197
Is it time to start a campaign against kernel-level anticheat? (lemm.ee)
submitted 7 months ago by boonhet@lemm.ee to c/games@lemmy.world
104 comments fedilink hide all child comments

Now that Stop Killing Games is actually being taken seriously - maybe we need to take a look at Stop Fucking Around In Our Kernels

I haven't really been personally affected by it before - I don't play any competitive multiplayer games at all. But my wife had her brother over, and he's significantly younger than us. So he wanted to play FortNite and GTA V, knowing I have a gaming PC. FortNite is immediately out of the question, it'll never work on my computer. Okay, so I got GTA V running and it was fun for a while, but it turns out all of those really cool cars only exist in Online. But oh look, now they've added BattlEye and I can no longer get online.

While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot), it's really not. Even if I wanted to install Windows ever again, I do NOT want random 3rd party kernel modules in there. Anyone remember the whole CrowdStrike fiasco? I do NOT want to wake up to my computer not booting up because some idiot decided to push a shitty update to their kernel module that makes the kernel itself shit the bed. And while Microsoft fucks up plenty, at least they're a corporation with a reputation to uphold, and I believe they even have a QA team or 2. CrowdStrike was unheard of outside of the corporate world before the ordeal and tbh nobody has ever heard of it afterwards again.

So I think this would be a good angle to push. That we should be careful about what code runs in our OS kernels, for security and stability reasons. Obviously it'd be impossible to just blanket ban 3rd party kernel modules to any OS. However, maybe here in the EU at least we could get them to consider a rule that any software that includes a component running in the OS kernel, MUST justify how that part is necessary for the software to function in the best possible way for the user of the computer the software is running on. E.g I expect a hardware driver to have a kernel module, and I can see how security software needs to have a kernel module, but I do NOT see how a video game needs to have an anti cheat with a kernel module. How does that benefit me, the customer paying to be able to play said video game?

top 50 comments
sorted by: hot top controversial new old
[-] GhiLA@sh.itjust.works 62 points 7 months ago* (last edited 7 months ago)

I usually solve this issue by... just playing something else.

It sounds hard, but I assure you, nothing is impossible.

load more comments (9 replies)
[-] boonhet@lemm.ee 34 points 7 months ago

It should be said that I'm not against games detecting cheaters and banning them from online play. It's very specifically kernel-level anticheats that I can't stand on principle.

[-] ampersandrew@lemmy.world 23 points 7 months ago

I'm against them being able to ban you from playing online in its entirety, which is something they can do because most online games don't let you run the servers yourself anymore. Sure, if someone cheats on official servers, ban them from the official servers. They should still be able to play, cheating or not, on the server they run themselves, but that's not an option we even have most of the time.

[-] tiz@lemmy.ml 22 points 7 months ago* (last edited 7 months ago)

This one is such an overlooked part of this whole dilemma. The problem is NOT THAT the official servers not allowing clients without kernel level anti cheat. It’s just we don’t have an option to host our own servers anymore and we’re confined to following the rules.

load more comments (9 replies)
[-] boonhet@lemm.ee 5 points 7 months ago

Yes, that's part of the StopKillingGames agenda as well. Allow us to control our own servers! For fuck's sake, it's CHEAPER for them, because WE'RE paying for hosting. A dedicated server costs money! And it keeps people buying into the ecosystem after the initial sales high because you form communities and then tell people IRL how awesome the game is. Assuming you have time for real life friends of course.

I'm not against the existence of a matchmaking system, or even against it being the default. Just give us a tiny menu item "Dedicated Servers" somewhere and keep that one around forever, even when the publisher is long bankrupt because the CEO blew all their profit on sculptures of oddly shaped penises or something.

[-] ampersandrew@lemmy.world 3 points 7 months ago

They see it as a threat to their business model. Without any other option, you have to be on the latest version, seeing the latest skins, and you're unable to bypass their store and mod them in yourself. If I can help it, not giving me the option to run the server myself will be a threat to their business model.

load more comments (1 replies)
load more comments (1 replies)
[-] Passerby6497@lemmy.world 9 points 7 months ago* (last edited 7 months ago)

"Butbutbutbut server side anticheat is haaaaaaard and requires us to actually think about what values are actually valid and understand our own internal game states. Kernel level anticheat ~~lets us be lazy~~ costs us less and requires less development time!"

[-] ampersandrew@lemmy.world 7 points 7 months ago

Unless they deviate substantially from how they build games in genres like shooters, server side anti-cheat isn't going to catch everything that kernel level anti cheat does. However, kernel level anti cheat doesn't catch hardware cheating anyway, so if cheating is always going to be imperfect, we ought to stop short of the kernel.

[-] NuXCOM_90Percent@lemmy.zip 4 points 7 months ago

Was it Delta Force that made everyone lose their shit because it "accidentally" warned people would be banned for usb thumb drives?

