Blog – Reeyuki

Kernel-level anti-cheats SUCK, and here's why

There's a growing trend in multiplayer games where developers deploy anti-cheat software that runs at the kernel level, with deep access to your hardware and operating system. Riot's Vanguard is a well-known example, running with the same privileges as the OS itself ^[1].

These anti-cheats also tend to conflict with each other. Battlefield 6 refused to run if Riot Vanguard was installed because both systems competed for low-level control ^[2].

On top of that, kernel-level anti-cheats introduce real performance and privacy risks. They can observe most running processes and system activity, and users have reported overhead, instability, and general system issues ^[3].

All of this is done largely to reduce the cost of proper server-side cheat detection. Instead, your PC becomes a constantly reporting client. If anything goes wrong on their end, your system is the one exposed ^[4].

I would strongly advise against supporting games from companies that operate like this. They give zero shits about your privacy, and every "security" measure they add is another attack on it.

Protection SHOULD be done on the server side, never on the client. Any client-side protection can be inspected, modified, bypassed, or removed entirely. Going kernel-level doesn't make an anti-cheat foolproof, cheaters can and do write their own kernel drivers ^[5].

To make things worse, some companies push misleading narratives about Linux being a major source of cheating. Apex Legends developers claimed removing Linux support reduced cheating by 33% during the same period the game experienced a massive player drop, and Linux users were only ~2% of the base ^[6]^[7].

And in the end, this noisy approach still fails to eliminate cheaters.

Kernel-level anti-cheats SUCK, and here's why

References

Use Linux

Donations