Will kernel-level anti-cheat ever work on linux?
From both a technical perspective and if the maintainers of these anti-cheat will consider porting or re-writing kernel level anti-cheat to work on linux, is it possible? Do you think that the maintainers of kernel level anti-cheat will be adamant in not doing it, or that the kernel even supports it or will support it. I think that if it ever happens, there will be a influx of people moving to linux, or abandoning their duelboots, and that alot of people will hate that such a thing is available on linux.
Godort
in reply to SpiderUnderUrBed • • •Is it possible to have kernel-level anti-cheat in Linux?
Yes, Absolutely. But, people would throw a fit. There is probably no way to opensource it without also making it easier to bypass. There would be a concerted effort to reverse engineer it and remove it from the system while maintaining functionality
Maintainers of anti-cheat software are not volunteers. If there was an order from management to port the system to Linux, it would happen. It's just that with the Linux userbase as small as it is, it's simply not profitable to cater to them.
I fully disagree. The thing keeping regular people away from Linux as an OS is not that they can't play some online game with Anti-cheat.
Linux is in a weird place right now. It's actually a perfect fit for non-technical users that use their computers for email, web browsing, and Netflix, but those users don't know what an operating system is, let alone that there are options. More technical users tend to require more specialized applications, and if there isn't a native linux port available, you have to do some research for alternatives, or to find a way to run it in wine.
Windows is shitty, but it's comfortable. And I know that it will run any software I throw at it with basically no research or troubleshooting.
Nanook
in reply to Godort • •pinball_wizard
in reply to Godort • • •I want to highlight this in case OP missed it. Your point here is critical.
Now I'm going to nerd out a bit about it:
To expand on your points above (for OP), there's an impasse here between the anti-cheat developer and the distro developers.
The anti-cheat developer needs support from the distro developer to get their anti-cheat packages signed, to allow them to run in the kernel. Any package not signed by the distro developer that tries to run at kernel level will be treated by the OS as a virus. (Windows has this protection as well.)
Getting the code signed is pretty easy. The only requirement is sharing the source code, so the distro developers can make sure there's nothing nasty in it.
But the anti-cheat developers feel that they need to never share their source code, to prevent cheating. In some cases, they have even have contracts that prevent them from legally sharing parts of their source code (if licensed from a third party).
That's also not a problem. All they have to do is sign a binding contract for secrecy with every contributor to the distro. On Windows, that means signing a contract with Microsoft. On Mac, with Apple. On Linux, is just means tracking down and making separate agreements with a few thousand independent individuals...
So the technical solution is pretty simple, but the contrasting needs of everyone involved make it unlikely.
MachineFab812
in reply to SpiderUnderUrBed • • •I think its less a question of the technical feasibility, and more of an issue that we, as users, don't want more closed-source blobs in our kernels. Meanwhile, the publishers insist that they can't open-source their anti-cheat code; Their idea being that if we know what's in it, it will be easier to bypass.
Basically, one distro or a few(at most) may get anti-cheat integrated one day(like, say, SteamOS), but it will likely never be in your standard Linux kernal.
They could go the rought of kernel modules, I would think, but for whatever reason, we're still having this conversation.
unprovenbreeze
in reply to MachineFab812 • • •Valve also has server side anticheat in his games (Counter Strike or Deadlock). They are also against it.
Kernel-level anticheats can be bypassed anyways, but they are the easy solution for the corps that want to sell their multiplayer game.
Nanook
in reply to MachineFab812 • •thingsiplay
in reply to SpiderUnderUrBed • • •One way I can imagine it being some certified Linux kernel versions that are accepted and worked together with anticheat creators. That way Valve could use the Kernel in Steam Deck or SteamOS, so any game works out of the box. And other distribution users can just install this Kernel too, if their distributions provide it.
Anyone who don't want to have Kernel level anticheat systems enabled on their system, do not need to install the Kernel. Therefore they are secure against it. But for anyone else who wants it, they can. At least this option would be a compromise.
vrighter
in reply to thingsiplay • • •thingsiplay
in reply to vrighter • • •Besides your argumentation that open source is less secure, a driver or program does not need to be in the Kernel to work with it. Does it? Kernel level anti cheat systems are available on Windows too, without being in the Windows Kernel. All it needs is a Kernel module to load it separately. Something like the Nvidia proprietary driver. I don't know if this would work for Anticheat.
Back to your point of open source and code around it. Well they code around the proprietary tools too. Reverse engineering stuff is possible. So your argumentation is a bit weak. Open Source means more people are looking into and its actually more secure and up to date (for common and actually developed drivers).
And you don't have to use it, if you don't like. How about letting people give options instead calling something they want or need being useless? It has a use and reason, so its by definition not useless. Instead using Windows, they could use Linux.
vrighter
in reply to thingsiplay • • •dan
in reply to SpiderUnderUrBed • • •AFAIK Microsoft have plans to block kernel level anti-cheat on Windows. After the CrowdSec issues last year, they're rethinking which types of programs should even be allowed to run in kernel space.
Edit: I was wrong. They actually want to increase what can be done in user mode, to reduce reliance on kernel mode code.
JTskulk
in reply to SpiderUnderUrBed • • •coconut
in reply to JTskulk • • •Magiilaro
in reply to coconut • • •You can add your own signing keys to the UEFI and boot an modified bootloader and Kernel that you have signed yourself.
So yes, it is possible to "lie"
For such a locked down system, akin to game consoles or smartphones, would be needed. And even those get jail broken and manipulated, so "total security" on there is not complete but easier to check and ensure.
Another way to make sure that the code is not manipulated would be to put all those games into the cloud and have every player only play via streaming. All the code would then run on secured, locked down and verified machines.
Joe
in reply to Magiilaro • • •Another technique that helps is to limit the amount of information shared with clients to need to know info. This can be computationally intensive server-side and hard to get right .. but it can help in many cases. There are evolving techniques to do this.
In FPS games, there can also be streaming input validation. eg. Accurate fire requires the right sequence of events and/or is used for cheat detection. At the point where cheats have to emulate human behaviour, with human-like reaction times, the value of cheating drops.
That's the advanced stuff. Many games don't even check whether people are running around out of bounds, flying through the air etc. Known bugs and map exploits don't get fixed for years.
coconut
in reply to SpiderUnderUrBed • • •Sure hope not. If I wanted to run rookits I'd just use Windows. Why bother with Linux?
This is why I don't want more Linux adoption and don't understand people cheering every new user. We're in a sweet spot where a lot of games enable userland anticheat while we don't get kernel level ports (however they may be shipped doesn't matter). The only thing that'll come out of more adoption is kernel level anticheat ports that'll probably work with a few corporate backed distros only and we'll actually lose the games we have today. Because those will switch over the kernel level alternatives too.
The only way I'd like Linux to be a generic multiplayer platform is server side anticheats. It is very obviously the way to go and we are seeing extremely slow adoption (e.g. Marvel Rivals).
Bogasse
in reply to coconut • • •TBH I'm not sure wider adoption would worsen things. Gaming distros would probably ship bullshit anticheat modules by default while the others would not, or at most provide some documentation on how to opt in.
I think it's quite similar to the situation with NVIDIA proprietary drivers? (I don't own a graphics card so I'm not super aware on this topic)