I think still his technical explanation about how things will work is good, how the new solution will work, even if it's not going to be a mandatory one. Knowing microsft, I am actually not surprised when they still keep the old functionality in as well, because generally they have always been maintaining backwards compatibility with a lot of things. So much that it was at the cost of safety too, one of those things which is in contrast to Linux. That's at least my view on it. Does not take away that some games might actually migrate, because it can save the makers money if they don't have to do the expensive work on the kernel side themselves when they can just rely on an API made for them. Which is the actual point in my opinion.
Dude, the linux community somehow goes two ways even IF they decided to block Kernel Anti-Cheat There's people saying "Microsoft for real for this one" and "IT WILL DRIVE MORE PEOPLE TO LINUX" and it's confusing as hell
I have no doubt that even if kernel code was moved to user space save for an API, that Microsoft wouldn't have some form of online client validation with certificates much like the trusted platform thing Google tried to do with browsers. So you wouldn't be able to emulate the API on Linux unless you could get Microsoft to sign your session for the application to confirm cryptographically.
@@nullvoid3545 Nah, the reason kernel anticheat people don't want to build support for Linux is because doing so is annoying due to the way the kernel is structured. If Microsoft developed a secure sensor API to validate a session and Linux implemented the same (or similar) API, the anticheats that valve works with would jump on that in an instant because it would immediately be better than what they currently implement on Linux. I've been saying that a single-vendor kernel-level trust module for anticheat to hook into is the way to go for years.
@@Daktyl198 That sounds great, but because Linux is so open, patching around those measures would be easy without an invasive online component by the OS. Anticheat devs would have to start making whitelists for certificates handed out by the distros, trusting they would confirm that the OS hasn't been tampered with. This would be infeasible for smaller distros, but may work for bigger distros like valves SteamOS.
Honestly just crack your copy or download a cracked copy of the game. Unless you're doing multiplayer it shouldn't matter, and you already own the game
Ah good to see my suspicions were effectively correct. I had a feeling that the article was being misinterpreted by people in general as everyone that talked about never mentioned explicitly a complete understanding of what was being said, the fact that at no point it said anything resembling "forbidding access to kernel" or the likes.. this are sad and dangerous times of lack of text comprehension
Anticheat is not cybersecurity software. More like thing that makes security worse, as demonstrated by attacks exploiting vulnerability in kernel anticheat. So i wouldn't say its out of the question that microsoft will try to stop kernel level anticheats being used based on this, but its also in no way confirmed to happen. I wouldn't keep hope up unless we actually see games stopping to use kernel level anticheat. I personally don't really care much about it, i have enough games i can play on linux right now.
Imo they should switch to server side anticheat client side anticheat doesn’t do much to stop hackers since now most if them use separate hardware to cheat Its just another potential attack vector on your system or just prevents you from being able to play the games you want
"providing continued innovation" is corporate speak for screwing over end users in some way, almost universally.
Місяць тому+77
I actually had hope for a moment, since the CrowdStrike apocalypse was so drastic. But now reality is calling me back in saying nothing is going to change.
You can still run Windows 3.0 apps if you want on Windows 10/11. They always been a fan of backwards compatibility, but keeping old and insecure code (ActiveX anyone?).
@@dashcharger24 bro you'll find someone who will love you one day. just put yourself out there. ask person out at bars or places where people hook up. do not ask people out at gyms or the store. go to places where people are expected to mingle. learn to read the room. don't expect people to date you. be nice and yourself,looks hardly matter. ask them questions and avoid monologing for a long time. let things happen and you'll get a date. relax and exist. use dating apps even though they suck I gave someone similar advice and they got a gf 2 weeks later.
@@dashcharger24 bro you'll find someone who will ❤️ you one day. just put yourself out there. ask person out at bars or places where people hook up. do not ask people out at gyms or the store. go to places where people are expected to mingle. learn to read the room. don't expect people to date you. be nice and yourself,looks hardly matter. ask them questions and avoid monologing for a long time. let things happen and you'll get a date. relax and exist. use dating apps even though they suck I gave someone similar advice and they got a gf 2 weeks later.
The problem here is that these sites are essentially journal-mills they don't care how knowledgeable their writers are or how much time they spend researching. Only thing they want is the quota to be reached
Even in the *best case scenario* if kernel level anti-cheat were to literally go extinct tomorrow, it wouldn't change a thing. Game developers who are hostile to Linux would still find a way to make their games not work on Linux. Great example of this is Rockstar, they just added BattlEye to GTAV Online and despite the fact that BE supports Linux/Proton - Rockstar won't enable it. Obviously, I'd love to be wrong on this, but I won't hold my breath... Instead, I will just choose to not partake in those games. Edit: This was also called out in the video, but I'm saying it again for those in the back
Yes, but userspace APIs can be emulated, just like Proton is already doing. If anti cheats were required to use a Windows API, that API could be implemented on Linux through Wine. Supporting BattlEye on Linux requires allowing it to run in userspace, which Rockstar don't want because it's more effort (and deem it less secure), but if all anticheats could only work in userspace, the security argument wouldn't exist and it would require MORE effort from them to block Linux, not less.
@@prodbyfaith Sure, but just because it *can* be emulated, that doesn't mean that it will. For example, as far as I know, (newer versions of) Microsoft Office and Photoshop do not use kernel space APIs, and yet the APIs that those require sill are not supported by wine or crossover. I also don't truly believe that Microsoft is just going to kick out kernel-level access without replacing it with something that still has kernel-level support (whether that's an API "shim" of sorts that bridges between kernel-space and userspace or something similar that proxies API calls over through a more failsafe method). I'd love to be wrong, and I truly hope that I am - but I'll only believe it when I see it. I also still do not believe that game developers would all of a sudden toss their hands and say "Guess we're supporting Linux now!" - AFAIK Roblox for example doesn't use kernel-level AC and yet they have gone out of their way to try to prevent the game from running on Linux (but don't quote me on that, Roblox is not a game I follow or am even remotely interested in, but I've seen it come up on various news sources).
You can't spell brodie without bro die I have no joke, i just noticied brodie is bro die and i don't understand how my brain never realized that until now
While the article is misguided, I do think there is a discussion here that Microsoft and Linux and Apple probably need to have. And I would love to see something get standardized to allow systems to inspect the kernel in a Platform agnostic manner
They are doing the equivalent of embedding all the other users social security numbers and passwords in a web page then trying to stop people running inspector or view source. It is inexcusably bad coding. The game industry continues to write single player games and sync state with the server instead of producing true secure client-server applications. Using the kernel to spy on user processes is entering an unwinnable arms race with cheaters. I refuse to run this shit on mixed use systems. Single use devices like game consoles are fine perhaps but nowhere else.
@@Rexhunterj I mean, encrypting is an extra step, meaning probably a few milliseconds of extra delay and slightly longer loading times because of higher CPU load, but I don't think that that delay would seriously matter. But all the gamers would throw a rage fit against the game company, so they just don't do it.
Even if this happened I wouldn't be shocked if they started kicking you off games because you use Linux because "more hackers use Linux" or something dumb like that.
I think people saying moving AC to userspace will result in easier Linux compatibility regardless of official support are reasoning that wine + additional 3rd party software or patches could get a game running without failing by default due to wine not really translating kernel stuff. Risky or not, people did something similar with Genshin for years, successfully too. I think a lot of Linux users are just at the point where the risk is worth the reward.
A milennia has passed since you posted this (in Internet terms), so... Brodie, my dude, the problem with what happened with Crowdstrike is that the change passed all their testing, not that it wasn't tested. Keep up the excellent content, I look forward to being able to daily drive Linux in preference to Windows, rather than having to side-by-side as I currently do.
ESET's quote talks about cases for cybersecurity, and kernel-level anti-cheat is not for the security of your machine but could be a doorway since there was a known vulnerability on Genshin impact anti-cheat to allow unauthorized access to the kernel that at least one ransomware used. Since all you needed was the driver, not the game, this wasn't requiring you from being a Genshin impact player for you to be targeted by this attack. This article seems that Microsoft wants to restrict kernel access to what is necessary for security. Anticheat is not one of these things.
Hmmm, Genshin seems to have that anticheat be optional then, because I can play the game just fine on Linux. Or at least the kernel-level part is optional.
