From both a technical perspective and if the maintainers of these anti-cheat will consider porting or re-writing kernel level anti-cheat to work on linux, is it possible? Do you think that the maintainers of kernel level anti-cheat will be adamant in not doing it, or that the kernel even supports it or will support it. I think that if it ever happens, there will be a influx of people moving to linux, or abandoning their duelboots, and that alot of people will hate that such a thing is available on linux.
What does it even mean? People can recompile the kernel to turn the crap off.
And then the game wouldn’t work.
You don’t even need to do that. You could just blacklist or delete the module.
The game wouldnt work, but you could do it.
@SpiderUnderUrBed The true cheating is what is doing microsoft and closed source companies
deleted by creator
It’s a lot more than just “a few dev hours”. You need to invest in training your testers on Linux, potentially purchasing new hardware, invest in programmers that can deal with writing for Linux, etc… Just because something like BattlEye has a checkbox for Linux support doesn’t mean that all it takes is to click the button and rebuild your game.
we’re maaaaaybe 3% of the market on a good day, so they say “fuck it”
So true. And worse than that, we’re probably also the 3% most likely to skip buying a game that requires anti-cheat, anyway. Many of us are famously un-friendly toward closed source code running with invasive permissions.
AFAIK the current anticheat systems on Linux only run in userspace not at kernel level. This does mean Linux is theoretically easier to bypass compared to windows, some games just dont seem to want to take that risk. For as you said 3% of the market.
I personally disagree with that stance though, because all it takes is a hardware device and all software anticheats are useless no matter the os (think a raspberry pi, and capture card). So anticheat is really a losing battle anyways.
Yeah… Apex Legends dropped Linux support a while ago and that’s one of the reasons they cited; and tbf, there were publicly available Linux cheats that ran under proton.
But there’s also loads of publicly available “external” cheats that run the way you described. Some run through a virtual machine even. It’s just not a robust solution for preventing cheating, and mostly hurts the legit Linux players.
Absolutely nothing prevents somebody from writing a kernel level anticheat on Linux.
Users would throw a fit, and it would be way easier to bypass, but it certainly could be made.
It would need to be open source, distributing proprietary kernel modules is a nightmare that can cause the OS to fail to boot after every kernel update. An open source anticheat kernel module would probably be useless and easy to bypass.
It doesn’t “need” to be anything. It could be a DKMS module that is mandatory for playing a game.
Whether people would like it and use it is a completely different story.
I feel like bpf would be a decent solution for anticheat. I believe you can limit what an ebpf program can look at quite effectively.
I sure hope not. Play on someone else’s pc if you want them to have control.
One way I can imagine it being some certified Linux kernel versions that are accepted and worked together with anticheat creators. That way Valve could use the Kernel in Steam Deck or SteamOS, so any game works out of the box. And other distribution users can just install this Kernel too, if their distributions provide it.
Anyone who don’t want to have Kernel level anticheat systems enabled on their system, do not need to install the Kernel. Therefore they are secure against it. But for anyone else who wants it, they can. At least this option would be a compromise.
I have 3 kernels installed anyway, what’s one more?
if it’s linux, it has to be open source. If it’s open source, people will code around it immediately. How about not trying to shoehorn this useless crap in the first place?
It doesn’t have to be open source. There’s plenty of binary firmware and drivers around.
Besides your argumentation that open source is less secure, a driver or program does not need to be in the Kernel to work with it. Does it? Kernel level anti cheat systems are available on Windows too, without being in the Windows Kernel. All it needs is a Kernel module to load it separately. Something like the Nvidia proprietary driver. I don’t know if this would work for Anticheat.
Back to your point of open source and code around it. Well they code around the proprietary tools too. Reverse engineering stuff is possible. So your argumentation is a bit weak. Open Source means more people are looking into and its actually more secure and up to date (for common and actually developed drivers).
And you don’t have to use it, if you don’t like. How about letting people give options instead calling something they want or need being useless? It has a use and reason, so its by definition not useless. Instead using Windows, they could use Linux.
where did i say it’s less secure? I said it will be coded around. as in forked and the changes patched out/worked around. The point is that it’s pointless to even try. Because it won’t work for those who do choose to use it, due to all the ones bypassing it
If the Kernel is not signed, then it does not matter. The whole point of signed Kernels is to only execute that specific code. Its not pointless. But besides that, even if you don’t like Open Source, nobody said the Anticheat software has to be open source. This is something you implied. I don’t think any of the Anticheat companies would Open Source it anyway, so this was not my suggestion at all.
I can’t wait until I am able to give random programs kernel access on my system! That doesn’t sound problematic in the least! After all, I have the fullest confidence that for companies developing anticheat, my security is their highest concern! /s
@phantomwise @SpiderUnderUrBed Every program on your system has “kernel access”, it’s called “syscalls”, but actually being able to modify the kernel, that is another matter.
lol 🤣. Aren’t you a tech guy?
He’s just being pedantic.
Technically ‘ls’ has kernel access because it depends on system calls in order to produce its output.
System calls are the mechanisms through which programs request services from the Linux kernel, allowing them to perform tasks like file management, process control, and device management. Any program that’s running on your machine has the access required to make syscalls and so you could say they have access to the kernel. They won’t have kernel-level privileges, so they can’t act as the kernel, but they do have access. Obviously the original user was referring to kernel anti-cheat modules which act as the kernel with all of the same privileges.
It’s relatively trivial, you just need to write a kernel module. You’d just need/want to make it gpl so everything it does is fully audited and transparent. That’s not a problem, is it? Right?
From a technical standpoint, you could argue that someone could create a fork of the kernel that spoofs the interface that the anticheat uses to make it ignore things. You can, of course, also do something similar in Windows, but security theatre never let practicality get in the way.
I hope to fuck not.
No Wine/Proton cannot translate calls that run too deep into the Kernel
It is probably actually easier to create on linux as it is foss and there are also good projects like eBPF which can maybe even simplify and make it more secure.
I’m not a programmer or cheater or anything, but I think the answer is yes and no. Yes it could technically be done and even work as intended as long as the device is locked down to prevent the user from replacing the shipped kernel (which would be a bad thing for users). However, savvy people could (in theory) make custom kernels that lie to the kernel module, causing the module to report there is no cheating when there is. It’s my understanding that it’s close to the current situation with Windows and virtual machines and anticheat: you can cheat by running your game in a VM and then have that virtual hardware extract secret information or flip bits in the right spots. Most competitive games will refuse to run in a VM for this reason.
This is where TPMs, measured boot, and remote attestation come in.
You can run whatever kernel you want, but if it is not an approved kernel, you wouldn’t be able to attest to running an approved kernel; allowing whatever DRM scheme the developer put in to active.
I believe this is how the higher levels of Android’s Play Integrity system work.
When Microsoft first proposed something like that a couple decades ago, it was widely seen as the nightmarish corporate power grab it was. Even mainstream, non-techy publications were critical.
I believe this is how the higher levels of Android’s Play Integrity system work.
It is.
How the fuck did this become acceptable?
deleted by creator
Kernel level anti cheats require secure boot. You can’t just “lie” and load an unsigned kernel.
Linux secure boot was a little weird last I checked. The kernel and modules don’t need to be secure boot signed. Most distros can use shim to pass secure boot and then take over the secure boot process.
There are dkms kernel modules that are user compiled. These are signed using a machine owner key. So the machine owner could for sure compile their own malicious version and still be in a secure boot context.
No.
Every IT-literate person fights kernel-lvl malware disguising as games with everything they got.
Since Linux has a high percentage of those, I hope those “solutions” will never spread
