this post was submitted on 11 Nov 2024
275 points (100.0% liked)

Gaming

30557 readers
422 users here now

From video gaming to card games and stuff in between, if it's gaming you can probably discuss it here!

Please Note: Gaming memes are permitted to be posted on Meme Mondays, but will otherwise be removed in an effort to allow other discussions to take place.

See also Gaming's sister community Tabletop Gaming.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Steam store pages received a new Anti-cheat field. Disclosure is mandatory for kernel-level anti-cheat solutions. And recommended for other anti-cheat solutions (like server-side or non-kernel-level client-side).

The field discloses the anti-cheat product, whether it is a kernel-level installation, and whether it uninstalls with the product or requires manual removal to remove.

Screenshot of anti-cheat indications

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 1 week ago* (last edited 1 week ago) (18 children)

No it's literally not what malware is. Otherwise anti virus would be. And anti malware haha

It's literally none of those things mentioned.

You are doing massive mental gymnastics. Intentionally nasty for an anit cheat is just stupid. You 100% know that's not what that means.

It also doesn't invade, damage, disable or take control of the system.

Just because you don't like it doesn't make it malware.

[–] [email protected] 11 points 1 week ago (10 children)

Taking kernel level actions to stop processes on YOUR machine is absolutely taking control of the system.

Kernel level anti-cheats meet every requirement. Just because you think there's gymnastics going on doesn't make it so. It's actually well established in the security field that they count.

[–] [email protected] 8 points 1 week ago (1 children)

Have kernel-level anti-cheat systems ever stopped processes? Unrelated to the anti-cheat and the game itself?

I would imagine they would kick and ban you, not control other processes.

[–] [email protected] 9 points 1 week ago

They have kernel access... They can control anything since they're in the kernel. And yes, I've seen it.

If you remember back in the late 2000's early 2010's there were a boatload of apps that would hook into games to do things like display overlays for chats (Teamspeak for example, overwolf as another.) some kernel anti-cheats would stop those processes from starting up.

But don't take my word for it.


https://www.pcgamer.com/according-to-experts-on-kernel-level-anticheat-two-things-are-abundantly-clear-1-its-not-perfect-and-2-its-not-going-anywhere/

I'm less worried about developers abusing kernel access, and more concerned with potential vulnerabilities introduced for third-party actors to exploit. Rigney cited two examples: the infamous Extended Copy Protection (XCP) from Sony, which bad actors used to compromise affected systems, as well as a backdoor vulnerability introduced by Street Fighter 5's kernel level anticheat. In 2022, a ransomware developer also took advantage of Genshin Impact's kernel level anticheat to disable antivirus processes.

Introduces backdoors to be used by malicious actors.


https://www.pcgamer.com/the-controversy-over-riots-vanguard-anti-cheat-software-explained/

Vanguard detects software with vulnerabilities which could be exploited by cheat makers, and blocks some of it.

Blocks external softwares that it deems "vulnerable"


https://old.reddit.com/r/gaming/comments/xf1cwr/the_insanity_of_eas_anticheat_system_by_a_kernel/

This is far from the first time that boot level firmware or kernel mode code inserted via patches or drivers have been used to install spyware, but every time I see it happen I want to warn users about the consequences, and provide some information about the danger.

Kernel devs beg users to not allow this shit.


Just look it up. All sorts of articles and experts have spoken on it.

load more comments (8 replies)
load more comments (15 replies)