> This problem fundamentally undermines the appeal of PC gaming in a significant way, imo.

Yes, game publishers are trying to turn PCs into a gaming console, which IMO will always be a futile effort, and is quite frankly annoying. I don't game on PC to have a locked down console-like experience.

Just embrace the PC for what it is and stop trying to turn it into a trusted execution platform with spyware and rootkits.

Look at BF6 - for all the secure boot and TPM required anti-cheat they stuffed it with, there were cheaters day 1, so why abuse your users when it's clearly ineffective anyway.

Somehow Xonotic manages to be both completely free/open software and not have cheating problems like this. It's never been clear to me how they've done that although client-side stuff like these kernel anti-cheat things were obviously never going to work.

Honestly, if consoles were willing to accept KB+M (and gyro aiming for that matter), I’d be completely proposing that competitive live service titles mostly abandon PC, except for a small “probably infested with cheaters” base.

Doesn't actually stop all cheat developers. If even one person develops and sells a cheat that the kernel-level anticheat doesn't catch, then it stops 0% of cheaters from buying and using the cheat.

I think the problem with this line of reasoning is that it's one-sided. Essentially you are saying "Just trust me bro" on behalf of a self-evaluating company.

I'd argue the potential for abuse is a perfectly reasonable discussion to have, and doesn't have much bearing on the effectiveness of anticheat, but I understand that's not the point you are trying to make.

Or a virtual machine...

Fighting games do not use server-mediated simulation, in general. Cheating is actually a huge problem in popular games. And in fact, even running a server-mediated simulation wouldn't help with any of the common cheating in fighting games.

For instance, a common cheat in Street Fighter 6 is to trigger a drive impact in response to the startup of a move that is unsafe to a drive impact. That is recognizing the opponent's animation and triggering an input. There's no part of that which cares where the game simulation is being done. In fact, this kind of cheating can only be detected statistically. And the cheats have tools to combat that by adding random triggering chances and delays. It's pretty easy to tune a cheat to be approximately as effective as a high-level player.

Kernel-level anticheat isn't a perfect solution, but there are people asking for it. It would make cheating a lot harder, at least.

> About halfway in the article, there's a brief nod to CS:GO. It uses a tick system and the server controls what is possible,

As does Valorant and virtually every other first person shooter. The cheats aren't people flying around or nocliping, it's wallhacks and aim assists/bots.

Sounds great! Guess who I trust? Me. The root of trust should be a key I generate. I do not trust this to any government, any private company or really any 3rd party, except perhaps a member of my family or my lawyer. It can just be me and maybe someone I grant a digital equivalent of power of attorney to. For a company like Microsoft to try and get involved is in my view a form of aggression.

Wait, people on linux subreddits support kernel-level anti-cheat?

This sounds a lot like anti-encryption rhetoric: "so are you just okay with terrorists / pedophiles / pirates then?".

That's a rude strawman of the point I was making. Kernel-level anticheat is just too great of a cost. Your entire system is compromised so that you can play some (usually lousy) AAA games.

I oppose kernel-level anticheat because once it's in place, it will proliferate, even to single player games, just as it has in Windows.

In other words, once it's broadly supported, the number of games available to me (assuming I want to avoid kernel-level anticheat) will actually _shrink _.

I didn't realise the game is free of charge. You could replace 'buy' with 'install', but my point stands; people play Valorant because they want a competitive shooter with difficult anti-cheat rather than the unique art style or gameplay attributes.

It's a good thing that Microsoft has never signed an anticheat kernel module that turned out to be so vulnerable that some malware installed it on purpose to gain more system access.

The point it, you don't need a kernel driver to access most of your data. Just a user space process can go read all your files and memory of processes of the same user.

A properly secured Linux machine is a unicorn. The Linux desktop ecosystem is struggling a lot with putting software in namespaces. People still install software with their package managers outside Flatpak, there is no isolation of data, not to say many workflows depend on the whole user directory being available to access.

Some* Linux users

It was. All Windows kernel drivers are.

Microsoft doesn't do any auditing besides "is this the most obvious malware?"

Fully agreeing with this. I think there are two different approaches when people think of "server side":

The first is "never trust the client", i.e. realtime validation and having the server be the sole authority on the current game state. This is the straightforward solution to think of for programmers, but it's also practically infeasible due to latency, etc.

