‪@PirateSoftware‬

are you stupid on purpose? or does it just come naturally to you?

not really true at all, its simply because cloudstrike doesnt like waiting for microsoft on proper signing

​@@iris.87 You are seriously STILL defending this shit. What makes you think that a company that thinks it's ok to charge 200 dollars for a skin cares about proper signing? Vanguard has bricked PC's, that's all the proof one should need to not trust that crap.

​@@meropticon_1651 i could care less about defending riot, i just hate when people yap about things that aren't true (e.g. vanguard bricking pcs)

Crowdstrike just had a corrupted file lol it has nothing to do with kernel anti cheats

Assembly is not that scary, for hacks smeared across the code caves it would be good enough, there likely won’t be too complicated high level code. Likely the hacks themselves would originally be written in assembly, as it’s what you do with codecaves. Human written assembly instead of that generated by a compiler is even easier to comprehend.

nope

And i am totally fine with it

​@@iris.87 well yes, it's at the level of the kernel

@@nzeu725 please explain how usermode access differs from kernel mode access in terms of a security concern, and please dont say legality as said in the video (hes wrong)

@@iris.87 User mode is in the most outer ring of the operating system, meaning that it has the least permissions. The kernel mode access however is in the most inner ring, the same as the kernel. That way it dosen't need permission to do things so whereas a normal anticheat would need to get permission to do something a kernel mode access anticheat can do it without asking and without anyone knowing. It can also tweak with the system like the kernel can.

Very true, also every other product we use like youtube Instagram Facebook reports back to the cia
Why don't people focus on this more? It bothers me a lot.

easily detectable in its current state, dma is awful on eac (not eos), vgk, faecit, esea etc

from what I know of, DMA can be detected usually in very simple ways. EAC and faceit tend to check the serial numbers of pci-e cards to determine if its a legitimate card or a DMA device. EAC or faceit (cant remember which) will take the extra step and try to call certain functions on the PCI-E card to see what data it returns, so if it calls for the same function the most common DMA device uses and returns data from memory then it is a definite DMA device and will know you're cheating. This is a good way to get around people who spoof the serial of the device to make it seem if it is a nvidia gpu etc.

A DMA card is basically a PCIe expansion card that you plug into your PC. So it's recognized by the system as an additional piece of hardware that can be observed as such. To remain undetected you need to spoof several info such as the hardware id and "look like some legit hardware" such as a network card. Obviously, if a lot of those DMA cheaters flashed the same config onto their DMA card, chances are high that anti-cheat devs find a pattern in the data they captured. If i recall correctly, that's what riot did when they banned a lot of them. They found out that they all spoofed a specific network card.

@@fortender97x ye that was prlly the ekknod fw, but atp most of the fw is invalid anyway

​@@AruthaRBXL so it's detecting the dma device and not the dma itself?

it would be but the "solution" (im against it honestly), is that kernel level anti-cheats make it so much easier to stop the script kiddies who don't know really how to make scripts, but just simply know how to run them from being able to just do that. It'd be so much easier to have an anti-cheat that stops that from happening than it would to manually review the case, so that's often why it's being done.
Still horrible, still not a solution, but it does put a huge dent in the cheater population

Tell that to players who are playing at the highest level, for money. It might not matter to us normies, but having a reliable way to detect cheaters is definitely a necessity

It is not a relyable way to detect cheaters.
And in settings where there is money at stake the compuiters in use are heavily monitored, so the whole issue of not having control over clientside data becomes irrelevant.

You need both. You need machine learning based algorithmic anti-cheat to flag things in real time, with edge cases and appeals then being handled by people. It's not cost effective to have swarms of people watching live gameplay, unfortunately, companies go the opposite direction and gut their entire anti cheat teams after setting up an alpha state anti cheat tech stack, make sure it has kernal level access to they can accumulate more granular data than they need, and flip that data on the back end to advertisers for an additional stream of income, on top of the cut wages.

​@breeban3388 actually the opposite, paid matched done on private servers not in public lobbies, so they are not affected. And if someone decided to cheat they can easily be caught because they being monitored very closely by organizers (apex situation is a shitshow and outlier).
Rampant cheating in public lobbies on the other hands kill games. Because no matter how good top 100 players are, if there no people playing the game it's dead.

Thanks my dyslexia didn't see it

ye fr its crazy how much people cry about rampant cheaters in cs2 and other usermode anticheat games then bitch when big scary kernel driver is present

I don't think you want to be kernel level anticheat alot of people will hate you then.

I see it being mistyped like this so often, it leads me to believe many think that's what the actual word is.