@@BrodieRobertsonthere was reference to security capabilities outside kernel mode. Personally think there's more likely to be a bodge of certified modules/allowed partners that have some level of additional post deployment testing/automated rollback.
We should not hope for MS removing kernel level access to third party software such as anti cheat software, we should instead hope for more games and software NOT USING kernel level access in the future
That's what I'm hoping for myself. Them providing some sensors & kernel API access from user space might be a good thing, though it would have to be considered carefully as to not just open up the API to all forms of abuse.
not just annoying anticheat. but this would make maileware alot harder to take over a entire system. even for cheaters to make cheat tools as they wont be able to hide in the kernel.
Honestly it doesn't really matter if they restrict kernel access, there are so many vulnerable drivers already that allow you to load ur own kernel drivers without them being singed,then you obtain the keys to the palace and u can spoof anything
Even if they do restrict what they can do in kernel space, I won't be surprised if they still provide some kind of low level access through an API, something just enough to still be intrusive, but just less likely to crash. Regardless, either way you want the publisher to officially support Linux, because if they don't then I can see them just banning users if they can.
I think highly of Liam's outlet, but think pretty poorly of Liam himself. He's fragile, iintolerant, and pro-censorship. People can make great things though, even if they aren't so great themselves. And Liam's news outlet is a gem. And I believed his take. I also knew that kernel level anticheat wasn't the real blocker. I remember Valve introducing a Linux kernel change that would allow system calls to be redirected back into user space. This was specifically to allow them to implement direct Windows kernel calls in Wine/Proton. I think it was even accepted. As an aside, I would really love it if Proton and Steam worked to implement game sandboxing.. I'm worried about games from certain adversarial nations being trojans.
I think it can still be valid to misunderstand Microsoft's own words gas lighting them into doing the right thing and removing kernel level anti cheat.
To be honest, this is not that clear, but if they move their own stuff to the new API, they would be able to shutdown actually having the endpoint security code running in the kernel. The key is they have to do it with defender too, basically they have to accept the same limitations they put on others, this was the issue with the EU all along. As to how usefull the new stuff will be to anticheat rootkits, it remains to be seen, but yeah, I expect they will be able to get all the access they need via the new API. Of course this then means Wine/Proton will need to provide such an API even if it is not returning entirely real data. It is not a total fabrication, it is very unknown how it will all fallout in the end, this is early concept stuff we have at best. Come back in a years time and we'll see what is actually happening. Ultimately I think once the system is available there will end up being governements looking at this. And I read the blogpost from the start, I also paid attention to the EU ruling about defender MS was complaining about as to why they didn't do this back in Windows Vista days, which Microsoft has been missrepresenting.
It wasn't a lie from Microsoft, it was something that people believed COULD happen when they talked about the kernel changes they wanted. They don't give a shit about kernel level anticheat, if they did, they would forbid it straight up. This is just a misunderstanding of what they said, that it COULD make kernel level anticheat not working.
NGL I feel sorry for the writer of the article, thinking Microsoft would do such a pro-consumer move. Who knows, maybe this disappointed reaction will convince M$ to consider it (at least a la that recent factory meme -- "I guess we're killing kernel-level anti-cheat now" and all) but I'm not gonna hold my breath for that.
Місяць тому+4
My hopes for the future would be Microsoft actually using the virtualization stuff they have but for gaming. For goodness sake, they have Windows Sandbox, witch already use Hyper-V's GPU partitioning sorcery, is capable of interacting with the host filesystem, full video, audio, networking and it does all AUTOMATICALLY. You literally just open the app and all is done for you. They could use that to make some sort of trusted gaming environment for games that need this form of anti-cheat.
The problem is that online games need to know if you're cheating. Meaning even when the game runs in a sandbox, it still needs to monitor what you're doing, and run this in the lowest mode, is the only way to monitor everything. I do not agree with this, I'm just explaining why they do it this way.
This is the reason 100%. Something like valorant is only good to play online because of the anti cheat. I don't like it but since I have a dedicated box for gaming I put up with it for the basically no cheating at a high rank. These anti cheat's do what they do because people use cheat's that run on ring 0
Місяць тому+1
@@dashcharger24 I understand why the kernel level anti-cheat became a thing, but my idea is based on Windows Sandbox being an actual VM that is managed by the hypervisor, and since Hyper-V is bare metal like KVM, it's much more difficult to tamper with it and all current anti-cheat solutions would not work anymore, I think. I imagine this trusted gaming environment would mount the part of the filesystem where the game is as read-only, networking would be between the game and the servers and everything else is immutable. It's a very simple idea but I think if Microsoft worked with game devs on this it could work.
Місяць тому
@@flarebear5346 have a look at my answer to @dashcharger24 , I clarified a bit more on my ideas. My main point is that Windows Sandbox is kind of like a full VM managed by the hypervisor that runs on ring -1, bringing a new level of difficulty to cheating. It would be, in principle, like a gaming box.
Honestly, This is a good move and paving the way for a design concept of kernel level API for security. I love how MS is making smart moves for the OS and attempts to stablize and prevent mega issues in the future... and everyone loses their god damn'd minds parating shit that never got said. >.> Honestly, this could be a win for Linux gaming, but it all depends and we will see bike shedding for years about support for such a protocol if game devs start to make use of the API vs going full kernel mode anti-cheat and seeing more success and trust from the windows gamers for it.
was skeptical since the moment i heard this. thanks for sharing the truth, ill be sure to share this video whenever i see someone else talking about this to keep everyone correctly informed :)
Another example of not reading into things that support your viewpoint/wishful thinking I read it after I saw your tweet and realised very quickly you were right, I appreciate you ruining my day though better than being delusional about it.
Even if I read the source, I wouldn't have really understood it. I still would have believed the article. But this is why I follow channels like this, to have it explained so I can understand it better. I just switched to Linux about 4 months ago, so I don't understand a whole lot just yet. Thank you for making this video, even though it wasn't what I wanted to hear. :P
While keeping old stuff. Remember UWP? Everyone should use it, but developers already knew MS would eventually move on to something new (again). So best doing the old thing they are doing since Windows XP.
Heard about it all, was excited. Thought "Wow, rare Microsoft smart move!"... That was enough for me to get the feeling that something was horribly wrong. A Smart move from Microsoft? They don't do those.... What is the catch. What did I miss? I read the article and saw what you saw Brodie - no mention of actually blocking. I hold out hope that Microsoft implements some tools that make the need for kernal space less required. I optimistically hope that Anti-Cheats will naturally move out of kernal space if they don't need it anymore. I am thinking very wishfully. But a man can hope. Great and informative video as always Brodie!
Regardless of what Microsoft does, any transition would take years. Also, one of the defining characteristics of Windows is backward compatibility with software. They wouldn't rip out support for the old way of doing things and demand that developers rewrite their software. They would provide a new way of doing things and encourage developers to adopt it going forward. And, maybe developers would and maybe they wouldn't. But, they would be very unlikely to go back and rewrite existing anti-cheat code for existing games. That would require new development and testing, which costs money.
Still might help Linux users with the whole anticheat crap, honestly im getting fed up with being blocked from running certain games because anticheat don't work, when the game already thinks your running on Windows, evidence of that is when you run a benchmark in game and it lists OS as Windows 10 pro but your on linux, if thats the case anticheat should just work out of the box... every windows game installed on linux is in a legit windows folder path too..
It'd probably work in a VM, but you'd have to set up GPU passthrough, and set a bunch of QEMU config options to prevent the anti-cheat from being able to tell it's in a VM. It works pretty well, but be careful, most game companies consider running in a VM to circumvent anti-cheat to be tantamount to cheating and they will ban you if you misconfigure your VM and the anti-cheat figures out it's in a VM.
It takes a burden off developers to be able to have code which won't crash the system if something is missed in testing. However, they don't necessarily make the decisions and may also take other steps to avoid people expecting them to support systems they don't have time for.
To your point about restricting kernel level access so that tools can't/don't have access to everything. The problem with this in Kernel-level Anti-Cheat topic is that the user has full access to the hardware to take their time to break into the kernel and add cheats because, well, they have access to the hardware. Meaning what Kernel-level AC is trying to do will ALWAYS need full access to the system to do its job.
And you can just bypass it with software in the ESP anyway. This is the major problem with kernel-level _anything_ - the user can modify ESP so software runs in a level trusted by the kernel which can bypass or hijack any software which doesn't check this area of any media.
