I’m not exactly knowledgeable when it comes to kernel stuff and cheating in general. But couldn’t Linux say have some functionality in the kernel that will never lie about what apps are running and games as such as this can then query that against a blacklist for anti cheat?
That’s a major security breach.
Imagine a piece of malware using that same API to spy on other programs…
There’d need to be a way for a user to tell the kernel which app can do that, and that’s a lot of trust to put into a fleeting app that’ll stop working when too few micro transactions are being done and too much trust to put into a user which may may be giving this permission to random programs, which may sometimes be evil.
I’m not exactly an expert either, but as far as I know there’s nothing stopping you from modifying your own kernel on Linux if you’re a hardcore enough Linux dork who knows how to. This is part of the reason anti-cheat developers love Windows and hate Linux, the Windows kernel is practically considered a black box that no normal user is ever supposed to touch, and Microsoft tries reasonably hard to make sure it isn’t (I had to disable Secure Boot and virtualization in my bios, and add a sketchy looking second boot option to the Windows Boot Manager, back when I paid for cheats in games). This doesn’t really work (as evidenced by the existence of kernel level cheats), but that’s the philosophy.
On Linux, there are no “normal users”. Some people run Arch for fun. Some people run Gentoo for fun. It’s the Wild God Damn West. Ergo, you can say “well the kernel will have this functionality built in”, and that’s all fine well and good – but there is nothing stopping someone else from coming along, yanking it out (or better still, modifying it to always pass “yep no cheats here” to any anti-cheat, even when there are), and recompiling their own kernel; because the design philosophy in Linux (for the most part) seems to be that the meatbag sitting at the keyboard is God, not some corporation. Which, considering how Microsoft is enfuckening Windows, I consider a good thing.
Kernel anti-cheat is a bodge, a stopgap, a last-ditch effort to save money instead of hiring staff that actually give a shit about supporting a game for people who’ve already parted with their money and moderating it properly. You know the only games I was never able to cheat in/didn’t see many cheaters in/didn’t ever really want to cheat in, for that matter? The games where the developers actually gave a shit, made a good game that didn’t exploit the player, and paid moderators to do a good job keeping it free of other shitheads. Kernel anticheat wasn’t even a speedbump, not then and I doubt it would be now. It’s a shortcut taken by lazy and/or greedy companies who would rather compromise user security and eke out a few more percentage points of net profit up-front instead of investing in the long-term health of their community.
disclaimer: I am not a hardcore linux dork. I like Linux Mint nowadays and have for the past couple years because it just works and doesn’t give me shit. I could be wrong, but that’s the gist of it as it is understood by me.
There is a way to kinda make this work, this would be hardware based security. You could use a TPM to make reasonably sure the kernel is e.g. mainline / hardened / anything else acceptable. Hardware vendors (i.e. Intel, AMD etc.) would have to provide a service where they hash the kernel alongside their keys for the game devs to check against (probably not for free). You would absolutely have to use Secure Boot tho, and eventually keys may be leaked. Another possibility would be devs connecting directly to your TPM to make sure (afaik this is possible in principle, but not mean to be used that way).
I think there are easier ways to prevent cheating tho, for example simply detecting suspicious activity on the server side, i.e. stats go way up, looking at data coming from clients other than yours.
Okay, but the root of the issue is still that anti-cheat is just the lazy way to keep people from cheating.
@UnfortunateShort @archonet
That would essentially be a closed source fork of the kernel.The GPL requires the end user be allowed and not prevented from making whatever change they wish to the kernel.
The people who want a closed source kernel can use the NT kernel.
It’s impossible for anything but the kernel (the user chooses) to know what software is running. Tpm and kernel features can be emulated and spoofed.
Tpm already has known exploits, which leads to it not being reccommended for disk encryption. A lot of not so old pc’s don’t even have a tmp 2.0 chip.
Secure Boot is useless for this because the user can just enroll their own keys. You can’t prevent this, because you can just mod the bios. Replacing the stock secure boot keys is trivial using uefi-tool. Pretty much every motherboard only checks the bios signature when flashing, my prvious motherboard (<7 Years old) didn’t even do that.
Also currently the only way for secure boot on linux is either using shim which the user can enroll thier own keys into or enrolling their own keys directly into the bios.
Many phone manufacturers tried forcing secure boot, and failed. I bypassed such attempts on 3 devices, the manufacturer of one of them tried to fix the exploits twice and still failed to do so.
Also how should the server know that the game itself wasn’t modified to just emulate everything.
Even Intels attempt at preventing this with “secure computing” with sgx didn’t work. See this: https://media.ccc.de/v/670321a9-75f4-4194-867d-a249aa01af0b
It’s the same problem that electronic voting machines have, how does an external person/server know that the correct software is running on the computer? It’s impossible.
Also aren’t we using Linux because we want the freedom to run what ever we want on our computers?
Server side only anti-cheats are the only solution.
Fully agree with this. I’m far from an expert either, but I saw a YouTube video once, which was depressing, showing how people can cheat nowadays. It just involves custom hardware that “pretends” to be the mouse/monitor/… It doesn’t even cost you a fortune.
Congratulations: your kernel anti cheat does fuck all as the cheat is running on the external hardware before forwarding the info to the pc.
Server-Side anti-cheat is imo the only solution. I have no idea how else to fix this issue. It all seems like a patch to try and make your client trustworthy. Something it inherently isn’t. I realize this is a lot easier said than done.
Hell, a determined person could even run two kernels at once.
