Is it time to start a campaign against kernel-level anticheat?
Is it time to start a campaign against kernel-level anticheat?
Now that Stop Killing Games is actually being taken seriously - maybe we need to take a look at Stop Fucking Around In Our Kernels
I haven't really been personally affected by it before - I don't play any competitive multiplayer games at all. But my wife had her brother over, and he's significantly younger than us. So he wanted to play FortNite and GTA V, knowing I have a gaming PC. FortNite is immediately out of the question, it'll never work on my computer. Okay, so I got GTA V running and it was fun for a while, but it turns out all of those really cool cars only exist in Online. But oh look, now they've added BattlEye and I can no longer get online.
While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot), it's really not. Even if I wanted to install Windows ever again, I do NOT want random 3rd party kernel modules in there. Anyone remember the whole CrowdStrike fiasco? I do NOT want to wake up to my computer not booting up because some idiot decided to push a shitty update to their kernel module that makes the kernel itself shit the bed. And while Microsoft fucks up plenty, at least they're a corporation with a reputation to uphold, and I believe they even have a QA team or 2. CrowdStrike was unheard of outside of the corporate world before the ordeal and tbh nobody has ever heard of it afterwards again.
So I think this would be a good angle to push. That we should be careful about what code runs in our OS kernels, for security and stability reasons. Obviously it'd be impossible to just blanket ban 3rd party kernel modules to any OS. However, maybe here in the EU at least we could get them to consider a rule that any software that includes a component running in the OS kernel, MUST justify how that part is necessary for the software to function in the best possible way for the user of the computer the software is running on. E.g I expect a hardware driver to have a kernel module, and I can see how security software needs to have a kernel module, but I do NOT see how a video game needs to have an anti cheat with a kernel module. How does that benefit me, the customer paying to be able to play said video game?
It should be said that I'm not against games detecting cheaters and banning them from online play. It's very specifically kernel-level anticheats that I can't stand on principle.
I'm against them being able to ban you from playing online in its entirety, which is something they can do because most online games don't let you run the servers yourself anymore. Sure, if someone cheats on official servers, ban them from the official servers. They should still be able to play, cheating or not, on the server they run themselves, but that's not an option we even have most of the time.
Yes, that's part of the StopKillingGames agenda as well. Allow us to control our own servers! For fuck's sake, it's CHEAPER for them, because WE'RE paying for hosting. A dedicated server costs money! And it keeps people buying into the ecosystem after the initial sales high because you form communities and then tell people IRL how awesome the game is. Assuming you have time for real life friends of course.
I'm not against the existence of a matchmaking system, or even against it being the default. Just give us a tiny menu item "Dedicated Servers" somewhere and keep that one around forever, even when the publisher is long bankrupt because the CEO blew all their profit on sculptures of oddly shaped penises or something.
Make a cheater pool and put anyone you detect using cheats in a separate matchmaking system that only matches cheaters with cheaters.
And never ban anyone, ofc.
"Butbutbutbut server side anticheat is haaaaaaard and requires us to actually think about what values are actually valid and understand our own internal game states. Kernel level anticheat
lets us be lazycosts us less and requires less development time!"Unless they deviate substantially from how they build games in genres like shooters, server side anti-cheat isn't going to catch everything that kernel level anti cheat does. However, kernel level anti cheat doesn't catch hardware cheating anyway, so if cheating is always going to be imperfect, we ought to stop short of the kernel.
Look if companies could implement successful anticheat without kernel access they sure as hell would, regardless of cost or effort. There is a TON of money to be made in competitive fps games alone, and they're pretty much all overrun by hackers
requires less development time
Here, step into this 200GB repo with about 50 third party plugins and someone else's game engine and find all the states that aren't exactly like they are on the design docs, and do it at scale, across a cluster of servers that all have to interact.
20 years ago, i'd be right there with you.
It's actually hard for a big game to do those things. The people making the cheats are as good as the developers and only need to find one nick it the armor every time.