Because... that is coming. No, not the thumbdrive. But scanning your various devices to detect hardware based cheats. Which... is likely also going to be pushed by logitech and razer to get ahead of the crowd that are sick and tired of needing their bullshit software to properly use mice and are looking toward alternatives.

load more comments (4 replies)
load more comments (1 replies)
load more comments (1 replies)
[-] Maestro@fedia.io 30 points 7 months ago

There us no need. CrowdStrike was such a disaster for Microsoft that they are already on the path to locking down the kernel. Noboby but MS will have kernel access eventually. Give it a few years (and 1-2 Windows versions)

[-] Andromxda@lemmy.dbzer0.com 23 points 7 months ago

Apple has already done the same with macOS 10.15 Catalina in 2019. No more kernel extensions = much better kernel-level security

This will become the industry standard

[-] Inucune@lemmy.world 24 points 7 months ago

This will take a rogue agent to send malware or otherwise brick all machines by kernel injection. The crowd strike event poked a hole in the dam. This needs a full exploit to get major traction beyond game studios moving to the next kernel level drm/exploit engine.

[-] uis@lemm.ee 20 points 7 months ago

Now that Stop Killing Games is actually being taken seriously

600k signatures to go. Link for EU citizens.

[-] CrazyLikeGollum@lemmy.world 15 points 7 months ago

I think it should also be noted that the games industry is not audited for security to the same degree as a lot of other industries. So vulnerabilities may not be found until years after launch and then go unpatched indefinitely because the company has already moved on to the next thing.

Hell, one of the older CoD games had an RCE vulnerability that as far as I'm aware is still not patched.

Plus, major publishers like EA are now pushing to create their own kernel-level anticheat in-house. Why should anyone trust them to create a secure piece of software that runs with the highest permissions possible when they can't even be trusted to create stable, functional games?

[-] simple@lemm.ee 11 points 7 months ago

Someone discovered Dark Souls games had a RCE but they never responded to the person that kept emailing them about it for months. The security guy then started invading streamers and crashing the game while doing fun stuff like showing text on the screen. Only then did Fromsoft take down the servers and patch things up - which took a few months.

Yes, game companies really don't take security seriously.

[-] reksas@sopuli.xyz 4 points 7 months ago

oh, so that was what it was about. they sure were really quiet about not caring about it in the first place.

[-] PushButton@lemmy.world 13 points 7 months ago

Money talks.

Don't buy the game.

[-] boonhet@lemm.ee 16 points 7 months ago

This doesn't work. It will never work. You can't shame conscious consumers into voting with their wallets while the other 99% keeps buying the bad practices.

Thing is, if nobody on Lemmy, and literally nobody in general who cares about anticheat, buys GTA 6, you know what effect that would have on the company's bottom line? None, they'll make record profits.

[-] Maalus@lemmy.world 11 points 7 months ago

So now you try to convince the 99% of players that are buying the bad practices, that a magic (to them) program that prevents cheaters is bad (since "has too much access" doesn't really explain anything). They don't care and won't care.

[-] InFerNo@lemmy.ml 6 points 7 months ago

They applaud it even.

load more comments (1 replies)
[-] boonhet@lemm.ee 4 points 7 months ago

Exactly.

It's like promoting Linux to people: Why would I care that my operating system is open source? Or free for that matter if I pirate it anyway?

Some people never will care.

[-] FeelzGoodMan420@eviltoast.org 6 points 7 months ago* (last edited 7 months ago)

Absolute dogshit strategy. 99% of people will always buy the game so you not buying won't matter in the slightest. Unfortunate but true.

load more comments (4 replies)
[-] intensely_human@lemm.ee 3 points 7 months ago

Money mumbles. Don’t buy the game, and also actively notify the company of your decision and why. Twitter, feedback form, steam review, whatever channel lets you get that message across.

load more comments (2 replies)
[-] ayyy@sh.itjust.works 10 points 7 months ago

Arguing that buying something means you own it is much more digestible for the general public. Arguing that the video game codes run slightly different on your machine than you would like is esoteric and a non-starter. This is not a matter for the government, just don’t buy shitty games. Literally no game is required to be bought.

[-] uis@lemm.ee 5 points 7 months ago

This is not a matter for the government, just don’t buy shitty games.

This IS a matter for the goverment. "just don’t buy shitty X" is "just use magic" argument.

[-] ILikeBoobies@lemmy.ca 8 points 7 months ago

The point is not enough people understand it to gain any momentum

[-] atrielienz@lemmy.world 7 points 7 months ago

It's been time. Game companies have no right to access that level of any system I paid for. If they want to use kernal level anti-cheat on their consoles, that's on them. But my computer? Absolutely not. They don't have a right to that, when I bought the computer I didn't agree to that in a EULA or TOS, and they do not make it apparent that their games carry this level of anti-cheat at sale.

