this post was submitted on 30 Oct 2024
1360 points (98.5% liked)

Games

32329 readers
2607 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
1360
Steam games will now need to fully disclose kernel-level anti-cheat on store pages (www.gamingonlinux.com)
submitted 1 day ago by [email protected] to c/[email protected]
153 comments fedilink hide all child comments
 

Now if only they could more clearly communicate when games are playable offline.

(page 3) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 20 points 1 day ago (7 children)

Why is kernel-level anti-cheat even a thing?

If I was trying to prevent cheating, I'd hash the relevant game files, encrypt the values, and hard-code them into the executable. Then when the game is launched, calculated the hash of the existing files and compare to the saved values.

What is gained by running anti-cheat in kernel mode? I only play single-player games, so I assume I'm missing something.

[–] [email protected] 14 points 1 day ago (2 children)

Modern cheats for multiplayer games don't modify local files (or attribute values in memory), since the server validates everything anyway. They're about giving you information that's available but not shown in the game (like see-through walls, or exact skill ranges), or manipulate input (dodge enemy damage, easy combos). Those cheat can run in kernel mode (or at least evade detection from user mode), so the anti-cheat needs kernel mode to be more effective.

load more comments (2 replies)
[–] [email protected] 10 points 1 day ago (1 children)

And then a game gets updated so the hashes don't match and uh oh, everything is fucked. Oh, but we can change the hashes of the files in the executable! Yeah, so can they. People modding shit into the executable is basically a given. Let alone the fact that you'd need to sit through a steam "validation of files" length of time every time you'd need to launch a game (because validation works exactly as you have described).

What is gained is that it has access to more information. Some cheats use an entirely different program / process that reads memory and outputs info that is available to the game but hidden from the player. Like a client needs to know where a person on the other team is to be able to draw their model. So you read that, you put a little box over where they are, and bang you have wallhacks.

[–] [email protected] 6 points 1 day ago

I think the popular thing now is to mod your mouse so it clicks on the enemy player's head.

[–] [email protected] 10 points 1 day ago

They can prevent you from running cheats that other anti-cheats can't detect. For instance, they could modify the value in memory so that your calculated hash always succeeds even when it's modified. This doesn't stop cheating though; it just means cheaters have to use cheat hardware that exists at a layer that even kernel anti-cheat can't detect.

load more comments (4 replies)
[–] [email protected] 10 points 1 day ago (2 children)

I do everything important like banking etc on a separate device that isn't my gaming PC. This has been quite liberating since I worry less about invasive anti-cheat, drm etc. I realize not everyone wants to do this but it's been a nice compromise.

[–] [email protected] 1 points 23 hours ago* (last edited 23 hours ago)

For me anything important is done in the browser (very rarely) and mostly on the phone.

load more comments (1 replies)
[–] [email protected] 5 points 1 day ago (2 children)

I wish Valve would just ban them. It's weird to have something that looks like pure malware in a Game store.

[–] [email protected] 1 points 21 hours ago

They will be gone with time, but not because anything that Valve does. Microsoft is locking down the kernel after the CrowdStrike debacle. In a few years it will be impossible to run any custom kernel code.

load more comments (1 replies)
[–] [email protected] 6 points 1 day ago (1 children)

Probably a pessimistic take, but I don't expect this to have any discernable impact on sales, or any other effects that would discourage publishers from these practices. The average user doesn't care about or understand how these things work; they'll see an anti-cheat warning on the store page and think "Okay, tell the colonel I'll be on my best behavior then" and continue to buy the game.

load more comments (1 replies)
[–] [email protected] 5 points 1 day ago (3 children)

Not to be annoying, but can someone please ELI5 how kernel level anti-cheat software actually works, or link good resources where I can read about it.

[–] [email protected] 13 points 1 day ago

Eli5: your PC has different access levels a program can run at. This prevents a malicious or badly coded program from completely fucking your computer. Kernel level anti cheat runs at the lowest level access that exists under windows. It can do basically whatever it wants to your PC, and if a backdoor is coded in (happens way more than you'd think), it gives malware basically total access to your PC.

load more comments (1 replies)
[–] [email protected] 3 points 1 day ago

god damn right!

[–] [email protected] 2 points 1 day ago

Nice.

[–] [email protected] -1 points 1 day ago (5 children)

I imagine the alternative way to combat kernel-level cheats would be asking player for all his game state data, validating it on a server?

Wouldn't work on peer-to-peer and you'd have to do a bunch of unnecessary compute(recalculating every tick if player-generated data is possible according to game rules) but its the only way I can think of.

[–] [email protected] 4 points 1 day ago (1 children)

That does not detect things like wall hack and aim-bots that don't modify the game state directly.

[–] [email protected] 1 points 23 hours ago (1 children)

Don't tell the client what's going on outside its vision, I suppose? Add a small buffer to compensate for latency, so wall hack would be more of a "corner hack".

load more comments (1 replies)
load more comments (4 replies)
load more comments
view more: ‹ prev next ›