FWIW, I'm against kernel-level anticheat, and I didn't downvote you :)
The one downvote from a cheater 👌
I think it should also be noted that the games industry is not audited for security to the same degree as a lot of other industries. So vulnerabilities may not be found until years after launch and then go unpatched indefinitely because the company has already moved on to the next thing.
Hell, one of the older CoD games had an RCE vulnerability that as far as I'm aware is still not patched.
Plus, major publishers like EA are now pushing to create their own kernel-level anticheat in-house. Why should anyone trust them to create a secure piece of software that runs with the highest permissions possible when they can't even be trusted to create stable, functional games?
Someone discovered Dark Souls games had a RCE but they never responded to the person that kept emailing them about it for months. The security guy then started invading streamers and crashing the game while doing fun stuff like showing text on the screen. Only then did Fromsoft take down the servers and patch things up - which took a few months.
Yes, game companies really don't take security seriously.
oh, so that was what it was about. they sure were really quiet about not caring about it in the first place.
I usually solve this issue by... just playing something else.
It sounds hard, but I assure you, nothing is impossible.
There's about 5 games a decade that are exciting anymore even, unfortunately. I might just have to give up gaming then.
You're obviously looking in the wrong place for games then..
I can cite way more than 5 excellent games from this decade from the top of my head, We're almost in 2025, so I'll limit to games released in or after 2015:
- Factorio
- RimWorld
- Stellaris
- Fallout 4
- Overcooked 2 (and all you can eat)
- Life is Strange
- Cyberpunk 2077
- Before your eyes
- Dead Cells
- Shadow Tactics
- Cities Skylines
- The outer worlds
- Two point hospital
I can keep going, but this is just from the top of my head, there are always good games getting released, and very rarely they're AAA.
I encourage you to explore the wonderful world of indie games, and free yourself from the shackles and shitty anti-cheat implementations of the AAA/AAAA gaming industry
False.
Money talks.
Don't buy the game.
This doesn't work. It will never work. You can't shame conscious consumers into voting with their wallets while the other 99% keeps buying the bad practices.
Thing is, if nobody on Lemmy, and literally nobody in general who cares about anticheat, buys GTA 6, you know what effect that would have on the company's bottom line? None, they'll make record profits.
Right, well they are trying to start a campaign to popularize the comment you just made. Or at least that's my understanding
Money mumbles. Don’t buy the game, and also actively notify the company of your decision and why. Twitter, feedback form, steam review, whatever channel lets you get that message across.
So do mega-corporations with more money than God, like Microsoft.
And they already said no to root-level anti-cheats.
Absolute dogshit strategy. 99% of people will always buy the game so you not buying won't matter in the slightest. Unfortunate but true.
It's been time. Game companies have no right to access that level of any system I paid for. If they want to use kernal level anti-cheat on their consoles, that's on them. But my computer? Absolutely not. They don't have a right to that, when I bought the computer I didn't agree to that in a EULA or TOS, and they do not make it apparent that their games carry this level of anti-cheat at sale.
You agree to that in the EULA/TOS of the game you want to play (and how legally binding that is is anyone's guess). You just never read it (because nobody does).
The reality is that it is just another layer of risk. You are or are not choosing to install software on your personal computer that may or may not increase your risk level. It is no different than going to that website that makes your GPU spin up real hard or grabbing something from itch that is actually malware and so forth. Its why people increasingly suggest having a dedicated device for taxes and anything else private.
Personally? I understand the benefits to kernel level anti-cheat and, while we have no data as consumers, it is clearly effective considering the state of games today versus games in the 00s and publishers are willing to allocate funds for it. I still firmly believe that there are better methods that involve analysis of player behavior but I also understand the compute costs of that will be insane.
But also? I don't want that shit on my computer (not that it would work because... Linux). So I choose not to play the games that require it. It means I miss out on some games but the good news is that there are way more games out there than I can ever play.
All that said: I increasingly think the end state is going to be competitive multiplayer games being console exclusive due to a mix of exclusivity rights and having a walled garden ecosystem that actually CAN be controlled.
