Now that Stop Killing Games is actually being taken seriously - maybe we need to take a look at Stop Fucking Around In Our Kernels

I haven’t really been personally affected by it before - I don’t play any competitive multiplayer games at all. But my wife had her brother over, and he’s significantly younger than us. So he wanted to play FortNite and GTA V, knowing I have a gaming PC. FortNite is immediately out of the question, it’ll never work on my computer. Okay, so I got GTA V running and it was fun for a while, but it turns out all of those really cool cars only exist in Online. But oh look, now they’ve added BattlEye and I can no longer get online.

While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot), it’s really not. Even if I wanted to install Windows ever again, I do NOT want random 3rd party kernel modules in there. Anyone remember the whole CrowdStrike fiasco? I do NOT want to wake up to my computer not booting up because some idiot decided to push a shitty update to their kernel module that makes the kernel itself shit the bed. And while Microsoft fucks up plenty, at least they’re a corporation with a reputation to uphold, and I believe they even have a QA team or 2. CrowdStrike was unheard of outside of the corporate world before the ordeal and tbh nobody has ever heard of it afterwards again.

So I think this would be a good angle to push. That we should be careful about what code runs in our OS kernels, for security and stability reasons. Obviously it’d be impossible to just blanket ban 3rd party kernel modules to any OS. However, maybe here in the EU at least we could get them to consider a rule that any software that includes a component running in the OS kernel, MUST justify how that part is necessary for the software to function in the best possible way for the user of the computer the software is running on. E.g I expect a hardware driver to have a kernel module, and I can see how security software needs to have a kernel module, but I do NOT see how a video game needs to have an anti cheat with a kernel module. How does that benefit me, the customer paying to be able to play said video game?

  • GHiLA@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    63
    arrow-down
    3
    ·
    edit-2
    6 days ago

    I usually solve this issue by… just playing something else.

    It sounds hard, but I assure you, nothing is impossible.

    • boonhet@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      19
      ·
      6 days ago

      There’s about 5 games a decade that are exciting anymore even, unfortunately. I might just have to give up gaming then.

      • Nibodhika@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        2
        ·
        5 days ago

        I can cite way more than 5 excellent games from this decade from the top of my head, We’re almost in 2025, so I’ll limit to games released in or after 2015:

        • Factorio
        • RimWorld
        • Stellaris
        • Fallout 4
        • Overcooked 2 (and all you can eat)
        • Life is Strange
        • Cyberpunk 2077
        • Before your eyes
        • Dead Cells
        • Shadow Tactics
        • Cities Skylines
        • The outer worlds
        • Two point hospital

        I can keep going, but this is just from the top of my head, there are always good games getting released, and very rarely they’re AAA.

      • zalgotext@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        7
        ·
        5 days ago

        I encourage you to explore the wonderful world of indie games, and free yourself from the shackles and shitty anti-cheat implementations of the AAA/AAAA gaming industry

      • ipkpjersi@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        5 days ago

        There are tons of good games always coming out even recently, unless you only like multi-player games.

        • xavier666@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 days ago

          If you spend a little time on the dark alleyways of Steam, you will occasionally come up with hidden gems. The indies scene is currently thriving.

  • boonhet@lemm.eeOP
    link
    fedilink
    English
    arrow-up
    108
    arrow-down
    1
    ·
    7 days ago

    It should be said that I’m not against games detecting cheaters and banning them from online play. It’s very specifically kernel-level anticheats that I can’t stand on principle.

    • ampersandrew@lemmy.world
      link
      fedilink
      English
      arrow-up
      61
      arrow-down
      8
      ·
      7 days ago

      I’m against them being able to ban you from playing online in its entirety, which is something they can do because most online games don’t let you run the servers yourself anymore. Sure, if someone cheats on official servers, ban them from the official servers. They should still be able to play, cheating or not, on the server they run themselves, but that’s not an option we even have most of the time.

      • tiz@lemmy.ml
        link
        fedilink
        English
        arrow-up
        50
        ·
        edit-2
        7 days ago

        This one is such an overlooked part of this whole dilemma. The problem is NOT THAT the official servers not allowing clients without kernel level anti cheat. It’s just we don’t have an option to host our own servers anymore and we’re confined to following the rules.

        • NuXCOM_90Percent@lemmy.zip
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          12
          ·
          6 days ago

          It is “overlooked” because it is a non-answer.

          Nobody wants to play with all the cheaters and the people who got banned because they couldn’t stop talking about how much they love CSAM in the lobbies.

          I mean, look at twitter. After the recent mass exodus to bluesky there is anger because they are realizing their quarantine zone is REAL shitty.

          I do wish more games would provide player run servers as an option. but I am under no illusion that that is going to be good for anything other than “Hey, remember when we all played Chivalry 2 for a few years? What say we play that on Friday night and then ignore it for another decade?”

