The same style of argument used by ChatControl proponents. I mean, what's another backdoor going to do in the swiss cheese that is Whatsapp/$INSERT_IM_PLATFORM_HERE security ?
>But the point is that in one the OS security layers or antivirus will catch it.
Doesn't antivirus have detections for ring0 as well? Otherwise virus makers can just code their viruses to be in drivers and evade all the antiviruses.
This wasn’t really true in decades past - there was a cat and mouse game where often it could be detected because the virus wasn’t perfect at hiding its activity and resource usage – and it’s become far less so in the era where even consumer hardware has virtualization features which allow even kernel code to be restricted. Even Windows is starting to use that to prevent malware from accessing secrets (e.g. Credential Guard) so I wouldn’t treat this as the ring0=game over situation it was in the 90s.
A more accurate phrasing is that antivirus software can positively confirm the presence of malware but it cannot on its own definitely prove the absence of ring0 malware. For that, you need an Apple-level secure boot process to give confidence that the code is running on an unmodified, unvirtualized kernel.
> Why load on boot? -> Because we need to, don't worry.
I believe the reason stated was "because we know it will not be tampered with after boot". Not saying it's a good or bad reason, but this is dishonest paraphrasing.
I said it because I think other kernel level anticheat don't do it.
If I remember correctly I can just enable/disable the easy anticheat service, sane with the EA thing, I don't need to reboot the machine like with Vanguard.
> I said it because I think other kernel level anticheat don't do it.
It is done by FACEIT and ESEA.
> If I remember correctly I can just enable/disable the easy anticheat service, sane with the EA thing, I don't need to reboot the machine like with Vanguard.
You can disable Vanguard as well, you'll only need to re-enable it and restart if you want to play the games.
Can't read files or access memory of other users though, which is kind of the point. It's trivially easy to run games as a different user than the one you use for e.g. banking, and operating systems have had fast user switching for decades.
Most games require admin privileges to install, so if the game maker wants to be evil you're already screwed even if you have separate users. Moreover, most software isn't really designed for multi-user system security (because it's basically never used), so there's often sloppy coding practices that lead to trivial EoP between users (eg. cache directories accessible by all users).
Maybe this is a difference with Windows vs. Linux and admittedly I basically never have time for games anymore, but I don't remember any game ever asking me for my root password to install or run. I'm also not sure what software you have in mind that doesn't work in a multi-user environment. I see plenty of usage of `~/.cache`, and `~` has 700 for permissions. Other services on my computer run as their own user.
In any case, something being programmed poorly isn't a good excuse to make things even worse. It is, however, a great reason to... run things under isolated users/environments, or in a VM (which these drivers also want to prevent).
>but I don't remember any game ever asking me for my root password to install or run.
Are you sure there isn't some sort of setuid executable that's doing all the root stuff for you? At least in theory for something like steam, you'd want either all installs to require root, or restrict all installs to per-user basis.
>In any case, something being programmed poorly isn't a good excuse to make things even worse.
The point is that if multi-user security is broke in practice, you shouldn't invest effort into using it, and use something better like virtualization and/or dual booting with full disk encryption.
By default steam puts everything in ~/.local/share so I don't see why it would need root.
These drivers generally try to prevent you from using virtualization for the same reason they want root. The point is that fundamentally they want to live one level above wherever the user is, which means they compromise user ability to secure against them. The game industry isn't exactly known for slow, careful development, so they're kind of the worst group to give root.
Even without a VM, multi-user security does work, and Linux has other tools to isolate programs. Steam already runs in a sandbox[0] on NixOS to give it a normal FHS layout and work at all, so it wouldn't be unreasonable to add more isolation.
If we only have user space anticheat we might as well have no anticheat at all. Its not like anticheat uses kernel because its fun, cheats moved there to be undetected before anticheat had to.
I think this post is addressing some of the weaker security arguments against putting anti-cheat software in the kernel. The issue isn't that such software provides no value (obviously it does if developers continue writing anti-cheat kernel drivers despite the backlash). The issue is that software running in the kernel can unintentionally enable vulnerabilities that would be impossible if the software was running in usermode. It doesn't require compromising any supply chains.
> The issue is that software running in the kernel can unintentionally enable vulnerabilities
You're not wrong, but there is some strong irony there regarding Vanguard. When it first launched its driver would block certain other drivers from loading, because those other drivers had known vulnerabilities that cheats (or anything else) could use to escalate from usermode to kernelmode without touching any of the standard entrypoints that are monitored by anticheats.
Would you be surprised to learn that the main response was for gamers to get angry at Vanguard for breaking their RGB keyboard driver, rather than get angry at the manufacturer of their RGB keyboard for shipping a buggy driver with critical security vulnerabilities? And Microsoft ended up adding a very similar driver blacklist to Windows itself later, because it's a good idea.
This is the main issue I have with these. Microsoft should be providing this at the platform level, give developers "Xbox Anti-Cheat" and ship it with Windows.
How much of Xbox anti cheat is "can only run signed code"? Might not be compatible with regular PC use but maybe if we had a gaming mode we could boot into.
