From both a technical perspective and if the maintainers of these anti-cheat will consider porting or re-writing kernel level anti-cheat to work on linux, is it possible? Do you think that the maintainers of kernel level anti-cheat will be adamant in not doing it, or that the kernel even supports it or will support it. I think that if it ever happens, there will be a influx of people moving to linux, or abandoning their duelboots, and that alot of people will hate that such a thing is available on linux.
I surely hope they never will, no user program should ever be allowed to run at kernel level, that’s what malware does.
I personally avoid those kind of games, but those who won’t can dual-boot.
Same
Or…just don’t play those games.
99% of their communities are more toxic than radioactive waste. And, they are not open source and they don’t respect privacy. Because they are greedy.
All true. And yet, plenty of people do want to play those games. And there are other games (Borked) which also cannot be played no matter what. Really annoying, that.
Yeah, some people are just stubborn. By some i mean most. You gotta adapt, what do you think evolution’s trying to tell you?
Sure hope not. If I wanted to run rookits I’d just use Windows. Why bother with Linux?
This is why I don’t want more Linux adoption and don’t understand people cheering every new user. We’re in a sweet spot where a lot of games enable userland anticheat while we don’t get kernel level ports (however they may be shipped doesn’t matter). The only thing that’ll come out of more adoption is kernel level anticheat ports that’ll probably work with a few corporate backed distros only and we’ll actually lose the games we have today. Because those will switch over the kernel level alternatives too.
The only way I’d like Linux to be a generic multiplayer platform is server side anticheats. It is very obviously the way to go and we are seeing extremely slow adoption (e.g. Marvel Rivals).
On one side, I’m one of those glad for people coming to Linux because Linux is truly fantastic and it can make your life easier on many things, I’m happy for them.
On the other side, I share your concerns, because everything that gets adopted by the masses is inevitably subject to enshittification, I would never want that to happen to Linux.
We should find a sweet middle-point tho I have no idea what that would be.
I think the more people who aren’t using corporate operating systems, the better.
I’m firmly against Microsoft, Red Hat, and Ubuntu.
TBH I’m not sure wider adoption would worsen things ? Gaming distros would probably ship bullshit anticheat modules by default while the others would not, or at most provide some documentation on how to opt in.
I think it’s quite similar to the situation with NVIDIA proprietary drivers? (I don’t own a graphics card so I’m not super aware on this topic)
My point is you would either have to run those modules on Linux or not play the games. Which is the same as running them on Windows or not play the games with the exception that you’d lose the games that run on Linux with userland anticheat now.
It’s the other way around. Windows will stop supporting kernel level anti-cheat because of Crowdstrike
Good one
They want to provide APIs that basically do an equal job but will restrict direct access.
I can’t wait until I am able to give random programs kernel access on my system! That doesn’t sound problematic in the least! After all, I have the fullest confidence that for companies developing anticheat, my security is their highest concern! /s
@phantomwise @SpiderUnderUrBed Every program on your system has “kernel access”, it’s called “syscalls”, but actually being able to modify the kernel, that is another matter.
lol 🤣. Aren’t you a tech guy?
He’s just being pedantic.
Technically ‘ls’ has kernel access because it depends on system calls in order to produce its output.
System calls are the mechanisms through which programs request services from the Linux kernel, allowing them to perform tasks like file management, process control, and device management. Any program that’s running on your machine has the access required to make syscalls and so you could say they have access to the kernel. They won’t have kernel-level privileges, so they can’t act as the kernel, but they do have access. Obviously the original user was referring to kernel anti-cheat modules which act as the kernel with all of the same privileges.
AFAIK Microsoft have plans to block kernel level anti-cheat on Windows. After the CrowdSec issues last year, they’re rethinking which types of programs should even be allowed to run in kernel space.
Edit: I was wrong. They actually want to increase what can be done in user mode, to reduce reliance on kernel mode code.
They actually want to increase what can be done in user mode, to reduce reliance on kernel mode code.
That’s basically what Apple did with macOS 11. They deprecated kernel extensions and replaced them with “system extensions”, and created new APIs so security tools, VPNs and such could function without kernel-level privileges.
They don’t. One article lied, people never read anything but the title and here we are this getting mentioned every once in a while.