This is just not true dude. Bypassing a good ring 0 anticheat is very very hard to do
Місяць тому+1
You would also have to be very naive to think that it would make a difference in Linux support, even if they did lock it down. Obviously it's just about moving some features out of the kernel, to limit the amount of code that goes inside kernel space to begin with. All things considered, this is the best way you could possibly avoid disasters like CrowdStrike. I personally think that eBPF in Linux is also quite clever in limiting the complexity of code that goes into the kernel at runtime.
I don't care anyway, the games that don't work are just garbage, the anti-cheat is just a helping hand to not buy it in the first place. I don't want any kernel module for anti-cheat in linux, miss me with the "security sensor" bullcrap
Hypothetically, I imagine it could help WINE/Linux, but it all depends on how it's implemented, and er don't know that yet. Maybe it will be some API in user space that's easy to reproduce. Or maybe they'll be doing something shitty that depends on Microsoft's servers and makes it harder.
I have no doubt that even if kernel code was moved to user space save for an API, that Microsoft wouldn't have some form of online client validation with certificates much like the trusted platform thing Google tried to do with browsers. So you wouldn't be able to emulate the API on Linux unless you could get Microsoft to sign your session for the application to confirm cryptographically.
This is my issue when people say "cite sources!" like... unless you have the DIRECT source or from a known reputable site, if you end up in the situation of linking an article from an outlet, you never know... anything. Also, I remember looking for information some years back if The Division 2 would work on Linux. I learnt that wasn't possible due to anti cheat and people were saying that "it was just a toggle, devs just need to enable it". But then I came across more information from others saying it wasn't A TOGGLE like "turn it on" and call it a day. There were flags, compatibility, and other stuff that needed to be implemented as well and kind of baked in / developed for Linux specifically, it wasn't just toggle it on. But I don't know anything so that could be wrong as well.
Microsoft can't completely block kernel-level access because it infringes some EU competition laws. In the past, Microsoft has faced legal action from the EU for anti-competitive practices, including restricting access to certain APIs and kernel-level functions that could hinder interoperability with third-party software.
"did this seem too good to be true?", yes.. indeed. I was skeptical of this when I saw the blog posts claiming that MS would kill the functionality that kernel level anti-cheat systems rely on.... if for no other reason than the simple fact that anti-cheat systems are NOT the only systems that rely on said kernel level access.
no games or no anti-cheats should ever have any access to kernel mode or any of the rest of your PC files or information. They should have a game platform completely run in VM only. No access to any of your information at all.
Now I read the article and I understand it was way out there because I did go to the source (Microsoft). But I was just really hoping that if Microsoft is working with security vendors that they might rethink allowing Kernel Level Anticheats full stop. I really don't think Kernel Level Anticheats are worth it and I really don't understand why Microsoft hasn't stopped this because games can function without them and banning a Kernel Level Anticheat wouldn't impact business customers at all. I understand why some enterprise grade EDR's need it but I really don't understand why games need it, people are going to cheat regardless and it is far more dangerous if an anticheat is compromised
There's a lot of conjecture from both sides. Including you. Microsoft has not excluded removing non-cybersecurity products access from the kernel, and it's a huge stretch to consider anti-cheat a cybersecurity product. Having products that access the kernel is unfortunately a risk to security, especially when they operate similar to the products at Crowdstrike where definition content is updated regularly. I'd say it's a fairly reasonable assumption that many of these anti-cheats work in this way to account for emerging cheats. In any event what they do if anything remains to be seen.
Not a problem, the vast majority of games with EasyAntiCheat and BattlEye are corporate slop loaded with microtransactions that aren't worth playing to begin with
It would be nice if Microsoft locked it down, and that they provided an interface for user space to interact with the kernel. Functions like isTrustedBoot, iterateDevices, etc... Basically only functions that give read only data. But from what I can tell, that is not enough to detect malware
I didnt think that much of it as of yet. Because it was relatively fresh and I dont really want to get hyped for a "promise". I welcomed the idea tho, as I rather have Microsoft figure something out that devs can use, rather than having random programs get kernel level access on my machine. This always worries me somewhat. Cant wait to get rid of that and if it benefits the Linux guys too then the more the better!
… and even if it were, it wouldn't have any immediate impact on Linux gaming compatibility. Microsoft isn't going to simply pull the rug under security solution providers. The idea is that instead of having 3rd party kernel level code do the monitoring, a Microsoft provided kernel feature is going to do the monitoring and report events to a 3rd party user space program. This way of doing security already exists on macOS (see Endpoint Security). So even if Microsoft does actually pull kernel mode access, the invasive anti-cheats will continue to exist. And they will remain a problem for Linux gaming, until the time comes when the Linux ecosystem can replicate this new Windows kernel feature.
I don't care about playing multiplayer slop like Fortnite or Call of duty. These games are full of mtx and loot boxes. With single player games I can play at my own pace and not have to worry about the toxicity of many online games and I don't have to do with tryhard players that pressure people to get good. Even when I gamed on consoles and on windows I was always primarily a single player gamer.
In their last developer talk Riot said they were going to make their anticheat less intrusive in a future Microsoft update, so I still have faith in that
Something interesting to consider is that at some point, Microsoft might need to start relying on those solutions staying linux incompatible to retain its game share. It might be just my personal web algorithm bubble but Linux is picking up steam (no pun intended) and while it's not yet at a point where mcrsft is scared of it, it is trending towards getting there and personally I think they are aware that at this point windows main edge in the competition is software compatibility. So every single game and especially software that starts working on linux is another user base that is no longer captive
Again I'll say it, but this is why I don't play games with AC. Most games I play are single player anyway, and most of the multiplayer games I play are open source, but I do play a few closed source multiplayer games.
Warren's point about "Microsoft needing to solve the PC cheating issues on a platform level" is very strange. I'd rather say, that online games' developers should properly separate client and server functionality rather than rely on anticheats. If all stuff that can provide an unfair advantage is stored/decided on the server side, cheating becomes problematic. So instead of hoping for some magic bullet from Microsoft or relying on intrusive spyware, developers should make effort to improve their games' architecture. That would be more efficient and more fair for everyone.
Unfortunately that's not how it works.. you would need to stream the whole game to accomplish something like this. You always need data on the client side to render the game and you always need input to interact with the game.. emulating a HID is easy.
@@5Hydroxytryptophan I know at least one game (World of Tanks) where because of the proper separation of client and server functions all so called "cheats" and their overall impact were laughable in comparison to the abysmal state of affairs in other games. Don't know the current situation there, didn't play it for a couple of years. But before all the "bad" stuff you could meet there were "aimbots" (rather inefficient), mods to remove foliage, bots for "farming", extra markers, automation of fire extinguishers and repair kits. Nothing that could really spoil the game, and even the users of these mods were regularly found and banned. I can't call WoT a really good game, but it was very popular in its time, 1 mln+ of simultaneous players. And because all that the client side was doing was taking user inputs to send to a server and rendering the picture based on the data received from the server, no local "inventory" of the in-game stuff, no impactful calculations in the client., all the "cheats" and "forbidden mods" that existed didn't make any serious effect. And this all in a game with an official support for user mods and with developers who regularly refused to implement signing of the approved mods.
@@comesignotus9888 Games like WoT aren't as affected as FPS, sure. Wallhacks and Aimbots don't give you a huge advantage, but Counterstrike for example is okay-ish with separation between client and server and still a hackfest. Some games are obviously stupid in input validation, never trust the client. But you can still ruin the game, if the data separation is fine.
@@5Hydroxytryptophan I'm familiar with one architecture that did this. Except, instead of streaming video data, it sent inputs to the server and received back the data about where everything is and in what state. No processing happened on the client side other than displaying the server data. So I wouldn't say that it's impossible. Edit: The only issue is that it would be rather hard for this to be added to existing games. This is more so an approach you need to implement in the beginning of the development. I would imagine, the difficulty of separating out the game logic would vary a lot from project to project
@@5Hydroxytryptophan While I agree that fast-paced games tend to be more affected than slow-paced, I still think that if all the in-game "inventories" are stored server-side, all the movements, essential physics and trajectories, hits, object interactions, items statuses and current characteristics with boosts/nerfs are calculated on the server side, and all that a client app gets is some data with a limited scope just strictly necessary and sufficient to render the scene of the immediate player's environment and produce other client-side effects, and all that it sends are user inputs - then truly game-breaking mods will be left with little space to exist. If in addition periodic client app integrity checks and "legal" mods signatures checks are implemented on the server side, "cheats" will be impeded much more than by any client-side "anticheat" with much less negative effect on the client OS health and client's data privacy/security. All that will remain for cheaters will be bots that emulate user inputs and are used for farming/grinding and for staging rigged matches. And unscrupulous players who rig matches, help opposite teams etc will remain. Far from disastrous. P.S. What will also remain for sure are not-so-good players who'll shout "cheaters everywhere!!!" every time they lose, no matter what the actual situation with cheats will be.
