From both a technical perspective and if the maintainers of these anti-cheat will consider porting or re-writing kernel level anti-cheat to work on linux, is it possible? Do you think that the maintainers of kernel level anti-cheat will be adamant in not doing it, or that the kernel even supports it or will support it. I think that if it ever happens, there will be a influx of people moving to linux, or abandoning their duelboots, and that alot of people will hate that such a thing is available on linux.

  • Ulu-Mulu-no-die@lemmy.zip
    link
    fedilink
    English
    arrow-up
    109
    arrow-down
    2
    ·
    7 days ago

    I surely hope they never will, no user program should ever be allowed to run at kernel level, that’s what malware does.

    I personally avoid those kind of games, but those who won’t can dual-boot.

    • NotProLemmy@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      5 days ago

      Or…just don’t play those games.

      99% of their communities are more toxic than radioactive waste. And, they are not open source and they don’t respect privacy. Because they are greedy.

      • theshatterstone54@feddit.uk
        link
        fedilink
        arrow-up
        2
        ·
        5 days ago

        All true. And yet, plenty of people do want to play those games. And there are other games (Borked) which also cannot be played no matter what. Really annoying, that.

        • NotProLemmy@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          5 days ago

          Yeah, some people are just stubborn. By some i mean most. You gotta adapt, what do you think evolution’s trying to tell you?

  • phantomwise@lemmy.ml
    link
    fedilink
    English
    arrow-up
    52
    ·
    6 days ago

    I can’t wait until I am able to give random programs kernel access on my system! That doesn’t sound problematic in the least! After all, I have the fullest confidence that for companies developing anticheat, my security is their highest concern! /s

        • FauxLiving@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          5 days ago

          He’s just being pedantic.

          Technically ‘ls’ has kernel access because it depends on system calls in order to produce its output.

          System calls are the mechanisms through which programs request services from the Linux kernel, allowing them to perform tasks like file management, process control, and device management. Any program that’s running on your machine has the access required to make syscalls and so you could say they have access to the kernel. They won’t have kernel-level privileges, so they can’t act as the kernel, but they do have access. Obviously the original user was referring to kernel anti-cheat modules which act as the kernel with all of the same privileges.

  • muusemuuse@lemm.ee
    link
    fedilink
    English
    arrow-up
    33
    ·
    6 days ago

    Short answer: no

    Long answer: only the most important things should even have such low-level access to the system. A fucking game is not in that category. Nooooooo

    • theshatterstone54@feddit.uk
      link
      fedilink
      arrow-up
      3
      ·
      5 days ago

      Obligatory Fuck Denuvo. If I had virtually infinite money, I’d do a hostile takeover of Denuvo and burn it to the ground.

  • Caveman@lemmy.world
    link
    fedilink
    arrow-up
    60
    arrow-down
    3
    ·
    7 days ago

    It’s the other way around. Windows will stop supporting kernel level anti-cheat because of Crowdstrike

  • dan@upvote.au
    link
    fedilink
    arrow-up
    48
    arrow-down
    3
    ·
    edit-2
    7 days ago

    AFAIK Microsoft have plans to block kernel level anti-cheat on Windows. After the CrowdSec issues last year, they’re rethinking which types of programs should even be allowed to run in kernel space.

    Edit: I was wrong. They actually want to increase what can be done in user mode, to reduce reliance on kernel mode code.

    • GenderNeutralBro@lemmy.sdf.org
      cake
      link
      fedilink
      English
      arrow-up
      13
      ·
      7 days ago

      They actually want to increase what can be done in user mode, to reduce reliance on kernel mode code.

      That’s basically what Apple did with macOS 11. They deprecated kernel extensions and replaced them with “system extensions”, and created new APIs so security tools, VPNs and such could function without kernel-level privileges.

    • coconut@programming.dev
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      2
      ·
      7 days ago

      They don’t. One article lied, people never read anything but the title and here we are this getting mentioned every once in a while.

      • dan@upvote.au
        link
        fedilink
        arrow-up
        8
        ·
        7 days ago

        Thanks. I looked into it a bit more and it looks like they actually want to increase what can be done in userland, to reduce the reliance on kernel mode. That’s still a good solution, if things the anti-cheat code needs to do can be moved into userland.

