Microsoft is moving antivirus providers out of the Windows kernel. Hopefully anti-cheat will be next
-
Microsoft has long wanted to get vendors out of the kernel. It's a huge privacy/security/stability risk, and causes major issues like the Crowdstrike outage.
Most of those issues also apply to kernel anti-cheat as well, and it's likely that Microsoft will also attempt to move anti-cheat vendors out of kernel space. The biggest gaming issues with steamOS/Linux are kernel anti-cheat not working, so this could be huge for having full compatibility of multiplayer games on Linux.
it's likely that Microsoft will also attempt to move anti-cheat vendors out of kernel space
[Citation needed]
-
I never understood kernel level anti-cheat. People STILL cheat. lol
To be fair, it certainly still makes cheating harder. If it didn't exist, you'd just see even more people cheating, but it's a pretty overkill way of system monitoring for such a relatively small benefit by comparison.
Massive privacy risk, only slightly better performance than other non-kernel monitoring.
-
it's likely that Microsoft will also attempt to move anti-cheat vendors out of kernel space
[Citation needed]
It seems like the point is that Microsoft would be developing some sort of alternative to the kernel with similar functionality for antivirus providers, that doesn't need to have kernel level access. Anticheat uses a lot of the same techniques as kernel level antivirus to detect malware, thus it would probably have to adapt to this new system.
I think the article is more commenting on how Microsoft is directly partnering with antivirus companies for this new system right now, while they're not directly partnering with anticheat companies, even though they'd probably have to migrate to this new system regardless.
-
This is what, the fourth time a Linux community gets excited about this? But that's actually not good for us at all. Much like Android's safety net, or the nightmare that is the Mac equivalent, the entire point will be creating an untouchable chain from the firmware to the final OS being booted, and only allowing some apps to use a specific API to attest this isn't compromised.
This is horrendous for people trying to modify the OS or, in a more relevant tone, run programs meant for that OS on an entirely different environment. Microsoft has slowly been moving towards making this work on PCs, mostly due to pressure from DRM providers like Netflix or banking apps, but unlike Apple they can't simply lock everything down at once and say "deal with it" because Windows lives by backwards compatibility. Either way, this is just another step towards this upcoming future.
If your favorite games now start asking Windows if the chain of trust is not tampered with... say goodbye to compatibility with Proton.
I'm not sure this will be an issue.
When a piece of software is checking for chain of trust, it's done primarily for security or DRM reasons. The benefits of verifying this chain of trust would make it a little harder for cheaters to inject code and it would be an extra hurdle for pirates to overcome, but the cost is that everyone that bought your game with the intent of playing it on Linux now has absolutely no way to make that happen. I'm not sure the loss in ~4% of your sales would be worth the benefit.
-
To be fair, it certainly still makes cheating harder. If it didn't exist, you'd just see even more people cheating, but it's a pretty overkill way of system monitoring for such a relatively small benefit by comparison.
Massive privacy risk, only slightly better performance than other non-kernel monitoring.
Some games just need people back in the equation instead of relying on algorithms. Bring back the Game Master's to MMOs etc, these people are willing to work for peanuts and be happy, yet they still decided to cut costs by replacing them...
-
Microsoft has long wanted to get vendors out of the kernel. It's a huge privacy/security/stability risk, and causes major issues like the Crowdstrike outage.
Most of those issues also apply to kernel anti-cheat as well, and it's likely that Microsoft will also attempt to move anti-cheat vendors out of kernel space. The biggest gaming issues with steamOS/Linux are kernel anti-cheat not working, so this could be huge for having full compatibility of multiplayer games on Linux.
I'm curious to see how CompTIA responds to this. They already don't allow you to take their exams in a VM or any kind of Linux. Presumably for the same "concerns" that the anti-cheat industry has.
-
You realize this'll occur at the expense of Microsoft treating the user as an untrustworthy enemy.
This means modding (even for offline play) will not be allowed. Heck, even modify ini files might be viewed as "hacking".
I agree removing the need for anti-cheat in principal sounds nice, but this means archiving games or porting them to "unsupported platforms" will be relics of the past.
You realize this’ll occur at the expense of Microsoft treating the user as an untrustworthy enemy.
What do you mean? Take away your ability to create drivers? Because it's already extremely limited and you need to get signed. I guess this "change" would just mean not signing any new antivirus drivers.
This means modding (even for offline play) will not be allowed. Heck, even modify ini files might be viewed as “hacking”.
