's generally a bad idea to install software you don't trust, a category that anticheats slot nicely into, given their resistantance to auditing and analysis.
Deleted Comment
Yes.
Because somehow Proton is better than standing for actual GNU/Linux games.
So like IBM with OS/2 and Windows, studios keep ignoring Linux, and let Valve do whatever is needed, it is Valve's problem to sort out.
For anyone saying “just do server side,” no, it’s physically impossible to stop all cheating that way until we have internet faster than human perception.
I've seen videos where cheats are particularly easy to detect if you are also cheating. I.e. when you have all the information, you can start to see players reacting to other players before they should be able to detect them. So it should be possible to build a repertoire of cheating examples and clean examples using high level players to catch a fair amount of cheating behavior. And while I understand that there are ways to mitigate this and its an arms race, the less obvious the cheats are, the less effective they are, almost by definition.
If someone is consistently reacting outside the range of normal human reaction times, they're cheating. If they randomize it enough to be within human range, well, mission accomplished, kind of.
If they're reacting to other players in impossible ways by avoiding them or aiming toward them before they can be seen with unusual precision or frequency, they're cheating.
A lot of complex game dynamics can be simplified to 2D vectors and it shouldn't be that computationally intensive to process.
Don't let perfect be the enemy of good.
https://www.youtube.com/watch?v=RwzIq04vd0M
It seems to me that kernel-level anti-cheat is little more than a speed bump for determined cheaters.
Anticheat is only hard because people are looking for a technical solution to a social problem. The actual way to get a good game in most things is to only play with people you trust and, if you think someone is cheating, stop trusting them and stop playing with them.
This doesn't scale to massive matchmaking scenarios of course - and so many modern games don't even offer it as an option - so companies would have to give up the automatic ranking of all players and the promise of dopamine that can be weaponised against them, but it works for sports in the real world and it worked for the likes of Quake, UT, etc. so I don't think it's a necessarily bad idea. Social ostracism is an incredibly powerful force.
However, it does mean that the big publishers wouldn't have control over everything a player does. Getting them to agree to that is probably the real hard problem.
As much as I reminisce about the days of private servers for Quake/2/3, UT99, CS1.6, etc., saying this is really ignorant of how modern gaming and matchmaking works. Some games would simply not be possible without public matchmaking; I don't care how much of a social butterfly you are, you are not going to get 99 friends to get a PUBG match going. Even getting 11 other people to run a game of Overwatch or CS would be a pain. Other games need public matchmaking to have a fair ranking system. You go onto say ranking is "weaponised" but, ranking is a feature, and a lot of people like that feature.
> However, it does mean that the big publishers wouldn't have control over everything a player does. Getting them to agree to that is probably the real hard problem.
The demand for anticheat, and matchmaking/ranking systems, are entirely player-driven, not publisher-driven. If developers and publishers could get away with only implementing player-managed servers and letting players deal with cheaters, they would! It's a lot less work for them.
As a sibling comment mentioned, even in the days of private servers you ended up with community-developed tools like Punkbuster. I remember needing to install some anti-cheat crap when I signed up for Brood War's private ICCUP ladder.
Squad has 100 player games, and despite its anticheat having well-known bypasses, I don't see a lot of hacked client cheating. Why? Because I play on servers that consistently have a couple people online during the hours I play that ban anybody who cheats.
Community servers have a lot more moderators than the game devs could possibly afford, because they can build trust with volunteers.
If you listen to the people complaining about cheating... it doesn't.
> I don't care how much of a social butterfly you are, you are not going to get 99 friends to get a PUBG match going.
True, but my county is able to get more than that number of people into a cricket league. You don't need to personally know everyone, just be confident that there is a system of trust in place that would weed out any rotters. Is such a system going to be perfect? No, but neither are any of the top-down approaches attempted in videogames. At least this one doesn't require me to install an umpire in my home at all times.
> As a sibling comment mentioned, even in the days of private servers you ended up with community-developed tools like Punkbuster.
The difference is that you could have played the game without doing that. If you didn't trust the people on that server, how likely would you be to install those tools?
Good bot AI is the solution. Playing with 99 bots that you can be sure aren't cheating, is better than playing with 99 people you don't know who might be cheating.
The problem is that this costs more than game companies are willing to spend, even when they’re raking in cash hand over fist. As long as the problem isn’t so bad that it’s making players quit, it’s cheaper to employ more automated, less effective strategies. The end goal isn’t player happiness, it’s higher profit margins.
I've not really thought about it so deeply until right exactly now (thanks, all!), but I think doing so might have led me to a very unpopular opinion - I might be prepared to say that this problem can't be solved in an anonymous environment. Unless you have a reputation to ruin (or, say, an xbox account to lose), then being outed as a cheater costs you nothing. Again, this is incompatible with a lot of current multiplayer modes - and most of what I love about PC gaming - but, ultimately, I'd rather be judged by my peers than a rootkit.
The history of plenty of anticheats start with community servers, not matchmaking. Even Team Fortress Classic had enough of a cheating issue that community members developed Punkbuster, which went on to get integrated into Quake 3 Arena. A lot of 3rd party anticheats were developed in that era for community servers. BattlEye for BattleField games. EasyAntiCheat for Counter-Strike. I even remember Starcraft Brood War's 3rd party ICCUP server with 'antihack'.
You still see this today with additional anticheats on community server solutions. GTA V's modded FiveM servers had anticheats before it was added to the official game. CS2 Face-IT and ESEA servers have additional anticheats as people do not think VAC is effective enough.
