Kernel-level anti-cheats SUCK, and here’s why
There’s a growing trend in multiplayer games where developers deploy anti-cheat software that runs at the kernel level, with deep access to your hardware and operating system. Riot’s Vanguard is a well-known example of this kind of anti-cheat, running with the same privileges as the OS itself [1].
These anti-cheats also tend to conflict with each other. A real-world example was Battlefield 6 refusing to run if Riot Vanguard was installed, because both systems competed for low-level control [2].
On top of that, kernel-level anti-cheats introduce real performance and privacy risks. They can observe most running processes and system activity, and users have reported overhead, instability, and general system issues [3].
All of this is done largely to reduce the cost of proper server-side cheat detection. Instead, your PC becomes a constantly reporting client tied to their infrastructure. If anything goes wrong on their end, your system is the one exposed [4].
I would strongly advise against buying or supporting games from companies that operate like this. They treat you, the user, like a cow to be milked. They give zero shits about your privacy, and every “security” measure they add is another attack on it.
Protection SHOULD be done on the server side, never on the client. Trusting the client is the worst thing you can do in any web service. Any client-side protection can be inspected, modified, bypassed, or removed entirely. Going kernel-level doesn’t make an anti-cheat foolproof — cheaters can and do write their own kernel drivers [5].
To make things worse, some companies push misleading narratives about Linux being a major source of cheating. Community discussions around Apex Legends highlight this clearly [6].
According to Apex Legends developers, removing Linux support supposedly reduced cheating by 33%. This is honestly hilarious, considering the game experienced a major player drop during the same period. They also stated that Linux users made up only about 2% of the player base [7].
That logic simply does not hold up.
And in the end, this noisy and messy approach still fails to eliminate cheaters.
References
- https://en.wikipedia.org/wiki/Riot_Vanguard
- https://www.reddit.com/r/technology/comments/1mpv50v/battlefield_6_open_beta_wont_run_if_you_have
- https://tskkc.com/more/138428/kernel-level-anti-cheat-explained-how-it-works-and-risks
- https://leveluptalk.com/news/kernel-level-anti-cheat-gaming-risks-benefits/
- https://courses.csail.mit.edu/6.857/2021/projects/Lee-Jiang-Srinivasan-Wang.pdf
- https://www.reddit.com/r/linux_gaming/comments/1imv61k/
- https://www.reddit.com/r/apexlegends/comments/1ggi63h/