Modern Day Anti-Cheat
In the modern day of gaming, online multiplayer games are a massive hit. The most popular of these as of the time of writing are the battle royale type games like Fortnite, Player Unknown’s Battlegrounds, and Apex Legends. With great popularity comes the unfortunate downside of players attempting to cheat to gain an advantage in these games. Cheats like aimbotting, where your aim is automatically provided for you for perfect accuracy on every shot no matter the distance, and wallhacking, where you can see important loot drops or other players through walls while they are unable to see you back, are two of the most typical kind of cheats a player may encounter. As there will always be cheaters, developers will always attempt to use anti-cheats to deter or prevent cheating.
Anti-cheats are software that are designed to prevent players from gaining an unfair advantage over another through the use of third-party tools, usually through software hooks. Not every anti-cheat is built the same and some have been making headlines as of recently. The Call of Duty: Warzone developers have recently announced their own kind of anti-cheat that they call RICOCHET. One of the major selling points that the developers mention in their blog is that RICOCHET has a kernel-level driver for detecting cheats on a PC player’s computer system. They make sure to state that the anti-cheat only runs and monitors Call of Duty activity whenever you boot up Call of Duty: Warzone or Call of Duty: Vanguard, which both run the anti-cheat.
So what is the importance of knowing that an anti-cheat is using a kernel-level driver? What is that even supposed to mean? To start: a kernel is a program that essentially runs your computer at the lowest possible level, meaning it has complete control over your system. The kernel is one of the most important things in your PC that you need in order to have it function properly. When it comes to anti-cheats, a kernel-level anti-cheat will essentially load when your computer first boots up and may prevent certain programs from being accessed or run. In theory: a kernel-level anti-cheat would disable potentially vulnerable drivers, preventing cheats from being loaded into kernel-level memory and being executed that way. The problem with that is that if the anti-cheat is active since the computer has booted up, then it could potentially disable a driver that other programs have to use to run. Another one of the biggest concerns is “what if the anti-cheat itself is vulnerable?” In that case, there isn’t much to do except hope that you aren’t affected by anyone attempting to hack into your own system.
One of the biggest concerns that most gamers have with this kind of anti-cheat is how intrusive the anti-cheat is to the system. Back in 2020, when Valorant was being released to the public in a beta with Riot’s new Vanguard anti-cheat, many people found it unexpectedly interfering with their other programs as it had shut down their other drivers. As Valorant is unable to be run without the Vanguard anti-cheat active, this had players uninstalling the anti-cheat until they wanted to play Valorant again. Over time, Riot has procedurally prevented Vanguard from blocking certain drivers in order to not cause issues as it had when it had first launched.
In other cases with other kernel-level anti-cheats, some have been found to actually impact game performance negatively. Denuvo Anti-Cheat is a kernel-level anti-cheat that was included with Doom Eternal which created a negative backlash with the gaming community. Like Vanguard, Denuvo was required to be installed and running in order for Doom Eternal to be played, which proved annoying especially to those who simply wanted to play the single player campaign. With user reports of getting terrible performance in the game with issues like stuttering frames and excessive loading times, some users even reported issues like getting blue screened or even the driver reinstalling itself without the game ever being run. With the major backlash the Denuvo anti-cheat was getting, Id Software quickly removed the anti-cheat from the game, with promises to better implement future anti-cheats in the future.
So why does it matter? Personally, I would not want to give any access to any kind of software that can alter my computer without my permission, especially if I am not informed beforehand that this software can do such a thing. While I do understand the need to combat as many cheaters as possible, it calls into question the extent of control we give to developers on our own systems. I do think how current kernel-level anti-cheat software works is fine for the time being, where they only run when the game is being run. It allows for a higher chance of cheating to be caught during the act of it while minimizing the potential risk of having kernel-level software running all the time.
It’s important to know what kind of anti-cheat your favorite games are running so here is a list of games with kernel-level anti-cheats which you can find here.
Here is some more additional information to continue reading as well as sources used to create this post.
https://levvvel.com/what-is-kernel-level-anti-cheat-software/
