Key Takeaways
- Kernel-level anti-cheats grant extensive access and pose potential security risks to users’ PCs.
- Balancing fairness in competitive gaming with user security remains a challenge for game developers.
- Players should be cautious about allowing kernel-level anti-cheat software on their personal machines.
The latest anti-cheat software being developed by big-name game developers, like Riot Games and EA, is implemented at the kernel level. While it might make gameplay more fair, it could also have an impact on your computer’s security.
The operating system kernel is responsible for necessary processes to keep your machine running smoothly, including memory management and resource allocation. Crucially, the kernel has the lowest level of access to your computer’s resources—it has access to parts of the computer that even you, as the user, don’t.
A kernel-level anti-cheat is installed directly into the OS kernel. Where most applications are self-contained in their place on your machine, a kernel-level anti-cheat has the same level of access to your hardware and applications as the kernel itself.
The anti-cheat will boot as part of the kernel’s functions, making it a constant background process.
This lets the software look outside the scope of the game to check for tools that might impact gameplay, like aimbots.
Kernel-level anti-cheats are a clever solution to monitor competitive integrity in online games, many of which are esports. Counter-Strike has a longstanding successful esports scene, with one of the largest prize pools of any current esport, so ensuring that professional play is rigorous is understandable. After all, professional athletes are tested against steroid use! Counter-Strike tournaments have been using the kernel-level anti-cheat software Faceit since its launch in 2016, so the technology itself isn’t new.
However, allowing companies to install software with this level of access onto your machine seems like overkill for the average at-home gamer. With anti-cheat software able to monitor all programs on your machine, you run the risk of facing bans (many of them being hardware) for having any program deemed suspicious with no recourse to challenge it. Giving large companies to have such unfettered access to your PC, superseding your own access rights, sets a potentially dangerous precedent that could affect the safety of your PC and your data.
Externally downloaded applications that you cannot control or see are eerily reminiscent of malware, with these types of software being rootkits. In fact, in 2013, an anti-cheat provider was fined for installing hidden Bitcoin miners. While extreme, it’s a cautionary tale in allowing rootkits on your machine. You are entirely reliant on an anti-cheat provider employing best practices.
When Riot launched Vanguard (their proprietary anti-cheat solution) into the existing popular game and esport League of Legends, users complained of PC crashes. It’s not confirmed that Vanguard was the cause of these crashes, but a malfunction of a kernel-level driver has whole-system ramifications compared to a user-level application like Discord.
What’s concerning, is that any weaknesses in these systems which can be exploited aren’t just localized to one application, but the entire system. Compound that with the fact that more game developers are shipping their own kernel-level anti-cheats, and you now have several potential points of failure within your OS kernel. That’s a pretty significant risk, especially when most PC gamers are unlikely to have a dedicated machine just for gaming.
Cheats in multiplayer games fundamentally damage the experience for players, and there’s a big incentive for developers to keep their anti-cheat software sharp and effective. Add into the mix a multi-million dollar esports scene, and it becomes clear that tackling sophisticated cheats is a high priority for game developers.
However, strong-arming players into downloading kernel-level software onto their personal machines in order to play games is an uncomfortable proposition that extends beyond fairness. Asking players to compromise their machine safety to play games is unreasonable, and relies on players not understanding the risks involved in kernel-level software.
Developers need to be held accountable for protecting the rights of their player base with extensive and transparent privacy policies, while also returning control to the user. There is no reason why anti-cheat software needs to be running as a background process when you are not playing a game, or if you are using hacks for single-player games. However, until there’s ample incentive for developers, this is unlikely to change.
Kernel-level anti-cheats are becoming standard practice across many competitive games, so it’s ultimately your choice to decide if a particular game is worth the potential risk to your PC. If you have multiple machines and a dedicated gaming PC, you’re probably okay, otherwise it seems wise to limit the number of anti-cheat apps you have installed, or even opt out of having them at all.
It’s unlikely that developers will move away from kernel-level anti-cheat anytime soon without pressure from the gaming community, but don’t underestimate your power as a player. Your voice, along with everyone else, matters.