          • grue@lemmy.world
            link
            fedilink
            English
            arrow-up
            16
            ·
            6 days ago

            That’s a strawman argument. First of all, plenty of people would be happy to self-host a game for their friends, if they were still allowed the option. Second, even people who want to run a public server would still be free to ban people (for whatever reason they wanted). We’re not talking about being forced to tolerate antisocial fuckwads.

            • BombOmOm@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              5 days ago

              First of all, plenty of people would be happy to self-host a game for their friends, if they were still allowed the option.

              Exactly! Me and my friends often play on modded Factorio servers that one of us hosts. This is only possible because the developer doesn’t lock things down to only the first-party (official) servers.

              We don’t play with cheaters either (you aren’t getting invited to our server if you are). We play with our friends because it is fun, in a way no official server could hope to work.

            • NuXCOM_90Percent@lemmy.zip
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              7
              ·
              6 days ago

              As something nice to have? I fully agree (and said as much)

              As an alternative to anti-cheat solutions/“solutions” as was being presented?

              No, it is not an answer. Because it would indeed be forcing people to tolerate “antisocial fuckwads” or forcing people ti find private servers to play with each other like in the good old days.

              • grue@lemmy.world
                link
                fedilink
                English
                arrow-up
                7
                arrow-down
                2
                ·
                6 days ago

                or forcing people ti find private servers to play with each other like in the good old days.

                No shit, Sherlock. That’s exactly what I was advocating for.

                I wouldn’t call it “forcing,” though – that’s another strawman. It’s “allowing” the option.

                • NuXCOM_90Percent@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  10
                  ·
                  6 days ago

                  Cool

                  Also, it isn’t a straw man if you are arguing a completely different topic than the one the thread is about. But cool. You learned a word.

          • SteveNashFan@lemmy.world
            link
            fedilink
            English
            arrow-up
            9
            ·
            6 days ago

            In my experience with TF2, many popular community servers have common-sense rules like no slurs, cheats, etc. The great thing about a player-run server is that, if you want, it can be stricter than official guidelines, as Valve for example is pretty hands-off beyond the obvious in-game cheats. It allows pockets of the community to shape the experience they want to have more adeptly than official servers ever could.

            • NuXCOM_90Percent@lemmy.zip
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              6 days ago

              The problem is “pockets of the community”.

              Back in the day, I LOVED Unreal Tournament (… I still do actually). And a lot of that is because I found servers with people who became friends I still chat with (hell, one of them is even in the same Warframe clan as I am).

              But that is INCREDIBLY unapproachable and I know plenty of people who never “got int” UT or Quake or TF2 because they never found those communities and instead got stuck with random pubs full of assholes.

              That said: That is not about anti-cheat. That is about matchmaking versus player run servers. Which is a very different discussion with nuances in all directions.

          • ampersandrew@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            6 days ago

            That is a perfectly valid use case for a video game that I paid for though. I do exactly that with games like 007: Agent Under Fire (in split-screen), and I played games like Rainbow Six 3 long after the official servers weren’t there anymore. Agent Under Fire in particular is a lot of fun with all of the modifiers on, like moon gravity, and I wouldn’t mind playing some multiplayer games with friends with cheats like that one on; things that you wouldn’t want on in a ranked queue, but things that I should 100% be able to do with the product that I paid for.

      • boonhet@lemm.eeOP
        link
        fedilink
        English
        arrow-up
        12
        ·
        7 days ago

        Yes, that’s part of the StopKillingGames agenda as well. Allow us to control our own servers! For fuck’s sake, it’s CHEAPER for them, because WE’RE paying for hosting. A dedicated server costs money! And it keeps people buying into the ecosystem after the initial sales high because you form communities and then tell people IRL how awesome the game is. Assuming you have time for real life friends of course.

        I’m not against the existence of a matchmaking system, or even against it being the default. Just give us a tiny menu item “Dedicated Servers” somewhere and keep that one around forever, even when the publisher is long bankrupt because the CEO blew all their profit on sculptures of oddly shaped penises or something.

        • xavier666@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 days ago

          A dedicated server costs money!

          Game company: “Why don’t you give that money to us and we will give you a server?”

        • ampersandrew@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          7 days ago

          They see it as a threat to their business model. Without any other option, you have to be on the latest version, seeing the latest skins, and you’re unable to bypass their store and mod them in yourself. If I can help it, not giving me the option to run the server myself will be a threat to their business model.

      • vodka@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        ·
        6 days ago

        Make a cheater pool and put anyone you detect using cheats in a separate matchmaking system that only matches cheaters with cheaters.

        And never ban anyone, ofc.