That's a completely wrong take. Whether or not an anticheat runs in the kernel or not does not mean people can just go and edit their files. Even with a kernel level anticheat people can already do that if the driver is not running. The correct way is to do purity checks during connection to an online server, and only allow serverside code to update the gamestate. Any texture file hacks and local purity bypasses for those would need to be caught by the userland anticheat, like it has been done for ages. Not the best solution, but far more privacy friendly.
I agree removing the need for anti-cheat in principal sounds nice, but this means archiving games or porting them to “unsupported platforms” will be relics of the past.
Another weird take. Are you talking about the anticheat not being installable anymore? Because even if a game comes with a kernel level anticheat it would need a valid certificate, so any dead game would eventually have this problem regardless of it being allowed to install the driver. Porting games would in almost all cases get rid of the anticheat or somehow null it, disable any custom servers from forcing a valid anticheat, stuff like that. And archiving would be much easier without any anticheat at all, again regardless of kernel anticheat or userland anticheat.
MUCH better solutions against hacker are to use all this amazing machine learning stuff on the server side, put more power back into the hands of admins and their selfhosted servers, and handle reports about hackers better and faster.
-
Microsoft has long wanted to get vendors out of the kernel. It's a huge privacy/security/stability risk, and causes major issues like the Crowdstrike outage.
Most of those issues also apply to kernel anti-cheat as well, and it's likely that Microsoft will also attempt to move anti-cheat vendors out of kernel space. The biggest gaming issues with steamOS/Linux are kernel anti-cheat not working, so this could be huge for having full compatibility of multiplayer games on Linux.
wrote on last edited by [email protected]I'd probably be okay with kernel level anti-cheats if they actually stopped cheaters. But they don't. Hell, the best anti-cheat I've ever seen that actually works isn't even made by the developers of the game; it's a mod! Blue Sentinel for Dark Souls 3. All it does is check if the files a player you're connecting to has deviate at all from your own, then prevents the connection if they are not 1:1 identical.
-
I never understood kernel level anti-cheat. People STILL cheat. lol
wrote on last edited by [email protected]Yes,
but game companies also want to spy on you and potentially sell your data. Even if they aren't selling it, the ability to do so increases the value to investors. This is the way tech companies talk about invasive software in general, FWIW.
-
Some games just need people back in the equation instead of relying on algorithms. Bring back the Game Master's to MMOs etc, these people are willing to work for peanuts and be happy, yet they still decided to cut costs by replacing them...
...wait, games don't have even a single person checking for cheaters, even casually? Like, they wholly rely on anticheat?
(PS, has been a decently long time since I played a game that needed anti cheat)
-
This is what, the fourth time a Linux community gets excited about this? But that's actually not good for us at all. Much like Android's safety net, or the nightmare that is the Mac equivalent, the entire point will be creating an untouchable chain from the firmware to the final OS being booted, and only allowing some apps to use a specific API to attest this isn't compromised.
This is horrendous for people trying to modify the OS or, in a more relevant tone, run programs meant for that OS on an entirely different environment. Microsoft has slowly been moving towards making this work on PCs, mostly due to pressure from DRM providers like Netflix or banking apps, but unlike Apple they can't simply lock everything down at once and say "deal with it" because Windows lives by backwards compatibility. Either way, this is just another step towards this upcoming future.
If your favorite games now start asking Windows if the chain of trust is not tampered with... say goodbye to compatibility with Proton.
I don't think chain of trust and security through kernel-level access are fighting the same problem.
Usually chain of trust is to prevent app tampering, and kernel-level access is to prevent memory tampering.
I assume Windows is creating a new API for applications to monitor certain regions of memory for tampering without needing kernel access.
-
I'm curious to see how CompTIA responds to this. They already don't allow you to take their exams in a VM or any kind of Linux. Presumably for the same "concerns" that the anti-cheat industry has.
A useless certificate for a useless job.
-
A useless certificate for a useless job.
wrote on last edited by [email protected]As a holder of multiple CompTIA certificates I wholeheartedly agree that they're useless. Unfortunately they're by far the most common means of contractors (the actual people, not the companies) checking off the boxes to qualify for U.S. government IT contracts; which means they're still relevant.
-
I'd probably be okay with kernel level anti-cheats if they actually stopped cheaters. But they don't. Hell, the best anti-cheat I've ever seen that actually works isn't even made by the developers of the game; it's a mod! Blue Sentinel for Dark Souls 3. All it does is check if the files a player you're connecting to has deviate at all from your own, then prevents the connection if they are not 1:1 identical.
Basic anti-cheat already does this, but also with memory, because most cheats are reading/modifying what is in memory. I think the only ethical solution for anti-cheat is on the server side, with machine learning perhaps, kind of like VACnet.
