Comment on Is it time to start a campaign against kernel-level anticheat?
atrielienz@lemmy.world 1 week agoWe literally have a cloudstrike report giving direct examples of how bad it is potentially as a vector for malware. Additionally it doesn’t solve the problem it aims to solve, as reported by several outlets because it doesn’t stop hardware level cheating, just potentially stops scripts. So you could absolutely enable cheats through a device like a keyboard and mouse or controller and the Anti-cheat does nothing.
Additionally though, I am not buying products with kernel level Anti-cheat and that is intentional, so I am not agreeing to the TOS or EULA of those games. If you add to this the fact that some games retroactively added kernel level anti-cheat, it’s bogus to assume that people are in the know or that they agreed to such things in the original TOS or EULA. Steam only recently made developers list kernel level anti-cheat on store pages for their game.
Also, kernel level anti-cheat in single player games is just ridiculous and invasive.
NuXCOM_90Percent@lemmy.zip 1 week ago
There are a few layers to that
First: The crowdstrike issue had little to nothing to do with any kernel level hooks. The issue was one of software engineering and deployment. It could just as easily have… taken out an entire country by triggering false positives that prevent systems from connecting to the network.
Second: You’ll ALSO note that even after… taking out an entire country businesses still use crowdstrike. Because it is that damned good at its job.
Third: Yes, Current anti-cheat solutions are less than effective at hardware based hacks. It is lamost like there is a reason that the Delta Force (?) game made a big deal about banning people for thumb drives. That kind of scanning and testing is coming.
Fourth: Crowdstrike is not something you install on your personal device (unless your job’s IT department are idiots). It is something you install on company owned devices.
Cool. I am also not. So no “rights” are being violated.
atrielienz@lemmy.world 1 week ago
AMD had a graphics driver blocked because kernel level Anti-cheat flagged it as a cheat program. Genshin Impact’s anti-cheat was literally used to stop anti-virus programs running on people’s computers and mass deploy ransomware, and the gaming industry as a whole is extremely lax about the security of their users. Several companies anti-cheat have been flagged by anti-virus software as malicious.
There are layers to the kernel level anti-cheat business too and people still do buy games with kernel level anti-cheat. The fact that that kind of scanning is coming isn’t acceptable which is the point. I choose not to spend my money at companies that enable this kind of crap in their games. That’s not enough. It should be facing opposition from every quarter specifically because it is not only invasive, but also only raises the barrier to entry at the detriment to user’s security, and which is likely to cause the same boom that things like the campaign against piracy did in the 80’s/90’s. People didn’t know they could cheat so easily and now they do. Congratulations this has done the opposite of what is intended.
pcgamer.com/ransomware-abuses-genshin-impacts-ker…
xda-developers.com/kernel-level-anti-cheat-tech-d…
NuXCOM_90Percent@lemmy.zip 1 week ago
Anti-viruses flag a lot of things. It is called a False Positive (or sometimes a “Someone didn’t pay us for an exception” Positive but…). It has nothing to do with something hooking into a kernel or just being a program you run in userspace.
I assume you are referring to trendmicro.com/…/ransomware-actor-abuses-genshin-…
Which… I’ll just raise you polygon.com/…/dark-souls-pvp-exploit-multiplayer-… which allows for ridiculously dangerous RCEs without needing any kernel level hooks at all. So…
THAT I do not disagree with in the slightest. Which is why I am glad that most studios outsource anti-cheat because they are not at all qualified to handle it themselves.
I mean this in the most inflammatory and blunt way imaginable:
Nobody gives a shit about you. Nobody gives a shit about me either.
We are two people. We don’t fucking matter. What matters is the people who play every single Riot game ever made for thousands of hours each. THEY spend money.
Like I said before: it is about accepting risk. Knowingly or unknowingly, it doesn’t matter any more than telling your parents that you must have gotten a virus from that pokemon cheat code rather than the hardcore pornography that came in exe form for some reason.
You don’t want to compromise your security more than you already do. Cool. Most people playing these games are fine with that if it reduces the odds that they have their free time ruined for them by aimbots and wallhacks. And… clearly there is merit to this approach if studios are willing to pay for it.
atrielienz@lemmy.world 6 days ago
What is your argument here? Is it that Anti-cheat is good? Is it that Anti-cheat is necessary? Is it that it’s bad but you feel my information is incorrect? Because you’re all over the place.