    • sibachian@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 days ago

      i assume the problem with league of legends since last year is because they switched to kernel level anticheat then? would be nice if they get kicked in the face for the anti-linux decision they made so we can start playing again :P

  • qweertz (they/she)@programming.dev
    link
    fedilink
    arrow-up
    20
    ·
    6 days ago

    Every IT-literate person fights kernel-lvl malware disguising as games with everything they got.

    Since Linux has a high percentage of those, I hope those “solutions” will never spread

  • Anna@lemmy.ml
    link
    fedilink
    arrow-up
    27
    ·
    edit-2
    7 days ago

    From technical point of view it is possible. eBPF already has almost everything needed for doing that. And I think it can be done with a simple LKM but if they want it included in the main tree I’m sure they’ll get some colorful email from Linus.

  • SavvyWolf@pawb.social
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    6 days ago

    It’s relatively trivial, you just need to write a kernel module. You’d just need/want to make it gpl so everything it does is fully audited and transparent. That’s not a problem, is it? Right?

    From a technical standpoint, you could argue that someone could create a fork of the kernel that spoofs the interface that the anticheat uses to make it ignore things. You can, of course, also do something similar in Windows, but security theatre never let practicality get in the way.

  • Thordros [he/him, comrade/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    13
    ·
    7 days ago

    Meanwhile in indie land, I just tried to cheat my way through a Chapter 3 minigame in Deltarune, and Toby Fox himself showed up in his dogsona to blow up the game and make me start the minigame over.

    This is the extent to which anti-cheat measures should go.

  • JTskulk@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    2
    ·
    7 days ago

    I’m not a programmer or cheater or anything, but I think the answer is yes and no. Yes it could technically be done and even work as intended as long as the device is locked down to prevent the user from replacing the shipped kernel (which would be a bad thing for users). However, savvy people could (in theory) make custom kernels that lie to the kernel module, causing the module to report there is no cheating when there is. It’s my understanding that it’s close to the current situation with Windows and virtual machines and anticheat: you can cheat by running your game in a VM and then have that virtual hardware extract secret information or flip bits in the right spots. Most competitive games will refuse to run in a VM for this reason.

    • coconut@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 days ago

      Kernel level anti cheats require secure boot. You can’t just “lie” and load an unsigned kernel.

      • Magiilaro@feddit.org
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        7 days ago

        You can add your own signing keys to the UEFI and boot an modified bootloader and Kernel that you have signed yourself. So yes, it is possible to “lie”

        For such a locked down system, akin to game consoles or smartphones, would be needed. And even those get jail broken and manipulated, so “total security” on there is not complete but easier to check and ensure. Another way to make sure that the code is not manipulated would be to put all those games into the cloud and have every player only play via streaming. All the code would then run on secured, locked down and verified machines.

        • Joe@discuss.tchncs.de
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          7 days ago

          Another technique that helps is to limit the amount of information shared with clients to need to know info. This can be computationally intensive server-side and hard to get right … but it can help in many cases. There are evolving techniques to do this.

          In FPS games, there can also be streaming input validation. eg. Accurate fire requires the right sequence of events and/or is used for cheat detection. At the point where cheats have to emulate human behaviour, with human-like reaction times, the value of cheating drops.

          That’s the advanced stuff. Many games don’t even check whether people are running around out of bounds, flying through the air etc. Known bugs and map exploits don’t get fixed for years.

        • coconut@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 days ago

          And then your keys will be rejected by the anticheat. Just because you can sign your kernel and load it does not mean a kernel module can’t verify who signed it.

          • Magiilaro@feddit.org
            link
            fedilink
            arrow-up
            2
            ·
            7 days ago

            Yes, but with a modified Kernel you can fake what the anticheat reads when it checks the key, so you just feed it the key it wants to see instead of your own. The anticheat module would need run on a higher level then the Kernel itself to prevent that, for example alongside the CPU (like the Intel Management Engine).

            • coconut@programming.dev
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 days ago

              I am not an expert on secure boot so I can’t tell whether that’s possible or not. But if it is, what stops people from doing that with Windows now?