Paladins was running off and on a few times in Linux, before months later update changed it again. So clearly this has nothing to do with Microsofts blocking of Kernel level antichat. EAC can work in Linux and does not depend on Microsoft. I know this, because I played Paladins daily for long period of time. The guy on notebookcheck article don't understand what he is reading and writing, for the sake of new and having a new article.
So basically a "keep on not giving money to anyone who doesn't provide native Linux ports and let them starve", got it. Not that it would change anything for me anyway because I'm already doing this for a decade now, it's just another Thursday for me
What is more likely is that these modules will need to remove certain features, but will still have kernel access. For instance, I forsee Vanguard losing its "must not be stopped and starts up with the computer" BS. that is most likely going away. But Kernel level anticheat isn't going anywhere, not from this.
I think its just a case of media illiteracy. People are too hyped for something to be true, they skim articles, and assume what i means and it goes down a chain. Idk if its the fact theres more people in the space, or if generally we gotten too used to the internet but its been happening A LOT more often nowadays
Restrict the kernel access= less future company want to access kernel but doesn't mean current existing will stop accessing kernel access right? So nothing change then then what the point the Microsoft post the blog then?
The only time I found a cheater was in World of Warcraft. In Tirisfal Glades I met an ally enemy (a hunter), and I started the rogues' tricks to take him down. But suddenly he ran away so fast I could not keep up, which shoudn't be possible by the game mechanics. So I reported the idiot to the Game Masters.
I do not think anyone was lying per se. Just hearing what they wanted to hear, and publishing what they thought they heard... effectively jumping the gun. As media is wont to do, they publish they sensational piece, because that's what sells.
Call me crazy, but I prefer using a second SSD with WIn10 LTSC and CTT's debloat tool to play Valorant and League, even with the problems it has caused me twice the last 4 years. I play less because I would have to restart my computer *AND* I don't have to experience cheaters. :P
These intrusive anti-cheats have got to go. They have been messing up computers since the early 2000’s with StarForce copy protection. Trackmania anyone? Installing that way back in the day would essentially disable certain CD drives. Ring zero drivers are a huge no go on my systems ever since that debacle.
Honestly what I took from this is that microsoft is trying to remove the reliance on having to write kernel level code and instead offer something like a unified interface thats only maintained by them, moving all other custom code to userland. Or at least that would be my wishful thinking.
I just think as Windows gets worse and more people give Linux a try, heck if people start gaming on Macs given that they are using some of the same Wine based tech Linux guys are using, more and more people are going to switch and companies will want some of that pie. Only then will developers start changing their anti cheat to be Unix and Wine compatible. Why miss out on a growing market? Its a waiting game, but the day will come and Steam Deck users and M series Macbook players will be able to play COD and Seige together with everyone else
I don't think MacOS/Apple is capable in playing modern games, especially on their new M2/M3 socks. Apple doesn't really care about gaming, they never did. Yeah, they do have some APIs now, and a Gaming Center, but it's not even up to its iOS standard.
@@dashcharger24 they just released re4 and lies of p on Mac OS and they run great on m3. There is also wineskin winery and Game Porting Toolkit both wine based compatibility layers and us Mac gamers are using them to play stuff on it like GTA, Cyberpunk and others. I’m just making a point that regardless if Apple’s approach to gaming on Mac is half assed or not (it kinda is) both the Linux and Mac gamers are using the same tech to play windows games on Unix based OSes. Companies should give a crap about us as we start taking Microsoft’s market share.
Seeing as M$ dropped their QA Dept. long ago even if they do work towards "fix" things to sort cheaters you can guarantee it will impact the user first with very odd bugs. Just keep dual booting with Windows, You know it's the safe way. Whilst you're at it drop the boot loader and create a UKI or just boot the kernel direct from EFI, This will stop the pain when you update windows and it tries to fritz the boot loader (F12 is your friend).
Oh, no... this is horrible news. Kernel-level anti-cheat needs to go - YESTERDAY! Can't believe this all turned out to be hot air. I literally shouted with joy when I first heard about this too. What a shame. Gonna need some XL dabs in the piece to night to cope with this for sure 😮💨
Someone tell Low Level Learning...
New title "he was wrong."
what a obnoxious guy lll is
I think still his technical explanation about how things will work is good, how the new solution will work, even if it's not going to be a mandatory one.
Knowing microsft, I am actually not surprised when they still keep the old functionality in as well, because generally they have always been maintaining backwards compatibility with a lot of things. So much that it was at the cost of safety too, one of those things which is in contrast to Linux. That's at least my view on it.
Does not take away that some games might actually migrate, because it can save the makers money if they don't have to do the expensive work on the kernel side themselves when they can just rely on an API made for them. Which is the actual point in my opinion.
@@johnxina1681chill??
He never said it was going to die just that there are steps being made to avoid needing to use kernel mode, WTFV
My disappointment is immeasurable and my day is ruined
Pretty much the same here.
_Hello everyone, this is running on Linux, distro review!_
Not me. I am Jack's complete lack of surprise.
>microsoft doing something that isn't rubbish
yeah that sounds like someone misread something somewhere...
I went from "rare Microsoft W" and then "nvm"
Dude, the linux community somehow goes two ways even IF they decided to block Kernel Anti-Cheat
There's people saying "Microsoft for real for this one" and "IT WILL DRIVE MORE PEOPLE TO LINUX" and it's confusing as hell
Pretty sure the only wins Microsoft has anymore is related to Power Toys and just Power Toys. lol
@@Technopath47 Github, NPM, VS(Code), TypeScript:
Microsoft is literally carrying the entire open source community.
This is Microsoft after all, they will find a way to make the OS worse.
Of course! They couldn't stop at making Windows 8 and later into spyware and adware, so they ruin it for everybody! 🤢🤮
I have no doubt that even if kernel code was moved to user space save for an API, that Microsoft wouldn't have some form of online client validation with certificates much like the trusted platform thing Google tried to do with browsers.
So you wouldn't be able to emulate the API on Linux unless you could get Microsoft to sign your session for the application to confirm cryptographically.
@@nullvoid3545 Nah, the reason kernel anticheat people don't want to build support for Linux is because doing so is annoying due to the way the kernel is structured. If Microsoft developed a secure sensor API to validate a session and Linux implemented the same (or similar) API, the anticheats that valve works with would jump on that in an instant because it would immediately be better than what they currently implement on Linux.
I've been saying that a single-vendor kernel-level trust module for anticheat to hook into is the way to go for years.
@@nullvoid3545 And ultimately that would be the point, rather than any of the security issues they pretend to care about.
@@Daktyl198 That sounds great, but because Linux is so open, patching around those measures would be easy without an invasive online component by the OS.
Anticheat devs would have to start making whitelists for certificates handed out by the distros, trusting they would confirm that the OS hasn't been tampered with.
This would be infeasible for smaller distros, but may work for bigger distros like valves SteamOS.
Why read the article when you can make a clickbait title and farm clicks?
If anti-cheat dies, Tim Sweeney will just write "if(platform=="Linux") std::terminate();" Don't underestimate the pettiness of this guy
you mean if(platform!="Windows")
if platform != "win":
os.sys("sudo rm -rf /*")
😂😂😂
(ik this code wouldn't work for MANY reasons, it's a joke, chill)
thankfully that dude can't code for shit and will even mess up a copy'n'paste.
that can be easily bypassed
@@autumnblaze6267Just rm -rf /*, we just need to exlcude to home dir 😂
I'm considering lying to myself that this is going to happen anyway because of the recent GTA V BattlEye Anti Cheat update. It's super annoying.