    • Passerby6497@lemmy.world
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      1
      ·
      edit-2
      7 days ago

      “Butbutbutbut server side anticheat is haaaaaaard and requires us to actually think about what values are actually valid and understand our own internal game states. Kernel level anticheat lets us be lazy costs us less and requires less development time!”

      • ampersandrew@lemmy.world
        link
        fedilink
        English
        arrow-up
        18
        ·
        7 days ago

        Unless they deviate substantially from how they build games in genres like shooters, server side anti-cheat isn’t going to catch everything that kernel level anti cheat does. However, kernel level anti cheat doesn’t catch hardware cheating anyway, so if cheating is always going to be imperfect, we ought to stop short of the kernel.

        • NuXCOM_90Percent@lemmy.zip
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          1
          ·
          6 days ago

          Was it Delta Force that made everyone lose their shit because it “accidentally” warned people would be banned for usb thumb drives?

          Because… that is coming. No, not the thumbdrive. But scanning your various devices to detect hardware based cheats. Which… is likely also going to be pushed by logitech and razer to get ahead of the crowd that are sick and tired of needing their bullshit software to properly use mice and are looking toward alternatives.

        • Passerby6497@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          6 days ago

          That’s the thing, you’re never going to catch everything. But anything important can be sanity checked by the server when the client checks in, all without opening a vulnerability in your customers’ systems.

          So much kernel level anticheat is about offloading the processing power to the customer, and unreasonable desires for control over the systems involved and overall game environment (and probably a decent amount of data mining).

          • ampersandrew@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            6 days ago

            A lot of cheats send completely legitimate information back to the server, and that’s what they’re seeking to stop with the client side implementation; I don’t think it has anything to do with costs. I haven’t heard of any data mining happening, and surely someone would have caught it with wire shark by now, but there are enough things that we know for sure about kernel level anti cheats to make it offensive.

            • NekuSoul@lemmy.nekusoul.de
              link
              fedilink
              English
              arrow-up
              4
              ·
              6 days ago

              I think the way to go about detecting cheats server-side would be primarily driven by statistics. For example, to counter wallhacks one might track how often a player is already targeting an enemy before they become visible. Or to counter aimbots one could check for humanly impossible amounts of changes in the direction of mouse movement, somewhat similar to how the community found out a bunch of cheaters using slowmo in Trackmania.

              Add in a reputation system that actually requires a good amount of playtime to be put into the highest tier of trust for matchmaking and I think one could have a pretty solid system that wouldn’t have to rely on client-side anticheat at all.

          • NuXCOM_90Percent@lemmy.zip
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            2
            ·
            6 days ago

            That’s the thing, you’re never going to catch everything

            The problem is that the things that aren’t caught? People don’t say “Ugh. Easy Anti-Cheat suck”. they say “Ugh, fucking Battlefield is un fucking playable. BOYCOTT IT!!!”

            There are alternative methods that may be even more effective (I personally think this is a genuinely great use case for “AI” to detect things like tracking players through walls and head snapping). They also have drawbacks (training and inference would get real expensive real fast since it needs to be fairly game specific).

            Whereas kernel level bullshit? It clearly works well enough that the people who have the data (devs and publishers) are willing to pay for it.

            And if it reduces the risk of a particularly bad exploit hurting the reputation of the game and tanking it harder than Concord?

            Which is why “fighting back” is so difficult. We, as players, are asking for the devs/publishers to trust us. But we have also demonstrated, at every fucking step, that we won’t extend even an iota of trust back and will instead watch thousands of hours of video essays on why this game sucks because of a bad beta.

      • LaLuzDelSol@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 days ago

        Look if companies could implement successful anticheat without kernel access they sure as hell would, regardless of cost or effort. There is a TON of money to be made in competitive fps games alone, and they’re pretty much all overrun by hackers

      • rumba@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 days ago

        requires less development time

        Here, step into this 200GB repo with about 50 third party plugins and someone else’s game engine and find all the states that aren’t exactly like they are on the design docs, and do it at scale, across a cluster of servers that all have to interact.

        20 years ago, i’d be right there with you.

        It’s actually hard for a big game to do those things. The people making the cheats are as good as the developers and only need to find one nick it the armor every time.

        FWIW, I’m against kernel-level anticheat, and I didn’t downvote you :)

  • CrazyLikeGollum@lemmy.world
    link
    fedilink
    English
    arrow-up
    71
    ·
    7 days ago

    I think it should also be noted that the games industry is not audited for security to the same degree as a lot of other industries. So vulnerabilities may not be found until years after launch and then go unpatched indefinitely because the company has already moved on to the next thing.

    Hell, one of the older CoD games had an RCE vulnerability that as far as I’m aware is still not patched.