              • Magiilaro@feddit.org
                link
                fedilink
                arrow-up
                2
                ·
                7 days ago

                You can’t really change the code of the windows Kernel and boot your own, that’s one of the things stopping people now

      • r00ty@kbin.life
        link
        fedilink
        arrow-up
        2
        ·
        7 days ago

        Linux secure boot was a little weird last I checked. The kernel and modules don’t need to be secure boot signed. Most distros can use shim to pass secure boot and then take over the secure boot process.

        There are dkms kernel modules that are user compiled. These are signed using a machine owner key. So the machine owner could for sure compile their own malicious version and still be in a secure boot context.

    • homura1650@lemm.ee
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      7 days ago

      This is where TPMs, measured boot, and remote attestation come in.

      You can run whatever kernel you want, but if it is not an approved kernel, you wouldn’t be able to attest to running an approved kernel; allowing whatever DRM scheme the developer put in to active.

      I believe this is how the higher levels of Android’s Play Integrity system work.

  • thingsiplay@beehaw.org
    cake
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    7 days ago

    One way I can imagine it being some certified Linux kernel versions that are accepted and worked together with anticheat creators. That way Valve could use the Kernel in Steam Deck or SteamOS, so any game works out of the box. And other distribution users can just install this Kernel too, if their distributions provide it.

    Anyone who don’t want to have Kernel level anticheat systems enabled on their system, do not need to install the Kernel. Therefore they are secure against it. But for anyone else who wants it, they can. At least this option would be a compromise.

    • vrighter@discuss.tchncs.de
      link
      fedilink
      arrow-up
      7
      arrow-down
      2
      ·
      7 days ago

      if it’s linux, it has to be open source. If it’s open source, people will code around it immediately. How about not trying to shoehorn this useless crap in the first place?

      • 0xtero@beehaw.org
        link
        fedilink
        arrow-up
        10
        arrow-down
        4
        ·
        7 days ago

        It doesn’t have to be open source. There’s plenty of binary firmware and drivers around.

      • thingsiplay@beehaw.org
        cake
        link
        fedilink
        arrow-up
        6
        arrow-down
        4
        ·
        7 days ago

        Besides your argumentation that open source is less secure, a driver or program does not need to be in the Kernel to work with it. Does it? Kernel level anti cheat systems are available on Windows too, without being in the Windows Kernel. All it needs is a Kernel module to load it separately. Something like the Nvidia proprietary driver. I don’t know if this would work for Anticheat.

        Back to your point of open source and code around it. Well they code around the proprietary tools too. Reverse engineering stuff is possible. So your argumentation is a bit weak. Open Source means more people are looking into and its actually more secure and up to date (for common and actually developed drivers).

        And you don’t have to use it, if you don’t like. How about letting people give options instead calling something they want or need being useless? It has a use and reason, so its by definition not useless. Instead using Windows, they could use Linux.

        • vrighter@discuss.tchncs.de
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          7 days ago

          where did i say it’s less secure? I said it will be coded around. as in forked and the changes patched out/worked around. The point is that it’s pointless to even try. Because it won’t work for those who do choose to use it, due to all the ones bypassing it

          • thingsiplay@beehaw.org
            cake
            link
            fedilink
            arrow-up
            1
            arrow-down
            3
            ·
            7 days ago

            If the Kernel is not signed, then it does not matter. The whole point of signed Kernels is to only execute that specific code. Its not pointless. But besides that, even if you don’t like Open Source, nobody said the Anticheat software has to be open source. This is something you implied. I don’t think any of the Anticheat companies would Open Source it anyway, so this was not my suggestion at all.

  • HelloRoot@lemy.lol
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    7 days ago

    Doesn’t Splitgate 2 have kernel level anti cheat that works on Linux? Maybe it is “trapped” inside wine/proton but they explicitly made it work and people are thanking them on steam discussions.

    • GregorGizeh@lemmy.zip
      link
      fedilink
      arrow-up
      7
      ·
      6 days ago

      Helldivers 2 works (or at least used to when I played it) as well, while requiring kernel access on windows