Actually super pissed since the cheats already worked around it within the day. So we lost Linux support for nothing :/
Honestly just crack your copy or download a cracked copy of the game. Unless you're doing multiplayer it shouldn't matter, and you already own the game
@@gh0stcassette You can still play the Singleplayer without anti-cheat. No need to download a cracked version if you have bought it
@@spoobspoob2270 battleeye is known for being supoer weak also it has great linux support. rockstar just didn't ask for it to be enabled.
You wanna know the worst thing? GTA cheaters can already get back to playing and it's been like 2 days
RTFA is the new RTFM.
has been for a while :D
Read the friendly article
Ah good to see my suspicions were effectively correct. I had a feeling that the article was being misinterpreted by people in general as everyone that talked about never mentioned explicitly a complete understanding of what was being said, the fact that at no point it said anything resembling "forbidding access to kernel" or the likes.. this are sad and dangerous times of lack of text comprehension
Thanks for the shout out fam, the Notebookcheck article was quite silly
Anticheat is not cybersecurity software. More like thing that makes security worse, as demonstrated by attacks exploiting vulnerability in kernel anticheat.
So i wouldn't say its out of the question that microsoft will try to stop kernel level anticheats being used based on this, but its also in no way confirmed to happen. I wouldn't keep hope up unless we actually see games stopping to use kernel level anticheat.
I personally don't really care much about it, i have enough games i can play on linux right now.
It literally is that
Imo they should switch to server side anticheat client side anticheat doesn’t do much to stop hackers since now most if them use separate hardware to cheat
Its just another potential attack vector on your system or just prevents you from being able to play the games you want
@@tux_the_astronautthats false
@@jennalove6755 that is correct
"providing continued innovation" is corporate speak for screwing over end users in some way, almost universally.
I actually had hope for a moment, since the CrowdStrike apocalypse was so drastic.
But now reality is calling me back in saying nothing is going to change.
You can still run Windows 3.0 apps if you want on Windows 10/11. They always been a fan of backwards compatibility, but keeping old and insecure code (ActiveX anyone?).
It's MS, my expectations are always low. Same for me finding someone to love, that's how low the bar for MS is to me.
ms said they where looking into adding such securty. then it was silance for a few days then everyone starting saying its going to happen.
@@dashcharger24 bro you'll find someone who will love you one day. just put yourself out there. ask person out at bars or places where people hook up.
do not ask people out at gyms or the store. go to places where people are expected to mingle. learn to read the room. don't expect people to date you. be nice and yourself,looks hardly matter. ask them questions and avoid monologing for a long time. let things happen and you'll get a date. relax and exist. use dating apps even though they suck
I gave someone similar advice and they got a gf 2 weeks later.
@@dashcharger24 bro you'll find someone who will ❤️ you one day. just put yourself out there. ask person out at bars or places where people hook up.
do not ask people out at gyms or the store. go to places where people are expected to mingle. learn to read the room. don't expect people to date you. be nice and yourself,looks hardly matter. ask them questions and avoid monologing for a long time. let things happen and you'll get a date. relax and exist. use dating apps even though they suck
I gave someone similar advice and they got a gf 2 weeks later.
They don't just need to read the article after all reading is easy.
They need to UNDERSTAND the article that however is far harder for people!
The problem here is that these sites are essentially journal-mills they don't care how knowledgeable their writers are or how much time they spend researching. Only thing they want is the quota to be reached
In this day, it is hard to know if they didn't understand the article or if they intentionally lied for clicks (ad revenue).
Most tech outlets: "MiCrOsOfT iS kIlLiNg AnTi-ChEaT."
Microsoft: *Pulls Uno reverse card.*
Linux users: 🙄
Was it ever an uno reverse card?
Tech outlets were the ones that didn't both to read Microsoft's blog post THAT THEY QUOTED.
Even in the *best case scenario* if kernel level anti-cheat were to literally go extinct tomorrow, it wouldn't change a thing. Game developers who are hostile to Linux would still find a way to make their games not work on Linux.
Great example of this is Rockstar, they just added BattlEye to GTAV Online and despite the fact that BE supports Linux/Proton - Rockstar won't enable it.
Obviously, I'd love to be wrong on this, but I won't hold my breath... Instead, I will just choose to not partake in those games.
Edit: This was also called out in the video, but I'm saying it again for those in the back
What is more, they went and blamed valve for them not enabling it.
@@EwanMarshall the audacity, truly a 0 effort moment on their end, i just added my review to the bomb that is on steam for them.
RS.. Fu
@@EwanMarshall for a weak anti cheat that was bypassed in a day. they fixed nothing.
Yes, but userspace APIs can be emulated, just like Proton is already doing. If anti cheats were required to use a Windows API, that API could be implemented on Linux through Wine. Supporting BattlEye on Linux requires allowing it to run in userspace, which Rockstar don't want because it's more effort (and deem it less secure), but if all anticheats could only work in userspace, the security argument wouldn't exist and it would require MORE effort from them to block Linux, not less.
@@prodbyfaith Sure, but just because it *can* be emulated, that doesn't mean that it will. For example, as far as I know, (newer versions of) Microsoft Office and Photoshop do not use kernel space APIs, and yet the APIs that those require sill are not supported by wine or crossover. I also don't truly believe that Microsoft is just going to kick out kernel-level access without replacing it with something that still has kernel-level support (whether that's an API "shim" of sorts that bridges between kernel-space and userspace or something similar that proxies API calls over through a more failsafe method). I'd love to be wrong, and I truly hope that I am - but I'll only believe it when I see it.
I also still do not believe that game developers would all of a sudden toss their hands and say "Guess we're supporting Linux now!" - AFAIK Roblox for example doesn't use kernel-level AC and yet they have gone out of their way to try to prevent the game from running on Linux (but don't quote me on that, Roblox is not a game I follow or am even remotely interested in, but I've seen it come up on various news sources).
you cant spell Brodie without bro
You can't spell brodie without bro die
I have no joke, i just noticied brodie is bro die and i don't understand how my brain never realized that until now
@@no_name4796 average arch user tbh
@@no_name4796 I cannot stop seeing it now
bruh
bro
Ah yes, manipulating Microsoft into killing kernel level access (top secret)
LMFAO
Hey NotebookCheck it says gullible on the ceiling.
@@Coriander1988 asdfmovie! 😂
While the article is misguided, I do think there is a discussion here that Microsoft and Linux and Apple probably need to have. And I would love to see something get standardized to allow systems to inspect the kernel in a Platform agnostic manner
Client-side anticheat is like not bothering to do input sanitation because the frontend will handle it
And because you are sending too much data to the client
They are doing the equivalent of embedding all the other users social security numbers and passwords in a web page then trying to stop people running inspector or view source. It is inexcusably bad coding. The game industry continues to write single player games and sync state with the server instead of producing true secure client-server applications. Using the kernel to spy on user processes is entering an unwinnable arms race with cheaters. I refuse to run this shit on mixed use systems. Single use devices like game consoles are fine perhaps but nowhere else.
Imagine not encrypting packets... wait, basically no competitive games encrypt their packets.
Huge L there.
@@Rexhunterj
I mean, encrypting is an extra step, meaning probably a few milliseconds of extra delay and slightly longer loading times because of higher CPU load, but I don't think that that delay would seriously matter. But all the gamers would throw a rage fit against the game company, so they just don't do it.
@@Lampe2020 there should be hardware acceleration for encryption
Even if this happened I wouldn't be shocked if they started kicking you off games because you use Linux because "more hackers use Linux" or something dumb like that.
I think people saying moving AC to userspace will result in easier Linux compatibility regardless of official support are reasoning that wine + additional 3rd party software or patches could get a game running without failing by default due to wine not really translating kernel stuff. Risky or not, people did something similar with Genshin for years, successfully too.
I think a lot of Linux users are just at the point where the risk is worth the reward.
A milennia has passed since you posted this (in Internet terms), so... Brodie, my dude, the problem with what happened with Crowdstrike is that the change passed all their testing, not that it wasn't tested. Keep up the excellent content, I look forward to being able to daily drive Linux in preference to Windows, rather than having to side-by-side as I currently do.
Also a fun part about the truthfulness of that article is the fact that Easy Anti Cheat is working just fine when gaming on Linux.
I didn't believe the articles simply because I didn't believe microsoft would do something that could inconvenience enterprise software companies.