    Plus, major publishers like EA are now pushing to create their own kernel-level anticheat in-house. Why should anyone trust them to create a secure piece of software that runs with the highest permissions possible when they can’t even be trusted to create stable, functional games?

    • simple@lemm.ee
      link
      fedilink
      English
      arrow-up
      27
      ·
      6 days ago

      Someone discovered Dark Souls games had a RCE but they never responded to the person that kept emailing them about it for months. The security guy then started invading streamers and crashing the game while doing fun stuff like showing text on the screen. Only then did Fromsoft take down the servers and patch things up - which took a few months.

      Yes, game companies really don’t take security seriously.

      • reksas@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        6
        ·
        6 days ago

        oh, so that was what it was about. they sure were really quiet about not caring about it in the first place.

    • boonhet@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      26
      arrow-down
      1
      ·
      6 days ago

      This doesn’t work. It will never work. You can’t shame conscious consumers into voting with their wallets while the other 99% keeps buying the bad practices.

      Thing is, if nobody on Lemmy, and literally nobody in general who cares about anticheat, buys GTA 6, you know what effect that would have on the company’s bottom line? None, they’ll make record profits.

      • Maalus@lemmy.world
        link
        fedilink
        English
        arrow-up
        18
        ·
        6 days ago

        So now you try to convince the 99% of players that are buying the bad practices, that a magic (to them) program that prevents cheaters is bad (since “has too much access” doesn’t really explain anything). They don’t care and won’t care.

        • boonhet@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          2
          ·
          6 days ago

          Exactly.

          It’s like promoting Linux to people: Why would I care that my operating system is open source? Or free for that matter if I pirate it anyway?

          Some people never will care.

    • TrickDacy@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      6 days ago

      Right, well they are trying to start a campaign to popularize the comment you just made. Or at least that’s my understanding

    • FeelzGoodMan420@eviltoast.org
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      3
      ·
      edit-2
      6 days ago

      Absolute dogshit strategy. 99% of people will always buy the game so you not buying won’t matter in the slightest. Unfortunate but true.

      • BombOmOm@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        5 days ago

        Why would they listen to your personal complaint if you, singular, are going to buy it anyway? Your voice only matters to a company if it means you won’t buy their product otherwise. Don’t buy the game, then tell them why you didn’t.

        • FeelzGoodMan420@eviltoast.org
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          5 days ago

          You’re not listening to what I said. I said that most people will buy the game and there is not a damn thing you can do about it. Most people are fucking idiots. You can morally decide not to support it by not buying the game, and that’s perfectly reasonable. But it won’t do fucking shit because all the idiots will still buy the game. That’s just how the world works because most people don’t give a fuck. Unless you can personally convince millions of people to change their behavior and agree with you, you not buying the game doesn’t matter.

          • bitwolf@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            5 days ago

            There is a network effect to popular games.
            However as more people stop buying the network effect gets weaker.

            Its happening visibly with the new Call of Duty. Many i know bought it and then stopped playing shortly after because much of their friends are waiting for sales now or just find the game bad.

            Those people will be thinking twice before buying next year.

            • BombOmOm@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              5 days ago

              Exactly, every time I say ‘I’m thinking of putting up a Factorio server, you want in?’, they are significantly less likely to be playing (or paying for) the newest game that has kernel-level access. Why, because we are playing Factorio for the next few weeks together and Factorio is fun.

              Factorio isn’t the only game we play, but the point is to reinforce yours. If you are playing fun game x, your friends are more likely to play x instead of something else. Even if they have no care about Kernel-Level access, the fact you do affects their buying (and playing) patterns.

    • intensely_human@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 days ago

      Money mumbles. Don’t buy the game, and also actively notify the company of your decision and why. Twitter, feedback form, steam review, whatever channel lets you get that message across.

  • Maestro@fedia.io
    link
    fedilink
    arrow-up
    30
    arrow-down
    1
    ·
    6 days ago

    There us no need. CrowdStrike was such a disaster for Microsoft that they are already on the path to locking down the kernel. Noboby but MS will have kernel access eventually. Give it a few years (and 1-2 Windows versions)

  • Inucune@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    6 days ago

    This will take a rogue agent to send malware or otherwise brick all machines by kernel injection. The crowd strike event poked a hole in the dam. This needs a full exploit to get major traction beyond game studios moving to the next kernel level drm/exploit engine.

  • uis@lemm.ee
    link
    fedilink
    English
    arrow-up
    23
    ·
    6 days ago

    Now that Stop Killing Games is actually being taken seriously

    600k signatures to go. Link for EU citizens.

  • atrielienz@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    1
    ·
    6 days ago

    It’s been time. Game companies have no right to access that level of any system I paid for. If they want to use kernal level anti-cheat on their consoles, that’s on them. But my computer? Absolutely not. They don’t have a right to that, when I bought the computer I didn’t agree to that in a EULA or TOS, and they do not make it apparent that their games carry this level of anti-cheat at sale.

