this post was submitted on 30 Oct 2024
1462 points (98.5% liked)

Games

32548 readers
1367 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
 

Now if only they could more clearly communicate when games are playable offline.

you are viewing a single comment's thread
view the rest of the comments
[–] Woodstock 42 points 2 weeks ago (5 children)

Can someone explain like I’m stupid on kernel level anti cheat and why I should watch out for it? Not a dig at all, a genuine question!

[–] [email protected] 103 points 2 weeks ago* (last edited 2 weeks ago) (5 children)

To put it very simply, the 'kernel' has significant control over your OS as it essentially runs above everything else in terms of system privileges.

It can (but not always) run at startup, so this means if you install a game with kernel-level anticheat, the moment your system turns on, the game's publisher can have software running on your system that can restrict the installation of a particular driver, stop certain software from running, or, even insidiously spy on your system's activity if they wished to. (and reverse-engineering the code to figure out if they are spying on you is a felony because of DRM-related laws)

It basically means trusting every single game publisher with kernel-level anticheat in their games to have a full view into your system, and the ability to effectively control it, without any legal recourse or transparency, all to try (and usually fail) to stop cheating in games.

[–] ampersandrew 66 points 2 weeks ago (1 children)

And it's worth noting that trusting the game developer isn't really enough. Far too many of them have been hacked, so who's to say it's always your favorite game developer behind the wheel?

[–] [email protected] 21 points 2 weeks ago

Or, even better, when you let a whole bunch of devs have acces to the kernel...

... sometimes they just accidentally fuck up and push a bad update, unintentionally.

This is how CrowdStrike managed to Y2K an absurd number of enterprise computers fairly recently.

Its also why its ... you know, generally bad practice to have your kernel just open to fucking whoever instead of having it be locked down and rigorously tested.

Funnily enough, MSFT now appears to be shifting toward offering much less direct access to its kernel to 3rd party software devs.

[–] barlescharkley 60 points 2 weeks ago

More importantly, if traditional anticheat has a bug, your game dies. Oh no.

If kernel level anticheat has a bug, your computer blue screens (that's specifically what the blue screen is: a bug in the kernel, not just an ordinary bug that the system can recover from). Much worse. Sure hope that bug only crashes your computer when the game is running and not just whenever, because remember a kernel-level program can be running the moment your computer boots as above poster said

[–] [email protected] 10 points 2 weeks ago (1 children)

Not all anti cheats run at startup. Some only run when you play a game. I think vanguard for valorant ran all the time at first and people were pissed. Meanwhile easy anti cheat runs only with a game. So it depends. It all sucks though.

[–] [email protected] 5 points 2 weeks ago

That's definitely true, I probably should have been a little more clear in my response, specifying that it can run at startup, but doesn't always do so.

I'll edit my comment so nobody gets the wrong idea. Thanks for pointing that out!

[–] Woodstock 4 points 2 weeks ago

Thank you! Really clear and appreciate you taking the time to explain!

[–] Katana314 4 points 2 weeks ago (1 children)

It's not just trust of the game developer. I honestly believe most of them just want to put out profitable games. It's trust that a hacker won't ever learn how to sign their code in a way that causes it to be respected as part of the game's code instructions.

There was some old article about how a black hat found a vulnerability in a signed virtual driver used by Genshin Impact. So, they deployed their whole infection package together with that plain driver to computers that had never been used for video games at all; and because Microsoft chose to trust that driver, it worked.

I wish I could find an article on it, since a paraphrased summary isn't a great source. This is coming from memory.

[–] [email protected] 2 points 2 weeks ago

It's trust that a hacker won't ever learn how to sign their code in a way that causes it to be respected as part of the game's code instructions.

That's not an accurate description of the exploit you describe. It sounds like the attacker bundled a signed and trusted but known vulnerable version of the module, then used a known exploit in that module to run their own unsigned, untrusted code with high privileges.

This can be resolved by marking that signature as untrusted, but that requires the user to pull an update, and we all know how much people hate updating their PC.

[–] [email protected] 36 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Making it super simple, it runs with full access on your machine, always. It can fuck anything up, and see everything. It can get your browser history, banking details or private messages you enter, activate your webcam or mic without you knowing, or brick your computer even.

And you can't even check what it's really doing on your computer because it's a crime under US law.

Finally, it can get hacked and other people than the creator can do all these to your computer as well,as it already happened once.

[–] scarilog 4 points 2 weeks ago (2 children)

And you can't even check what it's really doing on your computer because it's a crime under US law.

Is this specifically for kernel level anticheat? Because this isn't a thing for software in general right??

[–] [email protected] 4 points 2 weeks ago

It's a thing for any measure said to enforce copyright under the DMCA.

So it's a thing for most proprietary software.

[–] [email protected] 1 points 2 weeks ago (1 children)

If anything reverse engineering is more permissible in the USA than many other places, IIRC

[–] [email protected] 4 points 2 weeks ago

Not if you're running afoul of the DMCA.

[–] yamanii 15 points 2 weeks ago

Easy, a bug in battle eye forced me to reinstall windows, this kernel access has to go.

[–] [email protected] 8 points 2 weeks ago

Also, the most games that don't work in linux is for this reason (and steamdeck works in linux)

[–] mrvictory1 2 points 2 weeks ago

Imagine a game having higher privileges than what you get with "Run as administrator"