Noob question: has anyone confirmed that it’s really running in userspace on linux or win gaming tech forums yet? Doesn’t effective anti-cheat require root privileges?
This is a pretty important thing to validate, in my opinion.
Unless it actually behaves like malware and attempts multiple workarounds to obtain root privileges that I should know about, it does run in userspace for me.
Perhaps later today I’ll spin up the game and check lsmod, but if I’m wrong that’s a massive black flag that has absolutely no chance of being legal no matter how many eula roofies they spiked my drinks with.
Done, no weird kernel module was loaded: unless nProtect is pulling a sneaky, it’s running in user mode.
This is a subject I’ve been meaning to start researching and poking around with a bit. Due to work/time requirements, I haven’t been able to run a profiler on anti-cheat services on either of my Windows or my Kubuntu boxes. Any information that you’re willing to share is much appreciated. Thank you, in advance!
I’m not using a VM, I don’t think it would work with Windows + the kernel level anticheat; I also haven’t tried poking around with the AC, I guess it does prevent simple memory manipulation with things like scanmem but I’m not willing to risk 40€ just for science.
I’ll try doing the lsmod thing and edit the comment you replied to, in a bit
I suppose that a legitimate argument for anti-cheat could be griefing, but then the host could just boot the player based on a basic voting system. In general I was curious to see “what’s under the hood” of a kernel-level and a userspace-level anti-cheat service and what are the implicit security risks for an average user.
In general I was curious to see “what’s under the hood” of a kernel-level service and a userspace-level anti-cheat and what are the implicit security risks for an average user.
This answer isn’t very satisfying, but the risk is complete and total. A kernel module can do anything and can hide what its doing.
A userspace anti-cheat has a wider range of risk. For example on Linux you can sandbox it so its quite safe in that case.
On Windows the most common issues user report are things like kernel crashes, corruption, etc. Things that should never happen in kernel space and potentially break an installation. These are honestly amateur projects that don’t belong there.
I think the most compelling for me was something like in MW2 back in the day hacked lobbies fucking up a your stats. Something similar in hd2 could ruin it for some.
In Helldivers 2’s case, say a cheater forces everyone in that mission to max out samples/medals/super credits, it entirely kills the progression and takes away a reason to keep playing unless it’s reverted safely, which then means that mission was pointless because someone else used cheats.
The solution to that is to rework how rewards are calculated, maybe do some sanity checks with the server, not seize super admin control of personal hardware.
For me, since I use the flatpak version of steam, at no point have I ever provided the admin password in order to install steam or any game. It, like all of my desktop software, runs in it’s own little sandbox that has limited access to the rest of the computer. It would take a somewhat sophisticated attack for an anticheat to actually run in kernalspace on the host os.
But that’s also why companies like riot have their anticheat block Linux from running the game at all.
If Linux becomes a populate enough platform, I’m sure cheaters will start using it to get around anticheat and something else will have to be done. Until then, I’m happy knowing this is a problem that I can mostly avoid.
Noob question: has anyone confirmed that it’s really running in userspace on linux or win gaming tech forums yet? Doesn’t effective anti-cheat require root privileges?
This is a pretty important thing to validate, in my opinion.
Unless it actually behaves like malware and attempts multiple workarounds to obtain root privileges that I should know about, it does run in userspace for me.
Perhaps later today I’ll spin up the game and check
lsmod, but if I’m wrong that’s a massive black flag that has absolutely no chance of being legal no matter how many eula roofies they spiked my drinks with.Done, no weird kernel module was loaded: unless nProtect is pulling a sneaky, it’s running in user mode.
Thank you for your service
Without people like you we’d all be relying on hearsay… I mean like even moreso than relying on a stranger’s comment :)
This is a subject I’ve been meaning to start researching and poking around with a bit. Due to work/time requirements, I haven’t been able to run a profiler on anti-cheat services on either of my Windows or my Kubuntu boxes. Any information that you’re willing to share is much appreciated. Thank you, in advance!
I’m not using a VM, I don’t think it would work with Windows + the kernel level anticheat; I also haven’t tried poking around with the AC, I guess it does prevent simple memory manipulation with things like
scanmembut I’m not willing to risk 40€ just for science.I’ll try doing the
lsmodthing and edit the comment you replied to, in a bitIt is impossible to run in kernel without being explicitly given that permission.
Client anitcheat is never perfect, it is slightly better in kernel but that just caused more issues for legitimate customers.
None of this even makes sense as HD2 isn’t a PvP game.
I suppose that a legitimate argument for anti-cheat could be griefing, but then the host could just boot the player based on a basic voting system. In general I was curious to see “what’s under the hood” of a kernel-level and a userspace-level anti-cheat service and what are the implicit security risks for an average user.
This answer isn’t very satisfying, but the risk is complete and total. A kernel module can do anything and can hide what its doing.
A userspace anti-cheat has a wider range of risk. For example on Linux you can sandbox it so its quite safe in that case.
On Windows the most common issues user report are things like kernel crashes, corruption, etc. Things that should never happen in kernel space and potentially break an installation. These are honestly amateur projects that don’t belong there.
I think the most compelling for me was something like in MW2 back in the day hacked lobbies fucking up a your stats. Something similar in hd2 could ruin it for some.
In Helldivers 2’s case, say a cheater forces everyone in that mission to max out samples/medals/super credits, it entirely kills the progression and takes away a reason to keep playing unless it’s reverted safely, which then means that mission was pointless because someone else used cheats.
The solution to that is to rework how rewards are calculated, maybe do some sanity checks with the server, not seize super admin control of personal hardware.
For me, since I use the flatpak version of steam, at no point have I ever provided the admin password in order to install steam or any game. It, like all of my desktop software, runs in it’s own little sandbox that has limited access to the rest of the computer. It would take a somewhat sophisticated attack for an anticheat to actually run in kernalspace on the host os.
But that’s also why companies like riot have their anticheat block Linux from running the game at all.
If Linux becomes a populate enough platform, I’m sure cheaters will start using it to get around anticheat and something else will have to be done. Until then, I’m happy knowing this is a problem that I can mostly avoid.