Comment on Is it time to start a campaign against kernel-level anticheat?
NuXCOM_90Percent@lemmy.zip 1 week agoYou agree to that in the EULA/TOS of the game you want to play (and how legally binding that is is anyone’s guess). You just never read it (because nobody does).
The reality is that it is just another layer of risk. You are or are not choosing to install software on your personal computer that may or may not increase your risk level. It is no different than going to that website that makes your GPU spin up real hard or grabbing something from itch that is actually malware and so forth. Its why people increasingly suggest having a dedicated device for taxes and anything else private.
Personally? I understand the benefits to kernel level anti-cheat and, while we have no data as consumers, it is clearly effective considering the state of games today versus games in the 00s and publishers are willing to allocate funds for it. I still firmly believe that there are better methods that involve analysis of player behavior but I also understand the compute costs of that will be insane.
But also? I don’t want that shit on my computer (not that it would work because… Linux). So I choose not to play the games that require it. It means I miss out on some games but the good news is that there are way more games out there than I can ever play.
atrielienz@lemmy.world 1 week ago
We literally have a cloudstrike report giving direct examples of how bad it is potentially as a vector for malware. Additionally it doesn’t solve the problem it aims to solve, as reported by several outlets because it doesn’t stop hardware level cheating, just potentially stops scripts. So you could absolutely enable cheats through a device like a keyboard and mouse or controller and the Anti-cheat does nothing.
Additionally though, I am not buying products with kernel level Anti-cheat and that is intentional, so I am not agreeing to the TOS or EULA of those games. If you add to this the fact that some games retroactively added kernel level anti-cheat, it’s bogus to assume that people are in the know or that they agreed to such things in the original TOS or EULA. Steam only recently made developers list kernel level anti-cheat on store pages for their game.
Also, kernel level anti-cheat in single player games is just ridiculous and invasive.
NuXCOM_90Percent@lemmy.zip 1 week ago
There are a few layers to that
First: The crowdstrike issue had little to nothing to do with any kernel level hooks. The issue was one of software engineering and deployment. It could just as easily have… taken out an entire country by triggering false positives that prevent systems from connecting to the network.
Second: You’ll ALSO note that even after… taking out an entire country businesses still use crowdstrike. Because it is that damned good at its job.
Third: Yes, Current anti-cheat solutions are less than effective at hardware based hacks. It is lamost like there is a reason that the Delta Force (?) game made a big deal about banning people for thumb drives. That kind of scanning and testing is coming.
Fourth: Crowdstrike is not something you install on your personal device (unless your job’s IT department are idiots). It is something you install on company owned devices.
Cool. I am also not. So no “rights” are being violated.
atrielienz@lemmy.world 1 week ago
AMD had a graphics driver blocked because kernel level Anti-cheat flagged it as a cheat program. Genshin Impact’s anti-cheat was literally used to stop anti-virus programs running on people’s computers and mass deploy ransomware, and the gaming industry as a whole is extremely lax about the security of their users. Several companies anti-cheat have been flagged by anti-virus software as malicious.
There are layers to the kernel level anti-cheat business too and people still do buy games with kernel level anti-cheat. The fact that that kind of scanning is coming isn’t acceptable which is the point. I choose not to spend my money at companies that enable this kind of crap in their games. That’s not enough. It should be facing opposition from every quarter specifically because it is not only invasive, but also only raises the barrier to entry at the detriment to user’s security, and which is likely to cause the same boom that things like the campaign against piracy did in the 80’s/90’s. People didn’t know they could cheat so easily and now they do. Congratulations this has done the opposite of what is intended.
pcgamer.com/ransomware-abuses-genshin-impacts-ker…
xda-developers.com/kernel-level-anti-cheat-tech-d…
NuXCOM_90Percent@lemmy.zip 1 week ago
Anti-viruses flag a lot of things. It is called a False Positive (or sometimes a “Someone didn’t pay us for an exception” Positive but…). It has nothing to do with something hooking into a kernel or just being a program you run in userspace.
I assume you are referring to trendmicro.com/…/ransomware-actor-abuses-genshin-…
Which… I’ll just raise you polygon.com/…/dark-souls-pvp-exploit-multiplayer-… which allows for ridiculously dangerous RCEs without needing any kernel level hooks at all. So…
THAT I do not disagree with in the slightest. Which is why I am glad that most studios outsource anti-cheat because they are not at all qualified to handle it themselves.
I mean this in the most inflammatory and blunt way imaginable:
Nobody gives a shit about you. Nobody gives a shit about me either.
We are two people. We don’t fucking matter. What matters is the people who play every single Riot game ever made for thousands of hours each. THEY spend money.
Like I said before: it is about accepting risk. Knowingly or unknowingly, it doesn’t matter any more than telling your parents that you must have gotten a virus from that pokemon cheat code rather than the hardcore pornography that came in exe form for some reason.
You don’t want to compromise your security more than you already do. Cool. Most people playing these games are fine with that if it reduces the odds that they have their free time ruined for them by aimbots and wallhacks. And… clearly there is merit to this approach if studios are willing to pay for it.