Discussion summary

Discussions around kernel anti-cheat highlight concerns about overreach, effectiveness, and privacy risks. Some argue kernel anti-cheats are unnecessary or risky, while others see them as effective for reducing cheating.

What the discussion says

  • Kernel anti-cheats may be overreach and can be replaced by user-mode solutions.
  • Effectiveness of kernel anti-cheats in stopping cheating is debated.
  • Concerns about privacy and malware risks with kernel-level access.
  • Some believe legal consequences are better than kernel anti-cheats.
  • Detection of subtle cheating behaviors remains difficult.
Kernel anti-cheats can be done from user mode too.
charcircuit
It has largely reduced cheating in competitive play.
AuthAuth

Comments

Hacker News

The overreach of kernel anticheats that this article complains about can be done just as easily from user mode anticheats. It's not whether an anticheat is kernel mode or not for whether it is overreaching or not.

>The hardware requirements lock out Linux and the Steam Deck

Because their security is out of date. Meanwhile macOS has modern security good enough to not even require Vanguard to need kernel mode to be effective.

by charcircuit

>it hasn’t stopped cheating

No but it has largely reduced it to where you can play competitively and not run into cheaters. Go play f2p csgo and enjoy a hacker in nearly every single game blatantly spinning in spawn head shotting everyone.

by AuthAuth

It doesn't take kernel level anticheat to detect that kind of behavior. This is just laziness.

by dannersy

It's hard to know. If I were cheating on a competitive server, I'd be using cheats that gave me an edge without making me dominant. That sort of thing is very difficult to detect.

by laughing_man

That sounds like malware.

by josefritzishere

Letting RIOT into your ring ZERO is not a risk I'm willing to take.

It just sits nagging in the back of your mind. So why take the risk.

by n3rv

Are you playing games on a different user? If not a user space program can already access all your files and memory of running processes.

by Hikikomori

> I want to preface this with the fact that I’m not a gamer.

So you're prefacing it as someone who has never really dealt with the games you like to play getting totally infested with and nearly unplayable with so many cheaters in practically every lobby.

Its easy to think its something that's not needed if one never spends any time in the space.

Do they stop all cheats? No. Do they make the bar extensively higher to cheat? Absolutely. Even they point this out: "A DMA cheat is a separate FPGA card that sits in a PCIe slot and reads the game’s memory directly over the bus, while a second computer processes what it sees and feeds back aim and wallhacks..." Any random person can go run some executable they found on a forum, what percentage of the playerbase has these FPGA cards and a second computer to properly run these cheats? And even then, more modern systems can even detect these kinds of things.

Are there lots of problems with these anti-cheat platforms? Sure. Are they now often developed with ties to countries many wouldn't want have that deep of access to their computers? Sure. Is kernel-level anti-cheat overall as a concept overreach? Probably not for what a lot of players actively want. Players want systems to ensure everyone is playing on a somewhat equal playing field. Other than the games being rendered in the cloud I don't know any other real way to begin to enforce it.

> I would rather share a match with the occasional cheater

What if it wasn't "the occasional cheater" and instead was "nearly every match of every game you like to play"?

by vel0city

Yes, it is very rich for someone with no skin in the literal game to police what others do to their computers.

I don't play any games that use anticheat. But I also don't go out of my way to tell other players who knowingly, consensually installs games with anticheat so they can play them. It's like saying it is an invasion of privacy for cycling athletes to be subjected to doping tests. It's their game. Why does it bother you?

by pibaker

I don't think kernel goes far enough. We are pushing down the wrong path. We don't need kernel level anti cheats.

I think there should be real world legal consequences for exploiting information systems like this. "Gaming" shouldn't magically exempt a business sector from reasonable protection against fraud and abuse. Just because it's easy to do or involves bits in a computer (that isn't physically on the game developer's premises) should not magically exempt bad actors from prosecution. Yes, it's your computer, those are technically your bits, but this is about how these things are used and the context within which they are.

We have the CFAA in the US, but you'd need a fairly loose interpretation to cover most forms of cheating today. I don't really see the distinction between client and server when the actions taken on the client side cause a dramatic loss in quality of service for other clients connected to that same server or p2p relay.

