Making it super simple, it runs with full access on your machine, always. It can fuck anything up, and see everything. It can get your browser history, banking details or private messages you enter, activate your webcam or mic without you knowing, or brick your computer even.
And you can’t even check what it’s really doing on your computer because it’s a crime under US law.
ArchRecord@lemm.ee 1 month ago
To put it very simply, the ‘kernel’ has significant control over your OS as it essentially runs above everything else in terms of system privileges.
It runs at startup, so this means if you install a game with kernel-level anticheat, the moment your system turns on, the game’s publisher has software running on your system that can restrict the installation of a particular driver, stop certain software from running, or, even insidiously spy on your system’s activity if they wished to. (and reverse-engineering the code to figure out if they are spying on you is a felony because of DRM-related laws)
It basically means trusting every single game publisher with kernel-level anticheat in their games to have a full view into your system, and the ability to effectively control it, without any legal recourse or transparency, all to try (and usually fail) to stop cheating in games.
ampersandrew@lemmy.world 1 month ago
And it’s worth noting that trusting the game developer isn’t really enough. Far too many of them have been hacked, so who’s to say it’s always your favorite game developer behind the wheel?
sp3tr4l@lemmy.zip 1 month ago
Or, even better, when you let a whole bunch of devs have acces to the kernel…
… sometimes they just accidentally fuck up and push a bad update, unintentionally.
This is how CrowdStrike managed to Y2K an absurd number of enterprise computers fairly recently.
Its also why its … you know, generally bad practice to have your kernel just open to fucking whoever instead of having it be locked down and rigorously tested.
Funnily enough, MSFT now appears to be shifting toward offering much less direct access to its kernel to 3rd party software devs.
barlescharkley@lemmy.world 1 month ago
More importantly, if traditional anticheat has a bug, your game dies. Oh no.
If kernel level anticheat has a bug, your computer blue screens (that’s specifically what the blue screen is: a bug in the kernel, not just an ordinary bug that the system can recover from). Much worse. Sure hope that bug only crashes your computer when the game is running and not just whenever, because remember a kernel-level program can be running the moment your computer boots as above poster said
FeelzGoodMan420@eviltoast.org 1 month ago
Not all anti cheats run at startup. Some only run when you play a game. I think vanguard for valorant ran all the time at first and people were pissed. Meanwhile easy anti cheat runs only with a game. So it depends. It all sucks though.
ArchRecord@lemm.ee 1 month ago
That’s definitely true, I probably should have been a little more clear in my response, specifying that it can run at startup, but doesn’t always do so.
I’ll edit my comment so nobody gets the wrong idea. Thanks for pointing that out!
Katana314@lemmy.world 1 month ago
It’s not just trust of the game developer. I honestly believe most of them just want to put out profitable games. It’s trust that a hacker won’t ever learn how to sign their code in a way that causes it to be respected as part of the game’s code instructions.
There was some old article about how a black hat found a vulnerability in a signed virtual driver used by Genshin Impact. So, they deployed their whole infection package together with that plain driver to computers that had never been used for video games at all; and because Microsoft chose to trust that driver, it worked.
I wish I could find an article on it, since a paraphrased summary isn’t a great source. This is coming from memory.
catloaf@lemm.ee 1 month ago
That’s not an accurate description of the exploit you describe. It sounds like the attacker bundled a signed and trusted but known vulnerable version of the module, then used a known exploit in that module to run their own unsigned, untrusted code with high privileges.
This can be resolved by marking that signature as untrusted, but that requires the user to pull an update, and we all know how much people hate updating their PC.
Woodstock@lemmy.world 1 month ago
Thank you! Really clear and appreciate you taking the time to explain!