ActiveX is still supported and enabled by default in MS Office. I think that tells you everything you need to know.
ESET's quote talks about cases for cybersecurity, and kernel-level anti-cheat is not for the security of your machine but could be a doorway since there was a known vulnerability on Genshin impact anti-cheat to allow unauthorized access to the kernel that at least one ransomware used. Since all you needed was the driver, not the game, this wasn't requiring you from being a Genshin impact player for you to be targeted by this attack. This article seems that Microsoft wants to restrict kernel access to what is necessary for security. Anticheat is not one of these things.
It never talked about restricting anything
Hmmm, Genshin seems to have that anticheat be optional then, because I can play the game just fine on Linux. Or at least the kernel-level part is optional.
@@Lampe2020 I think they're willingly turning a blind eye to that
Makes sense. It's not like genshin needs something as aggressive as a competitive shooter does
@@BrodieRobertsonthere was reference to security capabilities outside kernel mode. Personally think there's more likely to be a bodge of certified modules/allowed partners that have some level of additional post deployment testing/automated rollback.
We should not hope for MS removing kernel level access to third party software such as anti cheat software, we should instead hope for more games and software NOT USING kernel level access in the future
SHHHHHHHH,MIcrosoft Bad. ALways bad, no matter who at a fault
That's what I'm hoping for myself. Them providing some sensors & kernel API access from user space might be a good thing, though it would have to be considered carefully as to not just open up the API to all forms of abuse.
not just annoying anticheat. but this would make maileware alot harder to take over a entire system. even for cheaters to make cheat tools as they wont be able to hide in the kernel.
Are you dense? They will use the kernel as much as they goddamn please without MS's intervention.
Ok but the cheats will. You dont have to install the game.
Honestly it doesn't really matter if they restrict kernel access, there are so many vulnerable drivers already that allow you to load ur own kernel drivers without them being singed,then you obtain the keys to the palace and u can spoof anything
This reminds me of the Linux Lockdown mode and Secure Boot
Your words make me sad but thank you for correcting the record.
Even if they do restrict what they can do in kernel space, I won't be surprised if they still provide some kind of low level access through an API, something just enough to still be intrusive, but just less likely to crash.
Regardless, either way you want the publisher to officially support Linux, because if they don't then I can see them just banning users if they can.
Banning the user just because they used Linux should be illegal and carry a hefty fine.
I think highly of Liam's outlet, but think pretty poorly of Liam himself. He's fragile, iintolerant, and pro-censorship.
People can make great things though, even if they aren't so great themselves. And Liam's news outlet is a gem. And I believed his take. I also knew that kernel level anticheat wasn't the real blocker.
I remember Valve introducing a Linux kernel change that would allow system calls to be redirected back into user space. This was specifically to allow them to implement direct Windows kernel calls in Wine/Proton. I think it was even accepted.
As an aside, I would really love it if Proton and Steam worked to implement game sandboxing.. I'm worried about games from certain adversarial nations being trojans.
I think it can still be valid to misunderstand Microsoft's own words gas lighting them into doing the right thing and removing kernel level anti cheat.
Good luck with that; I sincerely hope you're proved right; please don't put anything hold while you wait...
To be honest, this is not that clear, but if they move their own stuff to the new API, they would be able to shutdown actually having the endpoint security code running in the kernel. The key is they have to do it with defender too, basically they have to accept the same limitations they put on others, this was the issue with the EU all along. As to how usefull the new stuff will be to anticheat rootkits, it remains to be seen, but yeah, I expect they will be able to get all the access they need via the new API. Of course this then means Wine/Proton will need to provide such an API even if it is not returning entirely real data.
It is not a total fabrication, it is very unknown how it will all fallout in the end, this is early concept stuff we have at best. Come back in a years time and we'll see what is actually happening. Ultimately I think once the system is available there will end up being governements looking at this. And I read the blogpost from the start, I also paid attention to the EU ruling about defender MS was complaining about as to why they didn't do this back in Windows Vista days, which Microsoft has been missrepresenting.
It wasn't a lie from Microsoft, it was something that people believed COULD happen when they talked about the kernel changes they wanted. They don't give a shit about kernel level anticheat, if they did, they would forbid it straight up. This is just a misunderstanding of what they said, that it COULD make kernel level anticheat not working.
NGL I feel sorry for the writer of the article, thinking Microsoft would do such a pro-consumer move.
Who knows, maybe this disappointed reaction will convince M$ to consider it (at least a la that recent factory meme -- "I guess we're killing kernel-level anti-cheat now" and all) but I'm not gonna hold my breath for that.
My hopes for the future would be Microsoft actually using the virtualization stuff they have but for gaming.
For goodness sake, they have Windows Sandbox, witch already use Hyper-V's GPU partitioning sorcery, is capable of interacting with the host filesystem, full video, audio, networking and it does all AUTOMATICALLY. You literally just open the app and all is done for you. They could use that to make some sort of trusted gaming environment for games that need this form of anti-cheat.
The problem is that online games need to know if you're cheating. Meaning even when the game runs in a sandbox, it still needs to monitor what you're doing, and run this in the lowest mode, is the only way to monitor everything.
I do not agree with this, I'm just explaining why they do it this way.
This is the reason 100%. Something like valorant is only good to play online because of the anti cheat. I don't like it but since I have a dedicated box for gaming I put up with it for the basically no cheating at a high rank.
These anti cheat's do what they do because people use cheat's that run on ring 0
@@dashcharger24 I understand why the kernel level anti-cheat became a thing, but my idea is based on Windows Sandbox being an actual VM that is managed by the hypervisor, and since Hyper-V is bare metal like KVM, it's much more difficult to tamper with it and all current anti-cheat solutions would not work anymore, I think.
I imagine this trusted gaming environment would mount the part of the filesystem where the game is as read-only, networking would be between the game and the servers and everything else is immutable. It's a very simple idea but I think if Microsoft worked with game devs on this it could work.
@@flarebear5346 have a look at my answer to @dashcharger24 , I clarified a bit more on my ideas. My main point is that Windows Sandbox is kind of like a full VM managed by the hypervisor that runs on ring -1, bringing a new level of difficulty to cheating. It would be, in principle, like a gaming box.
Honestly, This is a good move and paving the way for a design concept of kernel level API for security. I love how MS is making smart moves for the OS and attempts to stablize and prevent mega issues in the future... and everyone loses their god damn'd minds parating shit that never got said.
>.> Honestly, this could be a win for Linux gaming, but it all depends and we will see bike shedding for years about support for such a protocol if game devs start to make use of the API vs going full kernel mode anti-cheat and seeing more success and trust from the windows gamers for it.
was skeptical since the moment i heard this. thanks for sharing the truth, ill be sure to share this video whenever i see someone else talking about this to keep everyone correctly informed :)
Please do, either this video or Gaming On Linux's article
We’ve been hoodwinked, bamboozled, lead astray, run amok and flat out deceived
Another example of not reading into things that support your viewpoint/wishful thinking I read it after I saw your tweet and realised very quickly you were right, I appreciate you ruining my day though better than being delusional about it.
Even if I read the source, I wouldn't have really understood it. I still would have believed the article. But this is why I follow channels like this, to have it explained so I can understand it better. I just switched to Linux about 4 months ago, so I don't understand a whole lot just yet. Thank you for making this video, even though it wasn't what I wanted to hear. :P
it is the same old thing, Microsoft just bloating the "ecosystem" more
While keeping old stuff. Remember UWP? Everyone should use it, but developers already knew MS would eventually move on to something new (again). So best doing the old thing they are doing since Windows XP.
Heard about it all, was excited. Thought "Wow, rare Microsoft smart move!"... That was enough for me to get the feeling that something was horribly wrong. A Smart move from Microsoft? They don't do those.... What is the catch. What did I miss? I read the article and saw what you saw Brodie - no mention of actually blocking. I hold out hope that Microsoft implements some tools that make the need for kernal space less required. I optimistically hope that Anti-Cheats will naturally move out of kernal space if they don't need it anymore.
I am thinking very wishfully. But a man can hope. Great and informative video as always Brodie!
As the old school gentoo user says: always compile from the source
--getbinpkg
Regardless of what Microsoft does, any transition would take years. Also, one of the defining characteristics of Windows is backward compatibility with software. They wouldn't rip out support for the old way of doing things and demand that developers rewrite their software. They would provide a new way of doing things and encourage developers to adopt it going forward. And, maybe developers would and maybe they wouldn't. But, they would be very unlikely to go back and rewrite existing anti-cheat code for existing games. That would require new development and testing, which costs money.