Thanks. I looked into it a bit more and it looks like they actually want to increase what can be done in userland, to reduce the reliance on kernel mode. That’s still a good solution, if things the anti-cheat code needs to do can be moved into userland.
i assume the problem with league of legends since last year is because they switched to kernel level anticheat then? would be nice if they get kicked in the face for the anti-linux decision they made so we can start playing again :P
Yes, linux does not work exactly because they require this kernel level anticheat. But guess which os is supported without this anticheat… MacOs…
I guess it’s easier to dual boot Linux than osx for cheaters and I think most of them wouldn’t buy apple hardware just to get out of bronze.
I just itch my moba itch with dota
I tried Dota but it feels too different :(
Fair enough
kernel level anti cheat is malware
abandon ranked, return to private lobbies
I think its less a question of the technical feasibility, and more of an issue that we, as users, don’t want more closed-source blobs in our kernels. Meanwhile, the publishers insist that they can’t open-source their anti-cheat code; Their idea being that if we know what’s in it, it will be easier to bypass.
Basically, one distro or a few(at most) may get anti-cheat integrated one day(like, say, SteamOS), but it will likely never be in your standard Linux kernal.
They could go the rought of kernel modules, I would think, but for whatever reason, we’re still having this conversation.
Basically, one distro or a few(at most) may get anti-cheat integrated one day(like, say, SteamOS), but it will likely never be in your standard Linux kernal.
Valve also has server side anticheat in his games (Counter Strike or Deadlock). They are also against it.
Kernel-level anticheats can be bypassed anyways, but they are the easy solution for the corps that want to sell their multiplayer game.
@MachineFab812 @SpiderUnderUrBed even if you have steamOS, what keeps you from downloading kernels from kernel.org and building?
deleted by creator
If you want it to still be steam OS and compatible with games then you couldn’t use kernel.org kernels that’s the point.
If a person stands to make a lot of money figuring out how to use a regular, non-anticheat kernel then they will do it. It would be a lot less difficult to do when the kernel code is open source.
For anti-cheats, it isn’t the case, as with Windows, where you can semi-trust that the kernel isn’t lying. If an anti-cheat runs and wants to see what DMA devices are connected it uses the kernel to do that and it trusts that the kernel isn’t lying. You could trivially modify the Linux kernel’s source code to not list a specific card when asked by a kernel module.
Shite is still shite, even if it’s open source shite.
Short answer: no
Long answer: only the most important things should even have such low-level access to the system. A fucking game is not in that category. Nooooooo
Obligatory Fuck Denuvo. If I had virtually infinite money, I’d do a hostile takeover of Denuvo and burn it to the ground.
From technical point of view it is possible. eBPF already has almost everything needed for doing that. And I think it can be done with a simple LKM but if they want it included in the main tree I’m sure they’ll get some colorful email from Linus.
I really want to see that email.
Absolutely nothing prevents somebody from writing a kernel level anticheat on Linux.
Users would throw a fit, and it would be way easier to bypass, but it certainly could be made.
It would need to be open source, distributing proprietary kernel modules is a nightmare that can cause the OS to fail to boot after every kernel update. An open source anticheat kernel module would probably be useless and easy to bypass.
It doesn’t “need” to be anything. It could be a DKMS module that is mandatory for playing a game.
Whether people would like it and use it is a completely different story.
I sure hope not. Play on someone else’s pc if you want them to have control.
Every IT-literate person fights kernel-lvl malware disguising as games with everything they got.
Since Linux has a high percentage of those, I hope those “solutions” will never spread
It already works, but studios using anticheats that DO support Linux CURRENTLY don’t bother implementing it because we’re maaaaaybe 3% of the market on a good day, so they say “fuck it” and don’t expend a few dev hours to enable it because they see it as a pain to deal with v users who need it.
AFAIK the current anticheat systems on Linux only run in userspace not at kernel level. This does mean Linux is theoretically easier to bypass compared to windows, some games just dont seem to want to take that risk. For as you said 3% of the market.
I personally disagree with that stance though, because all it takes is a hardware device and all software anticheats are useless no matter the os (think a raspberry pi, and capture card). So anticheat is really a losing battle anyways.