We literally have a cloudstrike report giving direct examples of how bad it is potentially as a vector for malware. Additionally it doesn't solve the problem it aims to solve, as reported by several outlets because it doesn't stop hardware level cheating, just potentially stops scripts. So you could absolutely enable cheats through a device like a keyboard and mouse or controller and the Anti-cheat does nothing.
Additionally though, I am not buying products with kernel level Anti-cheat and that is intentional, so I am not agreeing to the TOS or EULA of those games. If you add to this the fact that some games retroactively added kernel level anti-cheat, it's bogus to assume that people are in the know or that they agreed to such things in the original TOS or EULA. Steam only recently made developers list kernel level anti-cheat on store pages for their game.
Also, kernel level anti-cheat in single player games is just ridiculous and invasive.
No one is forcing you to install their game.
It's so easy to look up what kind of anti cheat games use.
You can't eat the cake and have it too.
They don't have a right to install anything without your consent. However. You pressed the "Install" button. And you boxed in "I understand" and clicked "I agree".
That doesn't really track here. My reasoning is simple. They are requiring access to something they didn't initially make public or allow an informed decision on, and they did that on purpose. While I don't currently own or buy games that have kernel level anti-cheat, that doesn't make the obfuscation any better.
I actually have not pressed the install button, nor have I pressed the purchase button. However, I also want you to look up the phrase "eat cake and have it to" and figure out what you mean. I'm buying the cake. I'm buying the fork to eat the cake. Neither the cake company nor the fork company should be able to tell me what to do with the product from the other company. You don't have to agree with my stance, but understand that this is the argument that I am making.
There us no need. CrowdStrike was such a disaster for Microsoft that they are already on the path to locking down the kernel. Noboby but MS will have kernel access eventually. Give it a few years (and 1-2 Windows versions)
Apple has already done the same with macOS 10.15 Catalina in 2019. No more kernel extensions = much better kernel-level security
This will become the industry standard
With you on this, regardless of the method used, no app has any business running or snooping outside of the container that it was set up in. And this doesn’t just apply to desktop operating systems, mobile and entertainment consoles too.
I’d even take it a step further, that nonsense shouldn’t be on my machine in the first place.
Want to run anticheat stuff? Run it on your own crappy servers at your own cost and processing power. Live detect it through packets that are sent to you and are being processed, be it voice or input.
Whatever happens on my machine is none of your business.
This issue would be solved / non existent if matchmaking was not the only option for playing online game, which wouldn't be an issue if publishers stopped being so greedy and predatory when it comes to player retention, which wouldn't be an issue if the economic system we live in didn't promote this toxic behaviour.
So yeah, kernel based anticheats are mostly just a symptom of a larger problem, the rotten video games industry
This issue would be solved / non existent if matchmaking was not the only option for playing online game
Games that have community hosted servers also needs anticheat. You can't expect an admin to be around 24/7 to ban cheaters.
which wouldn’t be an issue if publishers stopped being so greedy and predatory
Hah. Good luck with that :)
This issue would be solved / non existent if matchmaking was not the only option for playing online game
This is incredibly false.
Back in the day? Counterstrike 1.6 was SO good that we played through it with rampant hackers everywhere. Finding the rare server where people weren't using aimbots and wallhacks was a bigger find than a hyper attractive alien asking you to teach it what love is. Same with UT and Quake.
And none of those did "matchmaking".
competitive multiplayer
I feel it should be added that this is one use of anti-cheat, but it also gets used on noncompetitive single player games, too.
Usually if a game has micro-transactions, but also to "protect our IP" as has been seen with a number of older non-MTX single player games recently being retrofitted with it.
Yeah I don't even want to talk about that at this point...
Anyone who wants "their IP" can find a way to do it regardless of any kernel level anticheat anyway.
Guess I'm OOL. What non-competitive games have kernel anti-cheat?
This will take a rogue agent to send malware or otherwise brick all machines by kernel injection. The crowd strike event poked a hole in the dam. This needs a full exploit to get major traction beyond game studios moving to the next kernel level drm/exploit engine.