No good deed goes unpunished. In the current regulatory environment, that seems like a good way to attract attention from regulators for anti-trust violations.
Not proud of this part of my history but in Counter-Strike: Source, you could replace the game textures yourself and re-skin the entire game! This was done mostly so people could rock their own client-side gun skins (Before actual implemented skins were a thing!)
Anyway, people realised you could make ANY texture custom. Who's to say those walls wouldn't look better transparent? I created a _ton_ of transparent textures with different colours and what not and packaged them into a .zip with a $ attached. Didn't expect much because all of this was available for free by many other provides but I pulled in about $15k for an afternoon's job.
Valve eventually released the sv_pure server command which would force Valve textures on their servers, fixing the issue. Because this was a custom texture hack, it was rightly undetectable by VAC and therefore no bans were issued.
Anyways the point of this is there's a lot of money in it for the cheat devs. They aren't going to stop. I really hope a new innovative solution comes along that puts an end to it.
Counterpoint, play any game without anticheat and realize just how much worse it can be. (and before someone says it, custom servers with dedicated admins doesn't scale and tends to cause lots of petty drama)
It does stop some classes of hacks, ups the effort considerably as you hack needs to be in kernel or with hardware. But its pretty much impossible to stop on x86/windows PCs.
And CS is completely overrun with cheaters. I don't play Dota like games but afaik they all have effective obfuscation, so ESP/wallhack like cheats aren't effective. But they have some auto aim cheats for abilities.
I don't know if CS2 is any different but while CSGO didn't have a cheater in every single game it was at least 1-2 in 10 in ranked games at global elite level from my experience playing it on and off for many years (beta 0.6 to a few years ago). At that level they usually only use ESP/wallhack and toggle aim assist to avoid getting banned through overwatch. Was very common for them to toggle halfway through a game or so to avoid losing or if they think someone else is cheating.
Depends on your definition of overrun, I did use it a bit hyperbolically, but it seems you have no idea what you're talking about.
It seems you have no idea what you are talking about.
(See I can do it too! I am attacking you, your knoledge, your inteligence, not your comment. And the "best" part is that sentence can be used to "win" any argument!)
There is no point in this conversation, have a nice day.
Everybody is "doing something". It's a question of what is something. Account-banning people after proven cheating is also something. I would imagine a competitive game with a skill-based match-making, especially a successful one can do that.
Asking people to swear to not cheat in ToS is also something. Only installing the game on the proper trusted computing or doing server-side anticheat is something too.
The issue is with the company deciding to disregard customers concerns about security and privacy to get this something for cheap from a third-party vendor.
If we must pick just one problem I'd say it's that the techniques that we develop for anti cheat will later be used by authoritarian regimes to turn our devices into weapons against those of us foolish enough to dissent.
all it really does in practice is produce a market for paid cheats.
if it's a pain in the ass to stay ahead of the anti-cheats, then people with the skills to do so will expect (and receive) payment from those wishing to cheat.
Valorant (game using kernel anti-cheat) is made by Riot Games, which is owned by Tencent (since 2011) a Chinese company with heavy ties to the Chinese Communist Party.
[1] "According to a report by Sina Tech in October 2017, Tencent employed over 7,000 members of the Chinese Communist Party (CCP) ... "With over 7,000 CCP members, accounting for approximately 23% of the total workforce, and more than 60% of whom are core technical personnel, the number of CCP members at Tencent is increasing by nearly a thousand every year."
[2] "The Tencent Party Member Activity Center has a dedicated CCP member activity area of more than 6,000 square meters. More than 1 million yuan is allocated for CCP activities per year."
As someone who plays games every day, with ~3000 hours in Counter Strike at a decently high level. I've only ever encountered blatant hackers maybe 3 times in the last 10 years. I definitely do not care enough to start allowing random companies Kernel level access to my machine.
> Solving online game cheating is a billion dollar business.
The existence of an incentive does not guarantee the existence of a solution.
> HN has a lot of very clever people.
From the way people are talking about this issue (in this and the other thread) I don’t think any solution is going to come from HN commenters. Most of the people here are thinking about the problem from first principles and generating ideas that either:
- haven’t worked in over a decade because cheaters have workarounds
- overestimate the capabilities of AI or statistical methods
- underestimate cheaters or contain false assumptions about how cheaters think/behave
- underestimate how many people are demanding a solution to this and what kinds of strictures they’re willing to accept
- underestimate the backlash in store for any solution that isn’t 100% correct
It’s not like the incumbents are dummies. They’re constantly thinking about this from all angles and are willing to try anything.
Obvious, cheap solution (to this controversy): make it optional. If people don't want to install a rootkit, let them play with other people who are willing to play in a rootkit-disabled session. I seem to recall this was how e.g. punk buster worked 20 years ago.
This is technically already the case for many games already. For example for EasyAntiCheat, the EAC kernel module won't be loaded unless you join a server with EAC enabled.
My first thought there would be to just build up randomness entropy on game launch, and when mouse movements/keyboard events break that, detected. I assume I’m missing something.
The problem isn't only detecting suspicious statistical or computational patterns, it's doing the detection on a device you ultimately don't control, and entirely in software (at least for PCs, at least for now).