    • NuXCOM_90Percent@lemmy.zip
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      2
      ·
      edit-2
      6 days ago

      You agree to that in the EULA/TOS of the game you want to play (and how legally binding that is is anyone’s guess). You just never read it (because nobody does).

      The reality is that it is just another layer of risk. You are or are not choosing to install software on your personal computer that may or may not increase your risk level. It is no different than going to that website that makes your GPU spin up real hard or grabbing something from itch that is actually malware and so forth. Its why people increasingly suggest having a dedicated device for taxes and anything else private.

      Personally? I understand the benefits to kernel level anti-cheat and, while we have no data as consumers, it is clearly effective considering the state of games today versus games in the 00s and publishers are willing to allocate funds for it. I still firmly believe that there are better methods that involve analysis of player behavior but I also understand the compute costs of that will be insane.

      But also? I don’t want that shit on my computer (not that it would work because… Linux). So I choose not to play the games that require it. It means I miss out on some games but the good news is that there are way more games out there than I can ever play.


      All that said: I increasingly think the end state is going to be competitive multiplayer games being console exclusive due to a mix of exclusivity rights and having a walled garden ecosystem that actually CAN be controlled.

      • atrielienz@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        6 days ago

        We literally have a cloudstrike report giving direct examples of how bad it is potentially as a vector for malware. Additionally it doesn’t solve the problem it aims to solve, as reported by several outlets because it doesn’t stop hardware level cheating, just potentially stops scripts. So you could absolutely enable cheats through a device like a keyboard and mouse or controller and the Anti-cheat does nothing.

        Additionally though, I am not buying products with kernel level Anti-cheat and that is intentional, so I am not agreeing to the TOS or EULA of those games. If you add to this the fact that some games retroactively added kernel level anti-cheat, it’s bogus to assume that people are in the know or that they agreed to such things in the original TOS or EULA. Steam only recently made developers list kernel level anti-cheat on store pages for their game.

        Also, kernel level anti-cheat in single player games is just ridiculous and invasive.

        • NuXCOM_90Percent@lemmy.zip
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          6 days ago

          There are a few layers to that

          First: The crowdstrike issue had little to nothing to do with any kernel level hooks. The issue was one of software engineering and deployment. It could just as easily have… taken out an entire country by triggering false positives that prevent systems from connecting to the network.

          Second: You’ll ALSO note that even after… taking out an entire country businesses still use crowdstrike. Because it is that damned good at its job.

          Third: Yes, Current anti-cheat solutions are less than effective at hardware based hacks. It is lamost like there is a reason that the Delta Force (?) game made a big deal about banning people for thumb drives. That kind of scanning and testing is coming.

          Fourth: Crowdstrike is not something you install on your personal device (unless your job’s IT department are idiots). It is something you install on company owned devices.

          Additionally though, I am not buying products with kernel level Anti-cheat and that is intentional, so I am not agreeing to the TOS or EULA of those games.

          Cool. I am also not. So no “rights” are being violated.

          • atrielienz@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            6 days ago

            AMD had a graphics driver blocked because kernel level Anti-cheat flagged it as a cheat program. Genshin Impact’s anti-cheat was literally used to stop anti-virus programs running on people’s computers and mass deploy ransomware, and the gaming industry as a whole is extremely lax about the security of their users. Several companies anti-cheat have been flagged by anti-virus software as malicious.

            There are layers to the kernel level anti-cheat business too and people still do buy games with kernel level anti-cheat. The fact that that kind of scanning is coming isn’t acceptable which is the point. I choose not to spend my money at companies that enable this kind of crap in their games. That’s not enough. It should be facing opposition from every quarter specifically because it is not only invasive, but also only raises the barrier to entry at the detriment to user’s security, and which is likely to cause the same boom that things like the campaign against piracy did in the 80’s/90’s. People didn’t know they could cheat so easily and now they do. Congratulations this has done the opposite of what is intended.

            https://www.pcgamer.com/ransomware-abuses-genshin-impacts-kernel-mode-anti-cheat-to-bypass-antivirus-protection/

            https://www.xda-developers.com/kernel-level-anti-cheat-tech-disaster/

            • NuXCOM_90Percent@lemmy.zip
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              edit-2
              6 days ago

              Anti-viruses flag a lot of things. It is called a False Positive (or sometimes a “Someone didn’t pay us for an exception” Positive but…). It has nothing to do with something hooking into a kernel or just being a program you run in userspace.