[-] NuXCOM_90Percent@lemmy.zip 3 points 7 months ago* (last edited 7 months ago)

You agree to that in the EULA/TOS of the game you want to play (and how legally binding that is is anyone's guess). You just never read it (because nobody does).

The reality is that it is just another layer of risk. You are or are not choosing to install software on your personal computer that may or may not increase your risk level. It is no different than going to that website that makes your GPU spin up real hard or grabbing something from itch that is actually malware and so forth. Its why people increasingly suggest having a dedicated device for taxes and anything else private.

Personally? I understand the benefits to kernel level anti-cheat and, while we have no data as consumers, it is clearly effective considering the state of games today versus games in the 00s and publishers are willing to allocate funds for it. I still firmly believe that there are better methods that involve analysis of player behavior but I also understand the compute costs of that will be insane.

But also? I don't want that shit on my computer (not that it would work because... Linux). So I choose not to play the games that require it. It means I miss out on some games but the good news is that there are way more games out there than I can ever play.

All that said: I increasingly think the end state is going to be competitive multiplayer games being console exclusive due to a mix of exclusivity rights and having a walled garden ecosystem that actually CAN be controlled.

[-] atrielienz@lemmy.world 3 points 7 months ago

We literally have a cloudstrike report giving direct examples of how bad it is potentially as a vector for malware. Additionally it doesn't solve the problem it aims to solve, as reported by several outlets because it doesn't stop hardware level cheating, just potentially stops scripts. So you could absolutely enable cheats through a device like a keyboard and mouse or controller and the Anti-cheat does nothing.

Additionally though, I am not buying products with kernel level Anti-cheat and that is intentional, so I am not agreeing to the TOS or EULA of those games. If you add to this the fact that some games retroactively added kernel level anti-cheat, it's bogus to assume that people are in the know or that they agreed to such things in the original TOS or EULA. Steam only recently made developers list kernel level anti-cheat on store pages for their game.

Also, kernel level anti-cheat in single player games is just ridiculous and invasive.

load more comments (6 replies)
load more comments (3 replies)
[-] noba_cmdr@reddthat.com 7 points 7 months ago

On the contrary, I think kernel level anticheat should be illegal

[-] ipkpjersi@lemmy.ml 6 points 7 months ago

On areweanticheatyet.com it seems like the percentage of denied/broken keeps getting higher and higher :(

I guess it makes sense, new games come out with anticheat, and rarely do new games come out without anticheat.

[-] CeeBee_Eh@lemmy.world 4 points 7 months ago

While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot)

That's not trivial at all. Don't let anyone let you think otherwise.

[-] Brewchin@lemmy.world 4 points 7 months ago

competitive multiplayer

I feel it should be added that this is one use of anti-cheat, but it also gets used on noncompetitive single player games, too.

Usually if a game has micro-transactions, but also to "protect our IP" as has been seen with a number of older non-MTX single player games recently being retrofitted with it.

load more comments (2 replies)
load more comments
view more: next ›
this post was submitted on 15 Dec 2024
197 points (98.0% liked)

Games

40429 readers
713 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Rules

1. Submissions have to be related to games

Video games, tabletop, or otherwise. Posts not related to games will be deleted.

This community is focused on games, of all kinds. Any news item or discussion should be related to gaming in some way.

2. No bigotry or harassment, be civil

No bigotry, hardline stance. Try not to get too heated when entering into a discussion or debate.

We are here to talk and discuss about one of our passions, not fight or be exposed to hate. Posts or responses that are hateful will be deleted to keep the atmosphere good. If repeatedly violated, not only will the comment be deleted but a ban will be handed out as well. We judge each case individually.

3. No excessive self-promotion

Try to keep it to 10% self-promotion / 90% other stuff in your post history.

This is to prevent people from posting for the sole purpose of promoting their own website or social media account.

4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

This community is mostly for discussion and news. Remember to search for the thing you're submitting before posting to see if it's already been posted.

We want to keep the quality of posts high. Therefore, memes, funny videos, low-effort posts and reposts are not allowed. We prohibit giveaways because we cannot be sure that the person holding the giveaway will actually do what they promise.

5. Mark Spoilers and NSFW

Make sure to mark your stuff or it may be removed.

No one wants to be spoiled. Therefore, always mark spoilers. Similarly mark NSFW, in case anyone is browsing in a public space or at work.

6. No linking to piracy

Don't share it here, there are other places to find it. Discussion of piracy is fine.

We don't want us moderators or the admins of lemmy.world to get in trouble for linking to piracy. Therefore, any link to piracy will be removed. Discussion of it is of course allowed.

Authorized Regular Threads

Related communities

PM a mod to add your own

Video games

Generic

Help and suggestions

By platform

By type

By games

Language specific

founded 2 years ago
MODERATORS
Dremor@lemmy.world
JonsJava@lemmy.world
fxomt@lemmy.dbzer0.com
Dremor@jlai.lu
modfxomt@lemmy.world