From both a technical perspective and if the maintainers of these anti-cheat will consider porting or re-writing kernel level anti-cheat to work on linux, is it possible? Do you think that the maintainers of kernel level anti-cheat will be adamant in not doing it, or that the kernel even supports it or will support it. I think that if it ever happens, there will be a influx of people moving to linux, or abandoning their duelboots, and that alot of people will hate that such a thing is available on linux.
I surely hope they never will, no user program should ever be allowed to run at kernel level, that’s what malware does.
I personally avoid those kind of games, but those who won’t can dual-boot.
Or…just don’t play those games.
99% of their communities are more toxic than radioactive waste. And, they are not open source and they don’t respect privacy. Because they are greedy.
It’s the other way around. Windows will stop supporting kernel level anti-cheat because of Crowdstrike
They want to provide APIs that basically do an equal job but will restrict direct access.
Good one
Sure hope not. If I wanted to run rookits I’d just use Windows. Why bother with Linux?
This is why I don’t want more Linux adoption and don’t understand people cheering every new user. We’re in a sweet spot where a lot of games enable userland anticheat while we don’t get kernel level ports (however they may be shipped doesn’t matter). The only thing that’ll come out of more adoption is kernel level anticheat ports that’ll probably work with a few corporate backed distros only and we’ll actually lose the games we have today. Because those will switch over the kernel level alternatives too.
The only way I’d like Linux to be a generic multiplayer platform is server side anticheats. It is very obviously the way to go and we are seeing extremely slow adoption (e.g. Marvel Rivals).
On one side, I’m one of those glad for people coming to Linux because Linux is truly fantastic and it can make your life easier on many things, I’m happy for them.
On the other side, I share your concerns, because everything that gets adopted by the masses is inevitably subject to enshittification, I would never want that to happen to Linux.
We should find a sweet middle-point tho I have no idea what that would be.
I think the more people who aren’t using corporate operating systems, the better.
I’m firmly against Microsoft, Red Hat, and Ubuntu.
TBH I’m not sure wider adoption would worsen things ? Gaming distros would probably ship bullshit anticheat modules by default while the others would not, or at most provide some documentation on how to opt in.
I think it’s quite similar to the situation with NVIDIA proprietary drivers? (I don’t own a graphics card so I’m not super aware on this topic)
My point is you would either have to run those modules on Linux or not play the games. Which is the same as running them on Windows or not play the games with the exception that you’d lose the games that run on Linux with userland anticheat now.
I can’t wait until I am able to give random programs kernel access on my system! That doesn’t sound problematic in the least! After all, I have the fullest confidence that for companies developing anticheat, my security is their highest concern! /s
From technical point of view it is possible. eBPF already has almost everything needed for doing that. And I think it can be done with a simple LKM but if they want it included in the main tree I’m sure they’ll get some colorful email from Linus.
I really want to see that email.
Absolutely nothing prevents somebody from writing a kernel level anticheat on Linux.
Users would throw a fit, and it would be way easier to bypass, but it certainly could be made.
Every IT-literate person fights kernel-lvl malware disguising as games with everything they got.
Since Linux has a high percentage of those, I hope those “solutions” will never spread
I’m not a programmer or cheater or anything, but I think the answer is yes and no. Yes it could technically be done and even work as intended as long as the device is locked down to prevent the user from replacing the shipped kernel (which would be a bad thing for users). However, savvy people could (in theory) make custom kernels that lie to the kernel module, causing the module to report there is no cheating when there is. It’s my understanding that it’s close to the current situation with Windows and virtual machines and anticheat: you can cheat by running your game in a VM and then have that virtual hardware extract secret information or flip bits in the right spots. Most competitive games will refuse to run in a VM for this reason.
Kernel level anti cheats require secure boot. You can’t just “lie” and load an unsigned kernel.
You can add your own signing keys to the UEFI and boot an modified bootloader and Kernel that you have signed yourself. So yes, it is possible to “lie”
For such a locked down system, akin to game consoles or smartphones, would be needed. And even those get jail broken and manipulated, so “total security” on there is not complete but easier to check and ensure. Another way to make sure that the code is not manipulated would be to put all those games into the cloud and have every player only play via streaming. All the code would then run on secured, locked down and verified machines.