              Genshin Impact’s anti-cheat was literally used to stop anti-virus programs running on people’s computers and mass deploy ransomware,

              I assume you are referring to https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html

              Which… I’ll just raise you https://www.polygon.com/22898895/dark-souls-pvp-exploit-multiplayer-servers-remote-code-execution which allows for ridiculously dangerous RCEs without needing any kernel level hooks at all. So…

              and the gaming industry as a whole is extremely lax about the security of their users.

              THAT I do not disagree with in the slightest. Which is why I am glad that most studios outsource anti-cheat because they are not at all qualified to handle it themselves.

              . I choose not to spend my money at companies that enable this kind of crap in their games.

              I mean this in the most inflammatory and blunt way imaginable:

              Nobody gives a shit about you. Nobody gives a shit about me either.

              We are two people. We don’t fucking matter. What matters is the people who play every single Riot game ever made for thousands of hours each. THEY spend money.

              Like I said before: it is about accepting risk. Knowingly or unknowingly, it doesn’t matter any more than telling your parents that you must have gotten a virus from that pokemon cheat code rather than the hardcore pornography that came in exe form for some reason.

              You don’t want to compromise your security more than you already do. Cool. Most people playing these games are fine with that if it reduces the odds that they have their free time ruined for them by aimbots and wallhacks. And… clearly there is merit to this approach if studios are willing to pay for it.

              Because, at the end of the day? We’ve been through this. Back then it was DRM. DRM was bad and DRM was horrible and EVERYONE had a super obscure russian (?) cd rom drive that Starforce would brick. And the same arguments of “ideologically this is bad and it could ruin things for a very small percentage of people” came up. And the answer was always “I refuse to buy anything”

              And… everyone else DID buy things. The genuinely bad shit like starforce went away in favor of activation model DRMs (which continues to this day) but also… alternatives were actually presented. Steam is basically a variation of GOO (which is also basically what GoG does) but Steam has the added benefit of people being scared shitless of getting caught by Uncle Gabe and having their account taken away.

              And that is what we need here. Not asinine requests for politicians who understand nothing to solve this for us. We need actual alternatives that work better AND are less invasive.


              As an aside: I increasingly notice that you say very inflammatory things based on a misunderstanding or misconception of the thing you are criticizing. That is a bad habit in general but it is a REALLY bad thing when it comes to cybersecurity (which this basically is). Because it gives you a false sense of security when you think you are following best practices but are actually spewing nonsense and ignoring all your other risk vectors.

              • atrielienz@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                edit-2
                6 days ago

                What is your argument here? Is it that Anti-cheat is good? Is it that Anti-cheat is necessary? Is it that it’s bad but you feel my information is incorrect? Because you’re all over the place. “I’ll raise you” is you literally saying, malware can be spread without anti-cheat at kernel level so anti-cheat at kernel level is okay? And it’s not relevant to the conversation because it’s not about whether or not some threat actor can use other means to compromise a system or several thousand of them.

                Like. Even if you feel you needed to add context you actually seem to be intentionally using inflammatory language in order to in some way try to discredit not my reasoning but my stance that Anti-cheat is invasive and should in fact see opposition.

                My argument is that refusing to buy isn’t going to fix the problem and I thought that was obvious from what I said, but apparently not. So, the question originally was "is it time to take a stand (not as individuals, but as a group) against kernel level anti-cheat. And my answer is that it’s been time and bad things keep happening and have the potential to keep happening because of it, and no it doesn’t matter if it’s only a handful of users, especially if those users are rocking $3K worth of parts in a gaming rig.

                You’re suggesting that a security issue that is wholly ignored by both the public and the government as well as the industry that should be regulated is going to be fixed not by regulating it with laws and that’s extremely confusing give. The fact that we know it’s not how this works and “Uncle Gabe” has already implemented a solution and that solution is to make it apparent that games have kernel level anti-cheat so some of us are more informed. Because some random corp is going to do a better job than the government at regulating the industry.

                I’m not sure why you think that’s what’s going to happen or even how you might believe it’s any less of a pipe dream than these companies (Microsoft included) doing the right thing and safeguarding the data they are allowing access to. Anti-cheat at kernel level is running all the time regardless of whether you’re playing the game that has it or not. It’s not just one singular program. It’s all different ones because there’s not any regulation in this space to speak of. And companies don’t want there to be. Valve is not strong enough in this space to make this go away by themselves.

                People say crazy things about how powerful Valve has become in the PC gaming space. But while they have consumers generally on their side, Microsoft is older and has been in the space longer, and is definitely more powerful (money, connections, longevity of the business etc), and they have no real intentions of doing away with kernel level access for anti-cheat despite what few articles there were suggesting otherwise just after the crowdstrike fiasco.

                You’re right that corps don’t care about individuals. But they care about the masses because we’re the ones they exploit for money. That’s literally why any type of organized opposition from millions of people is successful at making any changes at all. So again, what point are you making here?