Arguing that buying something means you own it is much more digestible for the general public. Arguing that the video game codes run slightly different on your machine than you would like is esoteric and a non-starter. This is not a matter for the government, just don’t buy shitty games. Literally no game is required to be bought.
This is not a matter for the government, just don’t buy shitty games.
This IS a matter for the goverment. "just don’t buy shitty X" is "just use magic" argument.
The point is not enough people understand it to gain any momentum
Good post thank you.
Totally agree. Went all-in on Linux earlier this year and it was all working pretty good but there is really no solution when all your buddies are playing fortnite.
The multiple "game streaming" services our there wasn't really cutting it either. I recall reading that Microsoft was going to be more strict with allowing kernel level anticheat but I don't remember exactly where in saw that and I'm too lazy to Google. I hope with all the new PC handhelds coming out (steam deck, etc), that major companies start pushing for this or figuring out a workaround.
In the wake of Crowdstrike, Microsoft was going to allow for additional avenues for hooks into the OS that don't reach as deep into the kernel level, but they never said they were removing the hooks that Crowdstrike or anti-cheat use, as far as I can tell. One solution for PC handhelds is to run whatever modified version of Windows that Microsoft is cooking up, so that you get the console-like interface without compromising on the anti-cheat compatibility. The solution Valve is seemingly hoping for is that, by disclosing kernel-level anti-cheat on the store page, such a solution becomes poison in the marketplace and developers choose a different one.
Steam is a good platform, but if this strategy works and it kills off kernel level anticheat and gets more Linux support, those would be next level contributions to gaming.
The solution Valve is seemingly hoping for is that, by disclosing kernel-level anti-cheat on the store page, such a solution becomes poison in the marketplace and developers choose a different one.
Honestly, I wish they were more aggressive with it. Make the warning banners about kernel-level anti-cheat bright red and put it right above the purchase button like the "needs VR headset" warning.
I'm the same with committing to Linux completely.
Previously, my Apex Legends account with hundreds of hours and unlocks got banned for no reason, but I made a new account and played on. Then they banned Linux and I've never looked back.
Now I'm looking forward to not being able to play 2XKO as well.
I'm not a target for these hacks (I mostly play like commandos 1.5, Red alert and Diablo II) but I have my main PC on Linux and then a sort of franken-PC on windows where I don't share sensitive data, or anything meaningful except game-related data I guess.
Works for me.
Now that Stop Killing Games is actually being taken seriously
600k signatures to go. Link for EU citizens.
I know it's easy to say, especially in your case when its a kid, but just dont buy or play games with kernel AC.
These companies only understand money.
Anti cheat should be server side.
It is going to be hard to potentially have to make GTA 6 the first one I skip entirely (minus II and London I guess, I never got around to playing those. Or the stories).
I had 2000 hours in SA:MP in the ~one year I actively used xFire. I am an absolute GTA nerd.
I'll survive it, maybe borrow the console version off a friend who ends up buying it or something. But I know for sure I'll hate myself for having principles. Or I'll cave in and hate myself for having principles and caving in.
I plan on waiting until they just make it free 12 times like they did GTA 5,I haven't enjoyed GTA 5 anyway, they scrapped what made single player good and had a super buggy multiplayer if you had a slower internet, the amount of times it froze and hot stuck in the multiplayer tutorial at my parents because they had a 5/5 so it struggled internet side was insane for something that was already on the system and was still SP
The ship named "software does shit I don't like on my own hardware" sailed the day proprietary software became a thing.
Mind you, it's scary how many people applaud kernel-level anticheat. "This game was just ruined by hackers until they added kernel-level anticheat. Now it's great again!"
How would a campaign against kernel-level anticheat "succeed" exactly? More awareness? More people boycotting kernel-level anticheat? Laws prohibiting the practice?
Like, obviously I'm never running any software that involves kernel-level anticheat, but I'm a Gentoo neckbeard with an EFF-approved tinfoil hat surgically attached to my scalp.