And then your keys will be rejected by the anticheat. Just because you can sign your kernel and load it does not mean a kernel module can’t verify who signed it.
Yes, but with a modified Kernel you can fake what the anticheat reads when it checks the key, so you just feed it the key it wants to see instead of your own. The anticheat module would need run on a higher level then the Kernel itself to prevent that, for example alongside the CPU (like the Intel Management Engine).
I am not an expert on secure boot so I can’t tell whether that’s possible or not. But if it is, what stops people from doing that with Windows now?
You can’t really change the code of the windows Kernel and boot your own, that’s one of the things stopping people now
One way I can imagine it being some certified Linux kernel versions that are accepted and worked together with anticheat creators. That way Valve could use the Kernel in Steam Deck or SteamOS, so any game works out of the box. And other distribution users can just install this Kernel too, if their distributions provide it.
Anyone who don’t want to have Kernel level anticheat systems enabled on their system, do not need to install the Kernel. Therefore they are secure against it. But for anyone else who wants it, they can. At least this option would be a compromise.
I have 3 kernels installed anyway, what’s one more?
What does it even mean? People can recompile the kernel to turn the crap off.
And then the game wouldn’t work.
I hope to fuck not.
Is it possible to have kernel-level anti-cheat in Linux?
Yes, Absolutely. But, people would throw a fit. There is probably no way to opensource it without also making it easier to bypass. There would be a concerted effort to reverse engineer it and remove it from the system while maintaining functionality
Maintainers of anti-cheat software are not volunteers. If there was an order from management to port the system to Linux, it would happen. It’s just that with the Linux userbase as small as it is, it’s simply not profitable to cater to them.
I think that if it ever happens, there will be a influx of people moving to linux, or abandoning their duelboots
I fully disagree. The thing keeping regular people away from Linux as an OS is not that they can’t play some online game with Anti-cheat.
Linux is in a weird place right now. It’s actually a perfect fit for non-technical users that use their computers for email, web browsing, and Netflix, but those users don’t know what an operating system is, let alone that there are options. More technical users tend to require more specialized applications, and if there isn’t a native linux port available, you have to do some research for alternatives, or to find a way to run it in wine.
Windows is shitty, but it’s comfortable. And I know that it will run any software I throw at it with basically no research or troubleshooting.
There is probably no way to opensource it without also making it easier to bypass.
I want to highlight this in case OP missed it. Your point here is critical.
Now I’m going to nerd out a bit about it:
To expand on your points above (for OP), there’s an impasse here between the anti-cheat developer and the distro developers.
The anti-cheat developer needs support from the distro developer to get their anti-cheat packages signed, to allow them to run in the kernel. Any package not signed by the distro developer that tries to run at kernel level will be treated by the OS as a virus. (Windows has this protection as well.)
Getting the code signed is pretty easy. The only requirement is sharing the source code, so the distro developers can make sure there’s nothing nasty in it.
But the anti-cheat developers feel that they need to never share their source code, to prevent cheating. In some cases, they have even have contracts that prevent them from legally sharing parts of their source code (if licensed from a third party).
That’s also not a problem. All they have to do is sign a binding contract for secrecy with every contributor to the distro, and then privately share their source code, and get it signed.
On Windows, that means signing a contract with Microsoft. On Mac, with Apple.
But on Linux, is just means tracking down and making separate agreements with a few thousand independent individuals…
So the technical solution is pretty simple: share code, get code signed, run in kernel.
But the contrasting needs of everyone involved make it unlikely on Linux.
Interestingly, an Anti-cheat developer who felt very confident that their code was unbeatable, could just publish it publicly, and get it signed and running quite quickly.
But uh… Most anti-cheat is also pretty low quality code, according to most estimations.
It is probably actually easier to create on linux as it is foss and there are also good projects like eBPF which can maybe even simplify and make it more secure.
No.