                Is your intent to educate? Is it to say that I’m wrong for saying we should organize against Anti-cheat at kernel level? Is it that you think you have a better idea of how this works, and what changes should be implemented? Are you for keeping Anti-cheat because you feel it serves a purpose?

                • NuXCOM_90Percent@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  5 days ago

                  The point is that you are constantly spewing largely unrelated nonsense that mostly just demonstrates a lack of understanding of what you are arguing against. But you are Righteous so anyone who points this out is clearly a bad person so let’s whip out the ad hominem.

                  Because I see you working toward the same conclusions I increasingly see people make: You don’t know what should be done and you don’t care what it does to the game industry. You just want politicians to make laws to make the things you don’t like go away.

                  And… I really don’t understand how ANYONE can be privileged enough to think that is a good idea. Especially when the people who DO feel strongly enough to maybe educate themselves on a topic refuse to. But hey, 50-60 year old politicians who just want a handy from the nearest lobbyist are sure to act in good faith and make a great solution, right?


                  Again, this is the DRM wars. We lost. Used games are not a thing in the PC space and are rapidly fading in the console space. But what we did get was a removal of the genuinely bad DRM models (Starforce) and the more egregious activation models (formerly Securom, now Denuvo) are increasingly restricted to A-AAA releases. And that didn’t happen because people got angry on a message board and thought about asking jack thompson to draft a bill for them.

                  It happened because there was actual discussion between devs and consumers. I don’t like that EVERYTHING activates to an account with Valve (even if I like valve) but it is a really good middle ground that provides utility to all sides.

                  Rather than people throwing up complete nonsense that has nothing to do with the technology they claim to be against while also coming right off a studio being sent to the shadow realm harder than a themed deck user because of… a bad beta and character designs that weren’t sexy enough.

    • Atomic@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      7
      ·
      6 days ago

      No one is forcing you to install their game.

      It’s so easy to look up what kind of anti cheat games use.

      You can’t eat the cake and have it too.

      They don’t have a right to install anything without your consent. However. You pressed the “Install” button. And you boxed in “I understand” and clicked “I agree”.

      • atrielienz@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        5
        ·
        edit-2
        6 days ago

        That doesn’t really track here. My reasoning is simple. They are requiring access to something they didn’t initially make public or allow an informed decision on, and they did that on purpose. While I don’t currently own or buy games that have kernel level anti-cheat, that doesn’t make the obfuscation any better.

        I actually have not pressed the install button, nor have I pressed the purchase button. However, I also want you to look up the phrase “eat cake and have it to” and figure out what you mean. I’m buying the cake. I’m buying the fork to eat the cake. Neither the cake company nor the fork company should be able to tell me what to do with the product from the other company. You don’t have to agree with my stance, but understand that this is the argument that I am making.

        • Atomic@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          3
          ·
          6 days ago

          People need to take responsibility of their own machines.

          While they might not hold out a sign that says “KERNEL LEVEL ANTI CHEAT”. There is information available to make an informed decision.

          Your cake and fork argument makes no sense at all. The game company isn’t telling you what you can and can’t do with your hardware. But they are telling you what you will be installing. It’s there if you know where to look. And if you don’t know where to look. You have the combined knowledge of the world at your fingertips for guidance.

          I don’t know what you do. But when I buy a cake. I look at the ingredients to see what and how much it contains of various things. If I don’t like what I see, I won’t be buying it. Because I certainly won’t be eating it.

          And I’m also not going to buy a plastic fork to eat it with. See how I made that decision. The cake company didn’t make me buy a certain fork, and the fork company didn’t make me buy a certain cake. I decide.

          It’s ultimately your responsibility to understand what you are installing. Information is available.

          • atrielienz@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            6 days ago

            You did not read what I wrote in my response and it shows. I have taken responsibility for my machine. I don’t buy games with kernal level anti-cheat. I specifically view them as an attack vector for malware. They started the cake vs fork argument and my response was directly related to them using such a poor expression for the context of the conversation we were having and therefore it took that to its logical conclusion based on the argument they made.

            Since you didn’t read and decided to downvote I am choosing to not discuss this with you further, having vetted the ingredients of your cake. Have a good day.

            • Atomic@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              6 days ago

              I read your comment. I didn’t downvote.

              I’m using the “you” in the colloquial sense, i see that wasn’t apparent to you. (You as in you the singular individual)

              I understand you are against kernel level anti cheat. That’s ok. That’s an opinion. But your argument that it’s some kind of secret which games have it or not, is not a matter of opinion. It’s verifiable. And It’s just not true. It’s not a secret. You can easily find out if you want to.

              You can make the argument that platforms should make publishers divulge that information on the games page. And I say sure, why not.