Well, are you willing to sell your soul and shake the devil's hand, just to reduce the chance of cheaters? It's not even 100% efficient btw, cheaters can get around that. It just increases the barrier of entry, and once it is breached (which they frequently do), they distribute new programs (or whatever) to cheat.
The alternative is a simple cheating-reporting system and server-side detection of cheating. This is what I am going to do as well for my game. The server will check every ~10th data package incoming (otherwise it would be too much) (for example the player's position) and when it detects something weird (too much distance in too short of time), it will increase the suspicion level of that player and check more frequently (or all packages). After all it could have been some mistake, but to be sure it needs to detect that behavior multiple times. Someone who cheats once will cheat multiple times.
And it doesn't require any invasive client-side programs, and I don't need to play arms race with cheaters on a highly complex kernel level. All it takes are some smart algorithms.

My solution is play the game where you don't need to fight with cheaters.

why? Did you not like his explanation or do you like Kernel level anticheat? /gen

​@@hd-bild1513 explanation is garbage and 0 logical thought. he argues that usermode is safer because its "against the law" to access user files, and that kernel mode access allows anticheats to just randomly upload files to their servers for analysis legally. dumbest thing ive heard in a while, this is NOT how vanguard works nor ANY km anticheat outside of China (ive heard ACE can just randomly upload files to their servers for analysis). idc about kernel mode anticheat, and i dont think its the perfect, ideal solution, but this is just fear mongering for no reason

​@@iris.87 @iris.87 its not super illogical to not not trust a list of corporations to not peek at your data, especially when you explicitly allow them to (aka its not illegal to take a screenshot of your PC if you explicitly install a kernel level program, Right?). I mean look at google. Also the uploading screenshots thing seems like it's real to me. And riot is owned by a Chinese company and, not to hate on China, but they do have a rep for peaking where they shouldn't.

@@iris.87 Look up crowdstrike and be proven wrong by reality.

@@iris.87 riot bot

nothing needs this type of anti cheat

already has it, ricochet is just a terrible anticheat that was recentishly developed

in truth, NOTHING needs Kernel Level Access to your computer other than the Operating System and the Antivirus measure shipped with it (Meaning like Windows Defender, not any pre-built OEM contract programs). Any other program that wants Kernel Level access is something that isn't needed, and is a huge privacy concern especially in our capitalist society that loves to get your information in any way possible and sell it to the highest bidder. A kernel level anticheat may be more efficient at its job in some scenarios due to it's capability to access all memory on the machine, but at least in my opinion, that added efficiency is nowhere near worth the privacy violations that can legally occur since you're willingly giving them kernel level access to do whatever they please on your machine. This also means that if, somehow, that kernel level software, which has been given permissions, gets highjacked by malware, it can now do whatever the hell it wants, and your antivirus will most likely never detect that it's there.
Edit: Fixed a wording oversight when referring to installed antivirus programs, I originally said any installed antivirus, which is definitely not the right call, especially with Pre-Builts being shipped with bloat like Norton or McAfee. Thanks to @iris.87 for pointing that out.

​@@raviexthegod quick reminder that usermode antiviruses have literally sold ur data in the past, not really sure why you think antiviruses are safe, or that you need kernel mode access to find & sell said data..

@@iris.87 not saying that you need kernel level access to find data, what I'm, saying is that, similar to Thor's analogy in the video, would you rather the cop have to get a warrant to come in, i.e. find a way to scrape data, or just give the cop verbal consent to rummage around as they please, i.e. kernel level access. And with the antivirus I was referring to Windows Defender, which, while part of the OS and it does ship with it, it's a separate program in and of itself that integrates deeply with the OS. I simply worded it wrong, re-reading my original comment.

not for me. no more league on linux:(

@@hanz.b_ lmao well I guess it's time to switch to Windows then like every other normal person

@@hanz.b_ Hi, i really suggest trying dual boot, i really like TFT (i don't play much league) and so after vanguard happened i couldn't play for a long time. Then i switched from NixOS to dual booting ubuntu and windows 10! It's really easy if you have the memory for it, around 300-200GB for windows will be more than enough. You can make the partitions yourself, and more importantly you can play most games on ubuntu now with drivers actually being updated and patched to linux kernel 😂.

@@monadoboy9639 you are not a person

it can also lead to massive data breaches if a vulnerability from a kernel level anticheat is ever discovered by malicious actors (who will try to because it'd be a giant prize to black hat hackers) so you better hope that any kernel level anticheat you put on your machine is coded with absolute iron security AND that no novel ways to exploit it are ever discovered.