South Korea has laws on the books as of 2016.

https://dotesports.com/overwatch/news/ow-hacker-sentenced-pr...

by bob1029

yes but you are going off topic, the point is companies installing low level malware on any gamer's system to prevent cheaters and monitoring all of them as a consequence. And not that there are not enough laws against cheaters and against people tampering with a software or system, also tampering imho has always been the base for the rest of the reversing :)

by giov4

No thanks.

>We don't need kernel level anti cheats.

More than that, they'd be illegal by your own standard, if applied fairly. You can't steal control of someone's computer just because they bought a game from you. That's a strictly more severe "exploit" with strictly more impact on "quality of service" than sending bogus data to a server. Cuts both ways.

But we all know how it'd really play out. If lying to a server counts as "hacking", but corporate rootkits and locked bootloaders are fine, all you've really done is solidify "felony infringement of business model". You haven't protected anyone. Video games are a stupid thing to immolate computing freedom for.

by dTal

In my opinion, the debate about kernel anti-cheat on Windows is disingenuous fear-mongering. I'm confused why Hacker News of all places misrepresents the technical details.

You can already completely compromise the average user's privacy with an underprivileged process (nearly all of your personal information is accessible with zero privileges!), and you can already persist with administrator privileges (that is routinely given on Windows).

In regard to the "RCE attacker risk", attackers can RCE to escalate just as easily into vulnerable Windows services (there's too many to count). Kernel drivers aren't that special.

In regard to the "CrowdStrike risk", that's not privacy related and is extremely overblown.

What exactly does a kernel driver change regarding privacy? Nothing I can think of.

It's this simple: If games want your personal data, they don't need a kernel driver to get it.

by iscoelho

>You can already completely compromise the average user's privacy with an underprivileged process (nearly all of your personal information is accessible with zero privileges!), and you can already persist with administrator privileges (that is routinely given on Windows).

Most complaints about kernel level are indeed about privacy, and as you say a user space process can already do so much that this argument is moot. Most people are not aware or ignore it to fear monger because anything kernel sounds really bad.

by Hikikomori

> In my opinion, the debate about kernel anti-cheat on Windows is fear-mongering

I don't think a lot of people who complain about kernel anti-cheat actually play competitive games.

by ChocolateGod

what a goof. yes it's a privacy risk, but so is half the things people do on the internet.

cs2 is infested with hackers, arc raiders died because of hackers... many games I've played and loved are dead because of hackers.

by AgentMasterRace

"CS2 is infested with hackers" is either cope OR you have low trust factor.

by HDBaseT

Hackers were only one of the many straws that killed Arc Raiders. Mostly it was a dev team that didn’t care.

by vips7L

online real-money and crypto poker sites have a big cheating problem too - and face similar issues for detection.

Alarmingly the software for one popular operator has some very invasive features - verging on spyware - including harvesting screenshots of all screens (sent to some unknown biz in india, stored under "who-knows-what" security), hardware fingerprinting, and 'remote access' wired in for future releases.

https://pokerindustrynews.com/features/coinpoker-anti-cheat-...

by nhggfu

The tl;dr from the post is that kernel anti-cheat presents both an attack vector for malware and a backdoor for firms. The former is already known to be exploited.

I don't know why comments here are so negative. PC gamers should be wary of installing this stuff, and PC users in general wary of attempts to lock down their computer. If game companies want a fully locked down PC, they already have one; it's called a console.

by grg0

There are people who treat their PC almost like a console, cause all they use it for is video games anyway, but they want more than what a console offers (and will spend a lot). They install whatever. Kernel anti-cheat isn't even the worst thing on those, that'd be Windows.

It's fine. Personally I keep my Mac clean. It can play a few games, which is enough for me. I also found a spare PC in e-waste, and occasionally boot it up to play games in Win10, but wouldn't care if it died.

by frollogaston

I play a lot. Competitive shooters mostly. Most of them are unplayable for one or two reasons. Cross play (controllers with aim assist) and cheaters. As a PC player I would like to see no aim assist and actual consequences for cheating. I’ll gladly verify my real world identity, if it meant cheaters where banned once and forever. I’ve heard this is how it works in Korea (claim not verified) and could see it work here too as most of Europe has access to very UX friendly state sponsored digital ID.

