Modern kernel anti-cheat systems are, without exaggeration, among the most sophisticated pieces of software running on consumer Windows machines. They operate at the highest privilege level available to software, they intercept kernel callbacks that were designed for legitimate security products, they scan memory structures that most programmers never touch in their entire careers, and they do all of this transparently while a game is running. If you have ever wondered how BattlEye actually catches a cheat, or why Vanguard insists on loading before Windows boots, or what it means for a PCIe DMA device to bypass every single one of these protections, this post is for you.
↫ Adrián Díaza
I hate that we need proprietary rootkits just to play competitive multiplayer games – we can chalk this up to a few sad people ruining the experience for everyone else, as so often happens. I have a dedicated parts bin Windows box just to play League of Legends (my one vice alright, nobody’s perfect) so I don’t really care if it has a proprietary rootkit running in the background as there’s not a single bit of valuable data on that machine, but for most people, that’s not realistic.
Virtually every League of Legends player hands over control of their entire computer to a proprietary rootkit developed and deployed by a company from China, whereas players of other popular online multiplayer games must install rootkits from companies from the United States. If anyone inside the governments of these countries ever wants to implement a backdoor in dozens (hundreds?) of millions of Windows machines, this is the way to go.
It’s an absolutely bizarre situation.
The conclusion sounds like the only real ways to fight cheating are: 1. remote attestation, 2. cloud gaming
Both two very dystopian options.
I’m not a gamer unless you count local minecraft creative peaceful, but people will cheat as long as it’s easy and they don’t get caught. I don’t know how many times I’ve said, “I don’t find much value in movie streaming platforms,” and have another computer person say, “yeah, just torrent it.” Yeah, just steal it. How many people would steal books from a book store? Less than will steal a movie online, although it’s the same thing. Why? Because they’re less likely to get caught. My moral structure doesn’t happen to allow me to lie or steal. Just the way it is. But I see it all the time. If it’s easy to steal, and easy to lie, many many people will do it. Fact. To me it appears we are lamenting simple predictable human nature – in this instance.