I did a lot of cheat development and always read the related forums.
Let me tell you that kernel anti-cheats are the funniest and ugliest pieces of software out there.
Almost ALL exhibit rootkit behaviour. Capture all OS events, dig through system and user directories, list all processes, fetch DNS and browser histories, block certain system calls, and more just to name a few. But hey! Their software (including drivers) are signed by Microsoft, so that’s alright :))
Funny part is that all those drivers are created by no other than ex-community members, under no advisory from system specialists or security experts. So guess what? Security vulnerabilities all around. Pretty much all their drivers are wide open and unsecure.
Nice fun having persistent, kernel-level, system-trusted exploits auto-installed on your system!
Oh, almost forgot, BattlEye has the ability to download custom bytecode from their servers and execute it. RCE baked right in. Good stuff.
So your frustration is more than reasonable..
EDIT: I will try to find the posts pointing to all vulns that I mentioned, and cite them.
As a person in the industry: Everything this person is saying is true.
We need a real solution to this honestly, it’s not enough to just kick up a fuss about game devs including anti-cheat and ever-more-invasive anti-cheat, but actually providing solutions people can use.
The economic incentives do not exist on consoles to cheat, so publishers are convinced that control of the platform is the problem.
As someone in the industry, would you mind weighing in on Vanguard, the kernel level anti-cheat used for Valorant?
On release they made a big deal about how small the kernel level portion is and how most of the complexity of the anti-cheat was still in user space. I'd be interested to hear how true that is and if that makes much of a difference in your mind how trustworthy it is.
I don’t have the code for that and it might require my studio to open a deal with vanguard to get access to the source.
Generally speaking though; the size of the components that run in the kernel is not important. The kernel mode software can act as a window to the rest of the system.
Almost ALL exhibit rootkit behaviour. Capture all OS events, dig through system and user directories, list all processes, fetch DNS and browser histories, block certain system calls, and more just to name a few. But hey! Their software (including drivers) are signed by Microsoft, so that’s alright :))
Funny part is that all those drivers are created by no other than ex-community members, under no advisory from system specialists or security experts. So guess what? Security vulnerabilities all around. Pretty much all their drivers are wide open and unsecure.
Nice fun having persistent, kernel-level, system-trusted exploits auto-installed on your system!
Oh, almost forgot, BattlEye has the ability to download custom bytecode from their servers and execute it. RCE baked right in. Good stuff.
So your frustration is more than reasonable..
EDIT: I will try to find the posts pointing to all vulns that I mentioned, and cite them.