If there were actual stakes to cheating, it would be less prevalent. Now you can create another account and keep playing. Often for free!

On a side note. How come replay analysis doesn’t catch more cheaters?

by wronex

> "How come replay analysis doesn’t catch more cheaters?"

1) There's too many players.

2) Closet cheaters are extremely subjective: automated & manual moderation would be full of false positives. In these cases, functional anti-cheats actually serve to vindicate these players.

by iscoelho

Since you're not a gamer sorry but your opinion does not means much, you don't seem to realize how cheating is a problem in online games, it's not just an inconvenience, it kills games.

by Thaxll

> So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

Yeah except that’s not the options here. Even with ring-0 there are lots of cheaters. Without it the game would be completely infested with them.

by _aavaa_

I would still rather have that than let some game run in ring 0 TBH.

by bigstrat2003

> So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

You’re not a gamer so you don’t have a word here. I was a competitive gamer and I would happily accept even the game where you need a government id to be allowed to play in ranked/matchmaking. I do dual boot for gaming/home stuff though.

by galkk

This article reminds me of Chesterton Fence - the author is complaining about something, without ever experiencing why it exists.

by cowthulhu

Unlike the Fence, kernel anti-cheat wasn't always there and won't be effective in the future with new AI-powered cheats growing.

by ronsor

I must admit I immediately questioned the credibility of the article when the author admitted they "aren't a gamer" and then started making allusions to vague political threads. Not to say these criticisms aren't valid, but they're a weird jumping off point

The reality is none of the companies want to do these things. Every step in this process locks out some subset of customers. And that's not including the ones who meet the technical requirements but are turned off enough by the decision to just avoid the games anyway

They're an unfortunate response to how utterly profitable and expansive cheating in online games has become. They cost the companies precious development time that could be spent making the game better to instead make it just vaguely "playable" for normal people

by CursedSilicon

Join the discussion

Write your take first — we'll ask for email only when you're ready to publish.

  • Hacker News
  • The overreach of kernel anticheats that this article complains about can be done just as easily from user mode anticheats. It's not whether an anticheat is kernel mode or not for whether it is overreaching or not.

    >The hardware requirements lock out Linux and the Steam Deck

    Because their security is out of date. Meanwhile macOS has modern security good enough to not even require Vanguard to need kernel mode to be effective.

    by charcircuit
  • >it hasn’t stopped cheating

    No but it has largely reduced it to where you can play competitively and not run into cheaters. Go play f2p csgo and enjoy a hacker in nearly every single game blatantly spinning in spawn head shotting everyone.

    by AuthAuth
  • It doesn't take kernel level anticheat to detect that kind of behavior. This is just laziness.
    by dannersy
  • It's hard to know. If I were cheating on a competitive server, I'd be using cheats that gave me an edge without making me dominant. That sort of thing is very difficult to detect.
    by laughing_man
  • That sounds like malware.
    by josefritzishere
  • Letting RIOT into your ring ZERO is not a risk I'm willing to take.

    It just sits nagging in the back of your mind. So why take the risk.

    by n3rv
  • Are you playing games on a different user? If not a user space program can already access all your files and memory of running processes.
    by Hikikomori
  • > I want to preface this with the fact that I’m not a gamer.

    So you're prefacing it as someone who has never really dealt with the games you like to play getting totally infested with and nearly unplayable with so many cheaters in practically every lobby.

    Its easy to think its something that's not needed if one never spends any time in the space.

    Do they stop all cheats? No. Do they make the bar extensively higher to cheat? Absolutely. Even they point this out: "A DMA cheat is a separate FPGA card that sits in a PCIe slot and reads the game’s memory directly over the bus, while a second computer processes what it sees and feeds back aim and wallhacks..." Any random person can go run some executable they found on a forum, what percentage of the playerbase has these FPGA cards and a second computer to properly run these cheats? And even then, more modern systems can even detect these kinds of things.