              But it always will be your responsibility to make sure you know what you’re installing.

              Unfortunately. It is an armsrace against cheaters. And 1 single cheater can easily ruin the entire experience for hundreds of players. I understand why games might want it. I hope they can find more clever ways of detecting cheats without it.

              As a final word. Lemmy is a big place. It’s utterly ridiculous of you to assume I’m the one who downvoted.

  • ayyy@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    3
    ·
    6 days ago

    Arguing that buying something means you own it is much more digestible for the general public. Arguing that the video game codes run slightly different on your machine than you would like is esoteric and a non-starter. This is not a matter for the government, just don’t buy shitty games. Literally no game is required to be bought.

    • uis@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 days ago

      This is not a matter for the government, just don’t buy shitty games.

      This IS a matter for the goverment. “just don’t buy shitty X” is “just use magic” argument.

  • Brewchin@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    6 days ago

    competitive multiplayer

    I feel it should be added that this is one use of anti-cheat, but it also gets used on noncompetitive single player games, too.

    Usually if a game has micro-transactions, but also to “protect our IP” as has been seen with a number of older non-MTX single player games recently being retrofitted with it.

    • boonhet@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 days ago

      Yeah I don’t even want to talk about that at this point…

      Anyone who wants “their IP” can find a way to do it regardless of any kernel level anticheat anyway.

    • lorty@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 days ago

      Guess I’m OOL. What non-competitive games have kernel anti-cheat?

  • Whitebrow@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    2
    ·
    7 days ago

    With you on this, regardless of the method used, no app has any business running or snooping outside of the container that it was set up in. And this doesn’t just apply to desktop operating systems, mobile and entertainment consoles too.

    I’d even take it a step further, that nonsense shouldn’t be on my machine in the first place.

    Want to run anticheat stuff? Run it on your own crappy servers at your own cost and processing power. Live detect it through packets that are sent to you and are being processed, be it voice or input.

    Whatever happens on my machine is none of your business.

  • christhebaker@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    1
    ·
    7 days ago

    Good post thank you.

    Totally agree. Went all-in on Linux earlier this year and it was all working pretty good but there is really no solution when all your buddies are playing fortnite.

    The multiple “game streaming” services our there wasn’t really cutting it either. I recall reading that Microsoft was going to be more strict with allowing kernel level anticheat but I don’t remember exactly where in saw that and I’m too lazy to Google. I hope with all the new PC handhelds coming out (steam deck, etc), that major companies start pushing for this or figuring out a workaround.

    • ampersandrew@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      7 days ago

      In the wake of Crowdstrike, Microsoft was going to allow for additional avenues for hooks into the OS that don’t reach as deep into the kernel level, but they never said they were removing the hooks that Crowdstrike or anti-cheat use, as far as I can tell. One solution for PC handhelds is to run whatever modified version of Windows that Microsoft is cooking up, so that you get the console-like interface without compromising on the anti-cheat compatibility. The solution Valve is seemingly hoping for is that, by disclosing kernel-level anti-cheat on the store page, such a solution becomes poison in the marketplace and developers choose a different one.

      • fuzzzerd@programming.dev
        link
        fedilink
        English
        arrow-up
        7
        ·
        6 days ago

        Steam is a good platform, but if this strategy works and it kills off kernel level anticheat and gets more Linux support, those would be next level contributions to gaming.

      • Domi@lemmy.secnd.me
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        6 days ago

        The solution Valve is seemingly hoping for is that, by disclosing kernel-level anti-cheat on the store page, such a solution becomes poison in the marketplace and developers choose a different one.

        Honestly, I wish they were more aggressive with it. Make the warning banners about kernel-level anti-cheat bright red and put it right above the purchase button like the “needs VR headset” warning.

    • cRazi_man@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      7 days ago

      I’m the same with committing to Linux completely.

      Previously, my Apex Legends account with hundreds of hours and unlocks got banned for no reason, but I made a new account and played on. Then they banned Linux and I’ve never looked back.

      Now I’m looking forward to not being able to play 2XKO as well.

    • Valmond@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 days ago

      I’m not a target for these hacks (I mostly play like commandos 1.5, Red alert and Diablo II) but I have my main PC on Linux and then a sort of franken-PC on windows where I don’t share sensitive data, or anything meaningful except game-related data I guess.

      Works for me.

  • ipkpjersi@lemmy.ml
    link
    fedilink
    English
    arrow-up
    5
    ·
    5 days ago

    On areweanticheatyet.com it seems like the percentage of denied/broken keeps getting higher and higher :(

    I guess it makes sense, new games come out with anticheat, and rarely do new games come out without anticheat.

  • CeeBee_Eh@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 days ago

    While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot)

    That’s not trivial at all. Don’t let anyone let you think otherwise.