-
I'd probably be okay with kernel level anti-cheats if they actually stopped cheaters. But they don't. Hell, the best anti-cheat I've ever seen that actually works isn't even made by the developers of the game; it's a mod! Blue Sentinel for Dark Souls 3. All it does is check if the files a player you're connecting to has deviate at all from your own, then prevents the connection if they are not 1:1 identical.
If cheaters wanted to get around that, they could
-
You realize this’ll occur at the expense of Microsoft treating the user as an untrustworthy enemy.
What do you mean? Take away your ability to create drivers? Because it's already extremely limited and you need to get signed. I guess this "change" would just mean not signing any new antivirus drivers.
This means modding (even for offline play) will not be allowed. Heck, even modify ini files might be viewed as “hacking”.
That's a completely wrong take. Whether or not an anticheat runs in the kernel or not does not mean people can just go and edit their files. Even with a kernel level anticheat people can already do that if the driver is not running. The correct way is to do purity checks during connection to an online server, and only allow serverside code to update the gamestate. Any texture file hacks and local purity bypasses for those would need to be caught by the userland anticheat, like it has been done for ages. Not the best solution, but far more privacy friendly.
I agree removing the need for anti-cheat in principal sounds nice, but this means archiving games or porting them to “unsupported platforms” will be relics of the past.
Another weird take. Are you talking about the anticheat not being installable anymore? Because even if a game comes with a kernel level anticheat it would need a valid certificate, so any dead game would eventually have this problem regardless of it being allowed to install the driver. Porting games would in almost all cases get rid of the anticheat or somehow null it, disable any custom servers from forcing a valid anticheat, stuff like that. And archiving would be much easier without any anticheat at all, again regardless of kernel anticheat or userland anticheat.
MUCH better solutions against hacker are to use all this amazing machine learning stuff on the server side, put more power back into the hands of admins and their selfhosted servers, and handle reports about hackers better and faster.
Thanks for the well thought response, you made quite a few points, but let me try to clarify where I'm coming from:
Windows 11 requires all computers to have TPM 2.0. It's a crypto chip used for allowing vendors (re: Microsoft) to add secure keys at a hardware level, which will then allow software to verify that the software, operating system, and hardware are "unmodified".
In a nutshell this process for allowing software to ensure that the OS and hardware are not compromised nor modified is called "attestation".
And it's something Google has (successfully) introduced into Android and they're now "turning the screws" .
This means that the Windows of the near future, will begin to "limit access" to the OS (ie: kick people out of the kernel), only allowed signed device drivers, etc.
The next step will be restricting "sideloaded apps" and funnel people through the "officially supported apps store". Once that happens, sideloading will either be removed or crippled.
When it comes to gaming: there won't be any need for anti-cheat measures, because Microsoft will know (and will disable itself or the app) if you've modified the OS or any app/game (this could include installing a game on a newer or older version of Windows)
This is the future of computing. It's already happening to cellphones. I'd read a great article (that I, sadly, cannot find) that talks about how technology like attestation have software vendors treat the user as an untrustworthy person. The upshot, for the user, is that if they get infected will malware or a virus the OS will know and will react accordingly. The downside, for the user, is that the freedom we have today - to install or configure our OS to our liking will be a thing of the past.
These changes won't happen overnight, but it has and will be a slow boil.
-
I'd probably be okay with kernel level anti-cheats if they actually stopped cheaters. But they don't. Hell, the best anti-cheat I've ever seen that actually works isn't even made by the developers of the game; it's a mod! Blue Sentinel for Dark Souls 3. All it does is check if the files a player you're connecting to has deviate at all from your own, then prevents the connection if they are not 1:1 identical.
wrote on last edited by [email protected]"I’d probably be okay with kernel level anti-cheats if they actually stopped cheaters. "
"I'd be okay with espionage devices all around my house if it stopped documents from being forged."
samepicturememe.jpg
-
"I’d probably be okay with kernel level anti-cheats if they actually stopped cheaters. "
"I'd be okay with espionage devices all around my house if it stopped documents from being forged."
samepicturememe.jpg
All I use my machine for is gaming, so not having cheaters in games far outweighs the odds of being hacked by imaginary bogeymen.
-
I never understood kernel level anti-cheat. People STILL cheat. lol
Did you never play Fall Guys on PC?
-
...wait, games don't have even a single person checking for cheaters, even casually? Like, they wholly rely on anticheat?
(PS, has been a decently long time since I played a game that needed anti cheat)
I think people can vote to kick people but that’s it really