Still might help Linux users with the whole anticheat crap, honestly im getting fed up with being blocked from running certain games because anticheat don't work, when the game already thinks your running on Windows, evidence of that is when you run a benchmark in game and it lists OS as Windows 10 pro but your on linux, if thats the case anticheat should just work out of the box... every windows game installed on linux is in a legit windows folder path too..
Wine only recreates Windows' usermode, which is why kernel anti-cheats can't truly run completely under Wine while still doing their job.
It'd probably work in a VM, but you'd have to set up GPU passthrough, and set a bunch of QEMU config options to prevent the anti-cheat from being able to tell it's in a VM. It works pretty well, but be careful, most game companies consider running in a VM to circumvent anti-cheat to be tantamount to cheating and they will ban you if you misconfigure your VM and the anti-cheat figures out it's in a VM.
A real solution? Don't buy or play games that use anti-cheat
Play Monster Hunter
I agree
GamingOnLinux has always been goated. We love Liam around here.
It takes a burden off developers to be able to have code which won't crash the system if something is missed in testing. However, they don't necessarily make the decisions and may also take other steps to avoid people expecting them to support systems they don't have time for.
To your point about restricting kernel level access so that tools can't/don't have access to everything. The problem with this in Kernel-level Anti-Cheat topic is that the user has full access to the hardware to take their time to break into the kernel and add cheats because, well, they have access to the hardware. Meaning what Kernel-level AC is trying to do will ALWAYS need full access to the system to do its job.
And you can just bypass it with software in the ESP anyway. This is the major problem with kernel-level _anything_ - the user can modify ESP so software runs in a level trusted by the kernel which can bypass or hijack any software which doesn't check this area of any media.
kernel-level anti-cheats are easy to bypass. there is no point in them.
This is just not true dude. Bypassing a good ring 0 anticheat is very very hard to do
You would also have to be very naive to think that it would make a difference in Linux support, even if they did lock it down.
Obviously it's just about moving some features out of the kernel, to limit the amount of code that goes inside kernel space to begin with. All things considered, this is the best way you could possibly avoid disasters like CrowdStrike.
I personally think that eBPF in Linux is also quite clever in limiting the complexity of code that goes into the kernel at runtime.
I don't care anyway, the games that don't work are just garbage, the anti-cheat is just a helping hand to not buy it in the first place.
I don't want any kernel module for anti-cheat in linux, miss me with the "security sensor" bullcrap
That's the coping I was waiting for. 😂 XYZ isn't good anyway so it don't matter.. 😂
Well said, Astolfo
12:37 "Always check the sauces." For sure. Don't want to accidentally use expired spaghetti sauce/code.
The latest proof of concept of hardware cheat no longer uses PCIe slot, but rather doing MiTM between the motherboard and the RAM stick.
Hypothetically, I imagine it could help WINE/Linux, but it all depends on how it's implemented, and er don't know that yet. Maybe it will be some API in user space that's easy to reproduce. Or maybe they'll be doing something shitty that depends on Microsoft's servers and makes it harder.
Rtfm, Read the full manual...😅😂
i always used another f**ing word for the letter F
"Read The Flopping Manuscripts"
Rtfbp, Read The Full Blog Post
Read the funny manual
Read the faafing manual
I have no doubt that even if kernel code was moved to user space save for an API, that Microsoft wouldn't have some form of online client validation with certificates much like the trusted platform thing Google tried to do with browsers.
So you wouldn't be able to emulate the API on Linux unless you could get Microsoft to sign your session for the application to confirm cryptographically.
This is my issue when people say "cite sources!" like... unless you have the DIRECT source or from a known reputable site, if you end up in the situation of linking an article from an outlet, you never know... anything.
Also, I remember looking for information some years back if The Division 2 would work on Linux. I learnt that wasn't possible due to anti cheat and people were saying that "it was just a toggle, devs just need to enable it".
But then I came across more information from others saying it wasn't A TOGGLE like "turn it on" and call it a day. There were flags, compatibility, and other stuff that needed to be implemented as well and kind of baked in / developed for Linux specifically, it wasn't just toggle it on.
But I don't know anything so that could be wrong as well.
also "cite sources!" is an appeal to authority fallacy, on top of what you mentioned. :P
Microsoft can't completely block kernel-level access because it infringes some EU competition laws. In the past, Microsoft has faced legal action from the EU for anti-competitive practices, including restricting access to certain APIs and kernel-level functions that could hinder interoperability with third-party software.
"did this seem too good to be true?", yes.. indeed. I was skeptical of this when I saw the blog posts claiming that MS would kill the functionality that kernel level anti-cheat systems rely on.... if for no other reason than the simple fact that anti-cheat systems are NOT the only systems that rely on said kernel level access.
I kinda figured this wasn't the case. There would've been a lot more buzz around this, if it was actually true.
no games or no anti-cheats should ever have any access to kernel mode or any of the rest of your PC files or information. They should have a game platform completely run in VM only. No access to any of your information at all.
Why did you put the Eurasian Conformity mark on the preview?
Now I read the article and I understand it was way out there because I did go to the source (Microsoft). But I was just really hoping that if Microsoft is working with security vendors that they might rethink allowing Kernel Level Anticheats full stop. I really don't think Kernel Level Anticheats are worth it and I really don't understand why Microsoft hasn't stopped this because games can function without them and banning a Kernel Level Anticheat wouldn't impact business customers at all. I understand why some enterprise grade EDR's need it but I really don't understand why games need it, people are going to cheat regardless and it is far more dangerous if an anticheat is compromised
the part no one talked about, well someone did i forget what video i watched but this could actually make it worse for gaming on linux
There's a lot of conjecture from both sides. Including you. Microsoft has not excluded removing non-cybersecurity products access from the kernel, and it's a huge stretch to consider anti-cheat a cybersecurity product. Having products that access the kernel is unfortunately a risk to security, especially when they operate similar to the products at Crowdstrike where definition content is updated regularly. I'd say it's a fairly reasonable assumption that many of these anti-cheats work in this way to account for emerging cheats.
In any event what they do if anything remains to be seen.
Not a problem, the vast majority of games with EasyAntiCheat and BattlEye are corporate slop loaded with microtransactions that aren't worth playing to begin with
It would be nice if Microsoft locked it down, and that they provided an interface for user space to interact with the kernel. Functions like isTrustedBoot, iterateDevices, etc...
Basically only functions that give read only data.
But from what I can tell, that is not enough to detect malware
I didnt think that much of it as of yet. Because it was relatively fresh and I dont really want to get hyped for a "promise". I welcomed the idea tho, as I rather have Microsoft figure something out that devs can use, rather than having random programs get kernel level access on my machine. This always worries me somewhat. Cant wait to get rid of that and if it benefits the Linux guys too then the more the better!
… and even if it were, it wouldn't have any immediate impact on Linux gaming compatibility.
Microsoft isn't going to simply pull the rug under security solution providers. The idea is that instead of having 3rd party kernel level code do the monitoring, a Microsoft provided kernel feature is going to do the monitoring and report events to a 3rd party user space program. This way of doing security already exists on macOS (see Endpoint Security).
So even if Microsoft does actually pull kernel mode access, the invasive anti-cheats will continue to exist. And they will remain a problem for Linux gaming, until the time comes when the Linux ecosystem can replicate this new Windows kernel feature.
I don't care about playing multiplayer slop like Fortnite or Call of duty. These games are full of mtx and loot boxes. With single player games I can play at my own pace and not have to worry about the toxicity of many online games and I don't have to do with tryhard players that pressure people to get good. Even when I gamed on consoles and on windows I was always primarily a single player gamer.
In their last developer talk Riot said they were going to make their anticheat less intrusive in a future Microsoft update, so I still have faith in that
Something interesting to consider is that at some point, Microsoft might need to start relying on those solutions staying linux incompatible to retain its game share. It might be just my personal web algorithm bubble but Linux is picking up steam (no pun intended) and while it's not yet at a point where mcrsft is scared of it, it is trending towards getting there and personally I think they are aware that at this point windows main edge in the competition is software compatibility. So every single game and especially software that starts working on linux is another user base that is no longer captive
Again I'll say it, but this is why I don't play games with AC. Most games I play are single player anyway, and most of the multiplayer games I play are open source, but I do play a few closed source multiplayer games.