But what the server could do is a "trust but verify" approach: accept data from the clients when they submit it, but have some background processes that can analyze the data for anomalies and, if too much of it was detected, trigger a ban.

The only problem I see with this approach is that cheaters might react by repeatedly making new accounts and playing as them until the verification process has caught up and bans the account.

Cheating would be more obvious - as cheaters would have to start over with a beginner character every time - but it could still be annoying.

So the problem of ban evasion would become even more important. And I don't really see how a purely server-side solution could work there.

>It can't be that hard to do occlusion calculations server-side, right?

I think you already know the answer. Yes, it's bottlenecked by latency and jitter (of the laggiest player, no less), and in addition to that the maximum possible movement velocity makes it much much worse in fast paced games. It's been attempted a few times since at least late 90's, with predictable results.

In other words, complete server-side calculations are a fantasy. Besides, they won't even remotely make cheating impossible or even harder! Even complete hardware lockdown won't.

When it comes to cheating, perfect is the enemy of good. This is one of those rare cases where the phrase doesn’t hold.

The problem is that server-side occlusion is only a small piece of the puzzle. A naïve implementation means hundreds of thousands of raycasts per second, which doesn’t scale. Real engines rely on precomputed visibility sets, spatial partitioning, and still have to leak some data client-side for responsiveness.

Basically - the kernel level check is not laziness, but for unsolvable problems without huge compute costs or latency.

In a 2d game? Sure, no problem, all Dota types have them. In games like CS and Valorant? Yes, they already do that, they have maps with simple geometry so its possible. Games with open world geometry with buildings with windows etc? Will be almost useless to implement anyway. You need to avoid pop-in effects so positions needs to be sent 1-2m before they are visible, its what they do in cs/valorant but it doesn't really work with complex geometry.

If the server sends your client "you hear footsteps from this location" then you know where they are.

It can be rather difficult, mostly due to the occlusion calculations having to be conservative (must count visible things as visible, allowed to count invisible as visible, or things pop) and latency (must account for every possible position within max move speed * max latency, or things pop)

The naive raycast from player camera to other player would be fine for perf but may count partially visible as invisible, so its unacceptable. You'd have to raycast every pixel of the potentially visible player model to stay conservative. With movement + latency this expands to every pixel the player model could potentially occupy during your max latency period, and you need to consider the viewer moving too!

In practice this expands to a visibility test between two spheres with radius max_latency*max_movespeed + player_model_radius. Now, you could theoretically do a bunch of random raycasts between the spheres and get an answer that is right some of the time, but it would be a serious violation of our conservativeness criteria and the performance would get worse with more rays/better results. Also keep in mind that we need to do this for every single player/player pair a few dozen times per second, so it needs to be fast!

To do this, you need a dedicated data structure that maps volumes to other volumes visible from said volume. There are a few, and they are all non-trivial and/or slow to build well. (google for eg. potentially visible set, cell-portal graph + occlusion). You also trade performance for precision, and in practice you walls might become 'transparent' a bit too early. With all this being done, we can actually "do occlusion calculations server-side".

There's just one problem with this that I still don't know a solution for, namely precision. With fast players and imprecise conservative visibility, things you care about are going to count as visible pretty often, including stuff like enemies peeking from behind a corner (because they could have moved at full sprint for 100ms and the end of the wall is rounded away in your acceleration structure anyway) so all this complexity might not get you that much, particularly if your game is fast paced. You'd prevent some wallhacks but not the ones that really matter.

TLDR yes, it's actually hard and might not be good enough anyway

Or: Deterring some casual cheaters is not worth having my whole system pwned by employees of a game publisher and whomever else figures out how to exploit their code.

Obviously, our personal priorities differ. That's fine, but yours don't invalidate my earlier point.

By the way, it's never just one determined cheater. Once discovered, circumvention techniques get shared, just as with mod chips and exploit scripts. It's only a matter of time before anyone willing to do a little reading or buy a little hardware can use them. And they do. (Often on alt accounts, with no fear of getting banned.)

In other words, any relief from game cheaters is bound to be temporary, while harm from spyware or exploit is irreparable to anyone who values the privacy of their data.

This is why kernel-level anti-cheat systems are so widely criticized. They might make sense on dedicated gaming machines, where the risks are low, but the situation is very different on general-purpose computers.

The video showing one person cheating does not mean there aren't a 1000 others doing the same