With enough effort, all software can be virtualized, and whether the defender's effort can even theoretically be scaled more easily than the attacker's is an open question.
I guess my thought was, if a cursor just "jumps" or moves quickly in a mathematically straight line, probably an indicator. Or if inputs had almost the exact time gap between them for a series of actions.
I am certain that "software" is not plural. There is a good case for "softwares" though, or potentially "soft wares". In general the "programs" should be preferred.
> Why does this pose an issue in game-hacking? Well.. As we all know, game-hackers go to extreme lengths to achieve their common goal: winning. This is the sad reality of the cat-and-mouse game of game-hacking, as cheaters will not abide by any rules or morals.
I feel like this is a flawed basis of assumption and also just a mis-framed situation as a whole. Cheat developers and the people that use them en-masse aren't really the same people. By trying to suspend their narrative on player greed being the enemy, they undermine a point that otherwise has some very practical responses if you don't resort to relative extremism.
For one, if exploiting software to win was the ultimate degenerative goal of every video game, I don't think people would want to pay for online experiences. People still buy and play games because they like the intended experience, and while cheating exists it's a one-sided aberration that isn't an obvious by-product of an endless greed for winning. I don't like cheaters, but any businessman will tell you that one person's abuse of a service is no excuse to degrade another customer's experience.
For two, this isn't casus-belli on privacy even if it was true. All software can be exploited, but that doesn't justify creating infinitely hostile conditions for a user to run your program. This same line of reasoning, blaming the cheaters and never yourself, could be used to justify any number of nonsense mitigations like forcing players to record themselves with a webcam or plug in proprietary anticheat USB hardware. This is all a very flowery way for a developer to absolve themselves of responsibility for an extreme reaction to a minor issue.
For three - it's deflecting the issue onto a conflated group of people that doesn't really exist. The people designing exploits are motivated to do so because they like writing exploits, not because they enjoy cheating. They might sell their software or distribute it to people that do play to cheat, but the cheat designers are rarely motivated by a desire to be at the top of a leaderboard that will boot them off for obvious manipulation. So the entire concept of blaming the players for wanting to win so bad is really just an emotional "we're the poor developers" deflection. They can try to hold the moral high ground all they want, but it ends up feeling like an incensed defense of something that clearly isn't working.
> They might sell their software or distribute it to people that do play to cheat, but the cheat designers are rarely motivated by a desire to be at the top of a leaderboard that will boot them off for obvious manipulation. So the entire concept of blaming the players for wanting to win so bad is really just an emotional "we're the poor developers" deflection.
Are you sure you're not deflecting the issue onto a group of people that doesn't really exist either? I.e. The group of people who are just "hacking to hack" - these people do exist but they are exceptionally rare (w.r.t the likelihood of running into a player using that persons cheat) compared to the ones who are in it for some personal gain, financial or otherwise. Also this group is typically not the one having an oversized negative impact on the game (as always there are exceptional cases - but it's not the norm).
The cheat designers are motivated by money, and their customers are motivated by a desire to be at the top of a leader-board (or to grief, or because they feel "everyone else is doing it so I have to", etc). I'm not sure it makes sense to throw out the entire argument just because a level of indirection is there. If the customers stopped caring about winning at any cost, it follows that most of the cheat developers would have no more motivation to maintain the cheats (at least as publicly available to the masses), because the money would dry up and the work would not be worth it anymore.
RMT is also huge in certain games. For example Escape from Tarkov is infested with cheaters not because they want to get on the leaderboards, but because they want to sell items/services to other players for real money (cheating by proxy basically), and again those players spending real money are doing it to gain an advantage in-game.
It's also important to note that that maintaining a public cheat is _very_ different to maintaining a private one. Basically nobody who is just 'hacking to hack' is going to be publicly maintaining a cheat for a major competitive online game just for the heck of it. Privately for sure, that happens all the time where things are traded/sold between just a handful of people. But nobody is out there maintaining free public cheats for Valorant, Apex, Siege, etc. (or at least not one that puts a meaningful effort into evading anti-cheat, which is sort of the point).
Sometimes the two groups overlap (i.e. an individual might "hack to hack" in their spare time, whilst also contracting for a commercial cheat developer), but if the commercial incentive disappears, so does the most of the negative impact on the game even if that individual continues to cheat personally (because 1 is less than tens of thousands - and the people who were previously buying cheats don't have the skills to replicate it themselves).
I did develop my own custom kernel level cheat for Rust before. Completely undetected for over 8-9 months. A couple of my friends also used it. It was fun but we did get bored of it eventually and didn't get a ban except for once or twice during initial development because I did indeed step on the toes of the anti-cheat and had it not been for the kernel level anti-cheat, it would be so much simpler for me to develop this whole thing. Eventually, Windows kernel updated, I had to update some offsets for DKOM and I lost interest eventually.
There is a lot of money to be made in this industry. There are many people that would pay 5-7$ per day for undetected hacks like this.
https://news.ycombinator.com/item?id=41999314 Steam games will need to disclose kernel-level anti-cheat on store pages