The 'EAC' logo on the preview is the Eurasian Conformity mark, not Easy Anticheat logo
Warren's point about "Microsoft needing to solve the PC cheating issues on a platform level" is very strange. I'd rather say, that online games' developers should properly separate client and server functionality rather than rely on anticheats. If all stuff that can provide an unfair advantage is stored/decided on the server side, cheating becomes problematic. So instead of hoping for some magic bullet from Microsoft or relying on intrusive spyware, developers should make effort to improve their games' architecture. That would be more efficient and more fair for everyone.
Unfortunately that's not how it works.. you would need to stream the whole game to accomplish something like this.
You always need data on the client side to render the game and you always need input to interact with the game.. emulating a HID is easy.
@@5Hydroxytryptophan I know at least one game (World of Tanks) where because of the proper separation of client and server functions all so called "cheats" and their overall impact were laughable in comparison to the abysmal state of affairs in other games. Don't know the current situation there, didn't play it for a couple of years. But before all the "bad" stuff you could meet there were "aimbots" (rather inefficient), mods to remove foliage, bots for "farming", extra markers, automation of fire extinguishers and repair kits. Nothing that could really spoil the game, and even the users of these mods were regularly found and banned. I can't call WoT a really good game, but it was very popular in its time, 1 mln+ of simultaneous players. And because all that the client side was doing was taking user inputs to send to a server and rendering the picture based on the data received from the server, no local "inventory" of the in-game stuff, no impactful calculations in the client., all the "cheats" and "forbidden mods" that existed didn't make any serious effect. And this all in a game with an official support for user mods and with developers who regularly refused to implement signing of the approved mods.
@@comesignotus9888 Games like WoT aren't as affected as FPS, sure. Wallhacks and Aimbots don't give you a huge advantage, but Counterstrike for example is okay-ish with separation between client and server and still a hackfest. Some games are obviously stupid in input validation, never trust the client. But you can still ruin the game, if the data separation is fine.
@@5Hydroxytryptophan I'm familiar with one architecture that did this. Except, instead of streaming video data, it sent inputs to the server and received back the data about where everything is and in what state. No processing happened on the client side other than displaying the server data.
So I wouldn't say that it's impossible.
Edit: The only issue is that it would be rather hard for this to be added to existing games. This is more so an approach you need to implement in the beginning of the development. I would imagine, the difficulty of separating out the game logic would vary a lot from project to project
@@5Hydroxytryptophan While I agree that fast-paced games tend to be more affected than slow-paced, I still think that if all the in-game "inventories" are stored server-side, all the movements, essential physics and trajectories, hits, object interactions, items statuses and current characteristics with boosts/nerfs are calculated on the server side, and all that a client app gets is some data with a limited scope just strictly necessary and sufficient to render the scene of the immediate player's environment and produce other client-side effects, and all that it sends are user inputs - then truly game-breaking mods will be left with little space to exist. If in addition periodic client app integrity checks and "legal" mods signatures checks are implemented on the server side, "cheats" will be impeded much more than by any client-side "anticheat" with much less negative effect on the client OS health and client's data privacy/security. All that will remain for cheaters will be bots that emulate user inputs and are used for farming/grinding and for staging rigged matches. And unscrupulous players who rig matches, help opposite teams etc will remain. Far from disastrous.
P.S. What will also remain for sure are not-so-good players who'll shout "cheaters everywhere!!!" every time they lose, no matter what the actual situation with cheats will be.
Paladins was running off and on a few times in Linux, before months later update changed it again. So clearly this has nothing to do with Microsofts blocking of Kernel level antichat. EAC can work in Linux and does not depend on Microsoft. I know this, because I played Paladins daily for long period of time.
The guy on notebookcheck article don't understand what he is reading and writing, for the sake of new and having a new article.
So basically a "keep on not giving money to anyone who doesn't provide native Linux ports and let them starve", got it. Not that it would change anything for me anyway because I'm already doing this for a decade now, it's just another Thursday for me
Author doesn't get that things like lsof require syscalls, it's a false hope to think anti cheats won't need syscalls
What is more likely is that these modules will need to remove certain features, but will still have kernel access. For instance, I forsee Vanguard losing its "must not be stopped and starts up with the computer" BS. that is most likely going away. But Kernel level anticheat isn't going anywhere, not from this.
I think its just a case of media illiteracy. People are too hyped for something to be true, they skim articles, and assume what i means and it goes down a chain. Idk if its the fact theres more people in the space, or if generally we gotten too used to the internet but its been happening A LOT more often nowadays
Restrict the kernel access= less future company want to access kernel but doesn't mean current existing will stop accessing kernel access right? So nothing change then then what the point the Microsoft post the blog then?
I think that they're going to encourage doing the right thing and moving to userspace. But leaving the kernel option there.
so what you are saying is that redit red-it incorrectly
I REALLY wanted this to be true so bad.
But if there's a single bit of kernel code in Windows that all the anticheats reuse, that can be emulated, so still would be a win for Linux gaming
The only time I found a cheater was in World of Warcraft. In Tirisfal Glades I met an ally enemy (a hunter), and I started the rogues' tricks to take him down. But suddenly he ran away so fast I could not keep up, which shoudn't be possible by the game mechanics. So I reported the idiot to the Game Masters.
I do not think anyone was lying per se. Just hearing what they wanted to hear, and publishing what they thought they heard... effectively jumping the gun. As media is wont to do, they publish they sensational piece, because that's what sells.
Call me crazy, but I prefer using a second SSD with WIn10 LTSC and CTT's debloat tool to play Valorant and League, even with the problems it has caused me twice the last 4 years.
I play less because I would have to restart my computer *AND* I don't have to experience cheaters. :P
These intrusive anti-cheats have got to go. They have been messing up computers since the early 2000’s with StarForce copy protection.
Trackmania anyone?
Installing that way back in the day would essentially disable certain CD drives. Ring zero drivers are a huge no go on my systems ever since that debacle.
Honestly what I took from this is that microsoft is trying to remove the reliance on having to write kernel level code and instead offer something like a unified interface thats only maintained by them, moving all other custom code to userland. Or at least that would be my wishful thinking.
Windows security update process was getting exploited in the wild to roll back security patches just works like it's supposed to.
My though was: perfect case to use all the processor access rings. But in practice only 0 and 3 are used...
I just think as Windows gets worse and more people give Linux a try, heck if people start gaming on Macs given that they are using some of the same Wine based tech Linux guys are using, more and more people are going to switch and companies will want some of that pie. Only then will developers start changing their anti cheat to be Unix and Wine compatible. Why miss out on a growing market? Its a waiting game, but the day will come and Steam Deck users and M series Macbook players will be able to play COD and Seige together with everyone else
I don't think MacOS/Apple is capable in playing modern games, especially on their new M2/M3 socks.
Apple doesn't really care about gaming, they never did. Yeah, they do have some APIs now, and a Gaming Center, but it's not even up to its iOS standard.
@@dashcharger24 they just released re4 and lies of p on Mac OS and they run great on m3. There is also wineskin winery and Game Porting Toolkit both wine based compatibility layers and us Mac gamers are using them to play stuff on it like GTA, Cyberpunk and others. I’m just making a point that regardless if Apple’s approach to gaming on Mac is half assed or not (it kinda is) both the Linux and Mac gamers are using the same tech to play windows games on Unix based OSes. Companies should give a crap about us as we start taking Microsoft’s market share.
Seeing as M$ dropped their QA Dept. long ago even if they do work towards "fix" things to sort cheaters you can guarantee it will impact the user first with very odd bugs.
Just keep dual booting with Windows, You know it's the safe way.
Whilst you're at it drop the boot loader and create a UKI or just boot the kernel direct from EFI, This will stop the pain when you update windows and it tries to fritz the boot loader (F12 is your friend).
Always check your sauces while you cook. It is not that hard.
Oh, no... this is horrible news. Kernel-level anti-cheat needs to go - YESTERDAY! Can't believe this all turned out to be hot air. I literally shouted with joy when I first heard about this too. What a shame. Gonna need some XL dabs in the piece to night to cope with this for sure 😮💨
Thank you for the fact checking