    Are there lots of problems with these anti-cheat platforms? Sure. Are they now often developed with ties to countries many wouldn't want have that deep of access to their computers? Sure. Is kernel-level anti-cheat overall as a concept overreach? Probably not for what a lot of players actively want. Players want systems to ensure everyone is playing on a somewhat equal playing field. Other than the games being rendered in the cloud I don't know any other real way to begin to enforce it.

    > I would rather share a match with the occasional cheater

    What if it wasn't "the occasional cheater" and instead was "nearly every match of every game you like to play"?

    by vel0city
  • Yes, it is very rich for someone with no skin in the literal game to police what others do to their computers.

    I don't play any games that use anticheat. But I also don't go out of my way to tell other players who knowingly, consensually installs games with anticheat so they can play them. It's like saying it is an invasion of privacy for cycling athletes to be subjected to doping tests. It's their game. Why does it bother you?

    by pibaker
  • I don't think kernel goes far enough. We are pushing down the wrong path. We don't need kernel level anti cheats.

    I think there should be real world legal consequences for exploiting information systems like this. "Gaming" shouldn't magically exempt a business sector from reasonable protection against fraud and abuse. Just because it's easy to do or involves bits in a computer (that isn't physically on the game developer's premises) should not magically exempt bad actors from prosecution. Yes, it's your computer, those are technically your bits, but this is about how these things are used and the context within which they are.

    We have the CFAA in the US, but you'd need a fairly loose interpretation to cover most forms of cheating today. I don't really see the distinction between client and server when the actions taken on the client side cause a dramatic loss in quality of service for other clients connected to that same server or p2p relay.

    South Korea has laws on the books as of 2016.

    https://dotesports.com/overwatch/news/ow-hacker-sentenced-pr...

    by bob1029
  • yes but you are going off topic, the point is companies installing low level malware on any gamer's system to prevent cheaters and monitoring all of them as a consequence. And not that there are not enough laws against cheaters and against people tampering with a software or system, also tampering imho has always been the base for the rest of the reversing :)
    by giov4
  • No thanks.

    >We don't need kernel level anti cheats.

    More than that, they'd be illegal by your own standard, if applied fairly. You can't steal control of someone's computer just because they bought a game from you. That's a strictly more severe "exploit" with strictly more impact on "quality of service" than sending bogus data to a server. Cuts both ways.

    But we all know how it'd really play out. If lying to a server counts as "hacking", but corporate rootkits and locked bootloaders are fine, all you've really done is solidify "felony infringement of business model". You haven't protected anyone. Video games are a stupid thing to immolate computing freedom for.

    by dTal
  • In my opinion, the debate about kernel anti-cheat on Windows is disingenuous fear-mongering. I'm confused why Hacker News of all places misrepresents the technical details.

    You can already completely compromise the average user's privacy with an underprivileged process (nearly all of your personal information is accessible with zero privileges!), and you can already persist with administrator privileges (that is routinely given on Windows).

    In regard to the "RCE attacker risk", attackers can RCE to escalate just as easily into vulnerable Windows services (there's too many to count). Kernel drivers aren't that special.

    In regard to the "CrowdStrike risk", that's not privacy related and is extremely overblown.

    What exactly does a kernel driver change regarding privacy? Nothing I can think of.

    It's this simple: If games want your personal data, they don't need a kernel driver to get it.

    by iscoelho
  • >You can already completely compromise the average user's privacy with an underprivileged process (nearly all of your personal information is accessible with zero privileges!), and you can already persist with administrator privileges (that is routinely given on Windows).

