Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
sylware 3 hours ago

"kernel anti-cheat" is actually a re-branding of "anti-(non steamdeck)-linux" software, probably to please msft (since sole beneficiary). We all know they are inefficient and weaponized by hackers.

You know on linux there is a feature for a process to snoop into another process, that for the same user (non root), can be use for anti-tampering: with a proper "security" team, as all live-service games should have, you can give hell to hackers without a kernel module...

well_ackshually 2 hours ago | parent | next [-]

Man, even "Area 51 has aliens" is a better and more backed up conspiracy theory than this. Kernel AC isn't to please MS, nor is it to shit on Linux/Steam Deck. They don't matter. They're inexistent. They're a blip of very vocal users that keep believing that Proton is going to save them from EA making shit games.

KACs exist because they want to have higher privileges to not be injected into, closed or otherwise touched by any other process. That's also why a bunch of them have started to ask for Secure Boot, so that they can guarantee at least some chain of trust that ensures you've probably not tampered with your machine.

Your Linux example 1/ turns anti cheats into not only something that analyzes what runs on your machine, but actively tries to attack it, which is the textbook definition of malware, but also a gigantic liability should you happen to say, write into word.exe because you fucked up and thought it was a cheat. 2/ turns it into an infinite game of chasing each others with you injecting into cheats, cheats injecting into you, back and forth. In addition, you're running on an actively hostile machine with a hostile user that _wants_ to fuck over your anti cheat.

Please do some proper research on the subject.

sylware 10 minutes ago | parent [-]

A user level anti-tampering software (and more with such linux feature) is not a kernel module which is weaponized by hackers.

firtoz 2 hours ago | parent | prev | next [-]

How trivial is it to pretend to be a steam deck?

jdubs1984 2 hours ago | parent [-]

In what context? To show up at work and convince everyone you’re a steam deck?

Thats probably pretty difficult.

westmeal 2 hours ago | parent [-]

Easy enough with the right costume and plenty of confidence.

Thaxll 2 hours ago | parent | prev [-]

Kernel anti cheat in the client are the strongest form of protection by far, your comment makes no sense, anything userspace is easily spoofed. You can create a driver ( module ) that intercept calls and that is completely invisible to userspace processes.

The default security measures on Linux are pretty bad compared to windows, it's not even close. People like to bash windows but they have a way better security model.

sylware 2 hours ago | parent [-]

1 - kernel module from anti-cheats are weaponized by hackers.

2 - if I recall properly, that linux feature is a direct mapping of the target user process allowing extreme dynamicity in time, performant, and much more powerfull mechanisms than basic 'calls'. Namely hell for hackers if a live service game has a proper "security" team, all that without a kernel module.

dijit 17 minutes ago | parent [-]

What are you even talking about?

The parent is right.

I'm quite literally the first person to bash Windows for being a shitty operating system, but the requirement for signed modules puts a massive barrier to entry for cheaters, where Linux can load just about anything.

If every system call can lie to you, there's a few things you can do, but it's not many.

I know this because I've actually done a lot of due diligence on anti-cheat.

One mechanism I attempted to employ was to replay initalisation vectors and determinism of inputs; this means I could replay your session out of band and witness the same outcomes. If there was variation then there's a fault. Except as soon as you introduce floating point numbers there's no more determinism... Oh well.

The other was to watch for "impossible" things, but then you need to run full complex physics simulations for every client. If your game requires you to effectively buy an i7-11700k for every user then you'd have to sell your game for a lot more money, and limit how long they can play - nobody wants this.

The third option was to score our best players and anyone who performs better than that gets their behaviour tracked. The problem is, coming up with a scoring system that's server side is much harder than you think.

GameDevs don't actually like paying a shit load of money for anti-cheat (that also breaks their debugging systems and causes bugs: a wonderful combination)... so if you've got a better way: join the industry and fix it. You'll be a moderately wealthy person.