Yeah… Apex Legends dropped Linux support a while ago and that’s one of the reasons they cited; and tbf, there were publicly available Linux cheats that ran under proton.
But there’s also loads of publicly available “external” cheats that run the way you described. Some run through a virtual machine even. It’s just not a robust solution for preventing cheating, and mostly hurts the legit Linux players.
we’re maaaaaybe 3% of the market on a good day, so they say “fuck it”
So true. And worse than that, we’re probably also the 3% most likely to skip buying a game that requires anti-cheat, anyway. Many of us are famously un-friendly toward closed source code running with invasive permissions.
It’s a lot more than just “a few dev hours”. You need to invest in training your testers on Linux, potentially purchasing new hardware, invest in programmers that can deal with writing for Linux, etc… Just because something like BattlEye has a checkbox for Linux support doesn’t mean that all it takes is to click the button and rebuild your game.
I’m not a programmer or cheater or anything, but I think the answer is yes and no. Yes it could technically be done and even work as intended as long as the device is locked down to prevent the user from replacing the shipped kernel (which would be a bad thing for users). However, savvy people could (in theory) make custom kernels that lie to the kernel module, causing the module to report there is no cheating when there is. It’s my understanding that it’s close to the current situation with Windows and virtual machines and anticheat: you can cheat by running your game in a VM and then have that virtual hardware extract secret information or flip bits in the right spots. Most competitive games will refuse to run in a VM for this reason.
Kernel level anti cheats require secure boot. You can’t just “lie” and load an unsigned kernel.
You can add your own signing keys to the UEFI and boot an modified bootloader and Kernel that you have signed yourself. So yes, it is possible to “lie”
For such a locked down system, akin to game consoles or smartphones, would be needed. And even those get jail broken and manipulated, so “total security” on there is not complete but easier to check and ensure. Another way to make sure that the code is not manipulated would be to put all those games into the cloud and have every player only play via streaming. All the code would then run on secured, locked down and verified machines.
Another technique that helps is to limit the amount of information shared with clients to need to know info. This can be computationally intensive server-side and hard to get right … but it can help in many cases. There are evolving techniques to do this.
In FPS games, there can also be streaming input validation. eg. Accurate fire requires the right sequence of events and/or is used for cheat detection. At the point where cheats have to emulate human behaviour, with human-like reaction times, the value of cheating drops.
That’s the advanced stuff. Many games don’t even check whether people are running around out of bounds, flying through the air etc. Known bugs and map exploits don’t get fixed for years.
And then your keys will be rejected by the anticheat. Just because you can sign your kernel and load it does not mean a kernel module can’t verify who signed it.
Yes, but with a modified Kernel you can fake what the anticheat reads when it checks the key, so you just feed it the key it wants to see instead of your own. The anticheat module would need run on a higher level then the Kernel itself to prevent that, for example alongside the CPU (like the Intel Management Engine).
I am not an expert on secure boot so I can’t tell whether that’s possible or not. But if it is, what stops people from doing that with Windows now?
You can’t really change the code of the windows Kernel and boot your own, that’s one of the things stopping people now
Linux secure boot was a little weird last I checked. The kernel and modules don’t need to be secure boot signed. Most distros can use shim to pass secure boot and then take over the secure boot process.
There are dkms kernel modules that are user compiled. These are signed using a machine owner key. So the machine owner could for sure compile their own malicious version and still be in a secure boot context.
This is where TPMs, measured boot, and remote attestation come in.
You can run whatever kernel you want, but if it is not an approved kernel, you wouldn’t be able to attest to running an approved kernel; allowing whatever DRM scheme the developer put in to active.
I believe this is how the higher levels of Android’s Play Integrity system work.
When Microsoft first proposed something like that a couple decades ago, it was widely seen as the nightmarish corporate power grab it was. Even mainstream, non-techy publications were critical.
I believe this is how the higher levels of Android’s Play Integrity system work.
It is.
How the fuck did this become acceptable?
deleted by creator
Meanwhile in indie land, I just tried to cheat my way through a Chapter 3 minigame in Deltarune, and Toby Fox himself showed up in his dogsona to blow up the game and make me start the minigame over.
This is the extent to which anti-cheat measures should go.
