Cheat Maker Is Not Afraid of Call of Duty’s New Kernel-Level Anti-Cheat

Games giant Activision wants to kick out cheaters from its massively popular Call of Duty games with a new anti-cheat system that will run with the highest privileges on users' computers. 


This is a companion discussion topic for the original entry at https://www.vice.com/en_us/article/z3xjqa/cheat-maker-is-so-far-not-afraid-of-call-of-dutys-new-kernel-level-anti-cheat

“Kernel-level anti-cheat” gives me bad vibes.

7 Likes

Great article by Lorenzo as always!

I’m not sure why companies think kernel level anti cheat is some silver bullet. They do realize cheat developers can also make kernel level cheats right? Riot proclaimed their kernel level anti cheat would solve all cheating problems and yet they still have cheaters. Like they said in the interview, it will weed out the people who can’t write more sophisticated cheats but this isn’t a solution that giving a company full access to your computer can solve.

These kernel level anti cheat systems are also worryingly a point of failure. I will be honest I would rather trust a cheat developer with kernel level access to my machine then I would Activision Blizzard or Riot. The cheat developer isn’t going to screw me over because they want the long term subscription. On the other hand I guarantee you anyone trying to get into Riot or Activisions systems is going to be aiming for their kernel level anti cheat in some way. That’s such a huge gold mine if it gets poisoned. You’re talking millions of players with infected machines potentially at a level of the OS that would require a full rebuild most likely just because anyone who has that level of access could establish whatever other backdoors they want.

Then you have the political side of this. Government agencies can pressure Activision Blizzard or Riot into giving them access. If a government identifies someone via their gamer tag I am willing to bet they could pressure either company into giving them access to the users machine. These anti cheats are already scanning hard drives for specific hashes, what if the FBI gives them a list of hashes and says “Alert us if you see any of these”?

3 Likes

Yeah, like…if a player can manipulate game state locally, they can build a cheat engine for it. You’d almost have to make an entirely cloud-based game to cut off cheating, and even then the amount of security checking you’d have to drop to reduce latency might wind up leaving you open for something bad.

Maybe if we could one day get a form of dockerization for online PC games. Where if the game is multiplayer, devs can make a game that installs in an isolated encrypted container that can’t see out of its container and OS proper can’t see in and editing the contents of the container is extremely restricted if not impossible, hopefully with an accurate and fast verification of the container’s contents against the current build version happening at regular intervals during a gameplay session. That might entail patches needing a complete fresh docker which would be a huge downside but if it curbs cheating I would deal with it.

1 Like

You’d need some pretty high-end hardware (or a very clean Docker implementation to cut down on emulation latency, particularly for stuff like shooters and fighting games) but great googly moogly this is a good idea. Steam’s practically made for this. I’m…honestly kind of upset I didn’t think of this myself because my employer would let me patent it.

1 Like

I think itch.io is hinting at something like that with sandbox mode in the itch app. It’s not literally a docker container but may achieve some of the effects by executing the game as a separate itch app user.

3 Likes

My biggest issue with this isn’t Activision having Kernel access, though I’m not a fan of that. My biggest issue is that anytime you give anything that kind of access, you are leaving a hole open in your security system that someone else might be able to access.

I would rather deal with cheating in a video game, as infuriating as that can be, then just give a program kernel level access that shouldn’t need it.

5 Likes