For some games the small group approach works, but even a game as simple as Counter Strike requires at least a dozen players to make the most of.
That said, there are perverse incentives in many of the games hit worst by cheaters. Games that invent more and more prestigious rewards and titles for accounts that do well in hopes of them spending more money on microtransactions, or the microtransaction hell-holes like GTA Online that exist as a vessel to take your money more than to be of any fun. Adding upgrades and other desired items behind a gambling mechanic makes the whole ordeal extra shitty, praying on the psychological weaknesses of the unfortunate souls to get a digital gambling addiction so they can be sucked dry by billion dollar companies.
I've personally never run into anticheat issues because I find most of the games that require anticheat for online play just aren't worth the time and effort to play online in.
But still, the old SW Battlefront II wouldn't be fun without the massive online matches, and those require some form of anticheat to stay fun.
However, I wonder if you could have that while still removing features that make cheating seem appealing. For example, as you said, you can have games with randoms without an automatic ranking of all players. (Or maybe you rank players so you can match people of similar skill levels, but you don't tell anyone what their rank is.)
Good skill matching is one of the most important advancement in gaming over the last few decades. Being able to consistently play against people who are fair competition for you makes the games so much more fun, especially if you are much better or much worse than the average player. In the old days, you could alternate between opponents that were no challenge at all and opponents you would have no chance against; both types of games get old really fast.
In some ways, good skill matching can alleviate the harm cheaters do; if the cheating makes them way better than everyone else, then good matchmaking should start to match them up only against other cheaters. In many ways, this is the ideal scenario - cheaters play against each other, and everyone else plays against people who are close in skill level.
Works basically the same as matchmaking does now, albeit in only matching on server quality and not player skill.
This does not stop cheaters whatsoever. Anyone who played during the private server era of FPS in the late 90s/early 00s knows this; wallhacking, modified character models with big pointy spikes indicating player locations, aimbots, etc. ran rampant, even when nothing was on the line.
In some cases there are numerous public servers, which can mitigate the "player availability" problem.
Also, for these online FOSS games the servers are community-owned and moderated. Cheaters, trolls, inappropriate chats are monitored by someone who is interested in, and generally quite knowledgeable about, the game.
One of the games mentioned in this article is Rust. Playing with only people you trust defeats the point because it's a game full of betrayal. At best you'll be able to get a group together once and then destroy your relationships more than Monopoly would.
However, there are ways to detect when someone is being an absolute madman with the hacks. We're talking head snapping through walls with 100% accuracy and instantaneous displacement across an entire 30 minute match. These people can simply be banned immediately by hardware/steam ID. We can write basic rules to detect stuff like this. There's no "confidence interval" for speed hacking through a map and awping the entire CT team in 3 seconds. You certainly don't need kernel drivers.
If you can cheat and get away with it, then you'll see streamers do it. That will tank confidence in your game.
It doesn't matter if cheating doesn't make you top the leaderboard. If you have global leaderboards, they will be dominated by cheaters.
I don't think rootkits are excusable but if the solution was simple they would do that.
https://safety.twitch.tv/articles/en_US/Knowledge/Community-...
https://www.youtube.com/watch?v=9alJwQG-Wbk
And how do you actually ensure a good hardware ID that can't be trivially modified?
Anti-cheat does not ordinarily like to run inside a VM, because then the hypervisor can do the cheating, invisibly to the kernel. However, technologies like AMD SEV can (in theory) protect the guest from the host, using memory encryption. (And potentially also protect from DMA-based cheats, too)
What you'd need is some way for the hardware to attest to the guest "yes, you really are running inside SEV".
In theory you could probably get it to work on some hardware given some boot configurations with some games, but what game developer is going to develop a bespoke Linux VM? And if not the game developer, what Linux developer is going to spend time developing a platform that caters to the wishes of closed-source, rootkit-driven anticheat developers?
That doesn't seem right. Hypervising is not a feature many consumers use, so why would they spend the money to include it in consumer chips?
Deleted Comment
I don't know how many vulnerable drivers the average gamer has installed. I'm sure 'at least some' is a safe assumption. The issue I have with this is that although it may be expected, I don't find it acceptable.
The article presents having this exploitable software on your computer as benign. I don't think that's a particularly healthy attitude, especially in an article oriented towards a more general audience.
The author hasn't had a problem with the anti-cheat software that they like. This is not an argument for why this is a good solution, or why kernel-level anti-cheat is not a security risk. Further, normalising software vulnerabilities weakens whatever case is being made. The more acceptable it is to have broken, exploitable software installed, the more acceptable it will be to ship anti-cheat software that is broken and exploitable.
By the way, on trust: having trust in the vendor is ... inadvisable. I'm not saying it's guaranteed to backfire, but it can only backfire in one direction. The situation in which you trust an entity with goals that are (at best) unaligned with your own is better described as one where they have leverage over you.
If you want to run it I don't see a problem. Use a dedicated machine. Lets call it a console. Use it exclusively to play online pvp. Don't use it for anything else.
Privacy and security conscious people who use Linux desktops as general purpose computing devices generally don't want anti-cheat systems on their computers. I have no problem with the technology existing for other people. Don't try and force me to use it or I won't support your games/service.
I think a lot of the posturing from game publishers about anti-cheat on linux is really about dissatisfaction with Valve's control of the platform and revenue cut. Competitors aren't prepared to invest in development to build a strong platform like Valve but they are jealous of Valve's income. Nerfing their product on Linux is likely a way of pushing people to other platforms. I don't know what they are smoking because Sony, Apple, Nintendo and Microsoft aren't going to be any better for them.