(Hell, I think it would be great if most of the games out there had cheater and bot servers where it was encouraged to run your cheat tools and/or bots. If they allowed that but just kept it separate from non-tool/non-bot players, that'd be a fantastic way to get kids more interested in STEM.)
(Also, if anyone made and sold a boardgame that made players want to cheat (in a bug-not-feature kind of way), it would get negative reviews and no one would buy it. In a way, kernel-level anticheat can almost be considered a type of "externality". The game studio, rather than going to the trouble to tune their game to make cheating less appealing, they break their users' computers and invade their privacy. And the game studio then rakes in more money as a result.)
But how would we get through to normie 12-year-olds who just want to play Valorant and not have their face constantly rubbed in the dirt by "hackers"?
But how would we get through to normie 12-year-olds who just want to play Valorant and not have their face constantly rubbed in the dirt by "hackers"?
I think it would be good for them to be told the truth: you aren't being killed by hackers, you just suck.
its never too late to start resisting something. Though it is too late if no one cares to do anything about it, not even yourself.
But we are a minority. The vast majority of gamers hate us.
On the contrary, I think kernel level anticheat should be illegal
Now that Stop Killing Games is actually being taken seriously
It is? They're still at 39%. Let's not call victory before reaching the start of the race. Getting to 100% will just be the beginning.
Also, kernel level anti-cheat seems like an easy thing to fix: don't buy the game. Be a little bit more principled and selective in your purchasing choices.
"Don't buy a game that ships with malware" is a perfectly correct decision, but it doesn't address the fact that games are shipping with fucking malware.
It's a very recent development, but the consumer actually does have enough information just from the store page these days to know that a game uses kernel level software. The thing that still sucks is that it can be retroactive. In those cases, I suppose we just ask for a refund.
I don't live in the EU, and am not sure it's a good idea to sign the petition for that reason even though I agree with them 100%.
On areweanticheatyet.com it seems like the percentage of denied/broken keeps getting higher and higher :(
I guess it makes sense, new games come out with anticheat, and rarely do new games come out without anticheat.
Yes
While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot)
That's not trivial at all. Don't let anyone let you think otherwise.
And while Microsoft fucks up plenty, at least they're a corporation with a reputation to uphold, and I believe they even have a QA team or 2.
Lol. Lmao even
Now it’s built in DRM on Windows 11. And it’s already breaking games.
https://www.techspot.com/news/105709-windows-11-24h2-update-breaks-ubisoft-games-fix.html
I was boycotting it before it was even in the news.
likely only way this is going to change is if someone starts exploiting the kernel level anticheats and causes noticeable consequences for people who dont care they have it installed. In essence, its just (hopefully) difficult to use rootkit waiting to be used anyway.
Drag picked up Helldivers recently, which uses a KLA. Drag's had no problems with it. But drag's dragon also downloaded it, and it completely borked its computer. The voltage regulator chip for the CPU failed, and its computer started crashing on completely different games, even after uninstalling Helldivers.
I'm late to the thread but am I understanding this correctly? The issue is gaming on a Linux or non-windows pc, right? Also, the general sentiment in this chat room is to not buy the games requiring windows, right?
Are you all high or just idiots? What cinpany is going to give a flying fuck if 1% of their customer base stops buying. 100% of all Linux gamers would have to commit to even make the 1% dent. 🤣🤣🤣
You mean like the "multi-million units sold" Linux based Steam Deck?
Not, the problem is that kernel level ACs are a security and privacy risk, a violation of what I do and what I am willing to share, and a bullshit way to enforce fair play. They already suck at detecting cheats, it is a cat and mouse game, and the mouse has always been ahead.
Next thing is they will require for me to stream my face, hands, and feet to ensure I am not cheating...
"Spy on me harder Daddy"
I wasn't buying their games because they suck.
Anti-cheat was way down the list of reasons. It's not like even on Linux that there's a drought of games to play.
I guess they just can't handle Team Fortress 2.
No, you're not understanding it correctly. The issue is that kernel-level DRM is a terrible thing on Windows, the fact that it doesn't work on Linux is also a side effect.