    Most complaints about kernel level are indeed about privacy, and as you say a user space process can already do so much that this argument is moot. Most people are not aware or ignore it to fear monger because anything kernel sounds really bad.

    by Hikikomori
  • > In my opinion, the debate about kernel anti-cheat on Windows is fear-mongering

    I don't think a lot of people who complain about kernel anti-cheat actually play competitive games.

    by ChocolateGod
  • what a goof. yes it's a privacy risk, but so is half the things people do on the internet.

    cs2 is infested with hackers, arc raiders died because of hackers... many games I've played and loved are dead because of hackers.

    by AgentMasterRace
  • "CS2 is infested with hackers" is either cope OR you have low trust factor.
    by HDBaseT
  • Hackers were only one of the many straws that killed Arc Raiders. Mostly it was a dev team that didn’t care.
    by vips7L
  • online real-money and crypto poker sites have a big cheating problem too - and face similar issues for detection.

    Alarmingly the software for one popular operator has some very invasive features - verging on spyware - including harvesting screenshots of all screens (sent to some unknown biz in india, stored under "who-knows-what" security), hardware fingerprinting, and 'remote access' wired in for future releases.

    https://pokerindustrynews.com/features/coinpoker-anti-cheat-...

    by nhggfu
  • The tl;dr from the post is that kernel anti-cheat presents both an attack vector for malware and a backdoor for firms. The former is already known to be exploited.

    I don't know why comments here are so negative. PC gamers should be wary of installing this stuff, and PC users in general wary of attempts to lock down their computer. If game companies want a fully locked down PC, they already have one; it's called a console.

    by grg0
  • There are people who treat their PC almost like a console, cause all they use it for is video games anyway, but they want more than what a console offers (and will spend a lot). They install whatever. Kernel anti-cheat isn't even the worst thing on those, that'd be Windows.

    It's fine. Personally I keep my Mac clean. It can play a few games, which is enough for me. I also found a spare PC in e-waste, and occasionally boot it up to play games in Win10, but wouldn't care if it died.

    by frollogaston
  • I play a lot. Competitive shooters mostly. Most of them are unplayable for one or two reasons. Cross play (controllers with aim assist) and cheaters. As a PC player I would like to see no aim assist and actual consequences for cheating. I’ll gladly verify my real world identity, if it meant cheaters where banned once and forever. I’ve heard this is how it works in Korea (claim not verified) and could see it work here too as most of Europe has access to very UX friendly state sponsored digital ID.

    If there were actual stakes to cheating, it would be less prevalent. Now you can create another account and keep playing. Often for free!

    On a side note. How come replay analysis doesn’t catch more cheaters?

    by wronex
  • > "How come replay analysis doesn’t catch more cheaters?"

    1) There's too many players.

    2) Closet cheaters are extremely subjective: automated & manual moderation would be full of false positives. In these cases, functional anti-cheats actually serve to vindicate these players.

    by iscoelho
  • Since you're not a gamer sorry but your opinion does not means much, you don't seem to realize how cheating is a problem in online games, it's not just an inconvenience, it kills games.
    by Thaxll
  • > So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

    Yeah except that’s not the options here. Even with ring-0 there are lots of cheaters. Without it the game would be completely infested with them.

    by _aavaa_
  • I would still rather have that than let some game run in ring 0 TBH.
    by bigstrat2003
  • > So I would rather share a match with the occasional cheater than run un-auditable ring-0 software on the same machine I use for anything private.

    You’re not a gamer so you don’t have a word here. I was a competitive gamer and I would happily accept even the game where you need a government id to be allowed to play in ranked/matchmaking. I do dual boot for gaming/home stuff though.

    by galkk
  • This article reminds me of Chesterton Fence - the author is complaining about something, without ever experiencing why it exists.
    by cowthulhu
  • Unlike the Fence, kernel anti-cheat wasn't always there and won't be effective in the future with new AI-powered cheats growing.
    by ronsor
  • I must admit I immediately questioned the credibility of the article when the author admitted they "aren't a gamer" and then started making allusions to vague political threads. Not to say these criticisms aren't valid, but they're a weird jumping off point

    The reality is none of the companies want to do these things. Every step in this process locks out some subset of customers. And that's not including the ones who meet the technical requirements but are turned off enough by the decision to just avoid the games anyway

    They're an unfortunate response to how utterly profitable and expansive cheating in online games has become. They cost the companies precious development time that could be spent making the game better to instead make it just vaguely "playable" for normal people

    by CursedSilicon

Related stories