Key Takeaways
Kernel-level anti-cheat allows broad access and poses potential security risks to users' PCs. Balancing fairness in competitive gaming with user security remains a challenge for game developers. Players should be cautious about allowing kernel-level anti-cheat software on their machines.
Modern anti-cheat software from major game developers like Riot Games and EA is implemented at the kernel level, which makes gameplay more fair but can also affect the security of your computer.
The operating system kernel is responsible for processes needed to keep your machine running smoothly, such as memory management and resource allocation. Importantly, the kernel has the lowest level of access to your computer's resources, which means it has access to parts of your computer that even you, the user, cannot access.
Kernel level anti-cheat is installed directly into the OS kernel, and while most applications are self-contained in place on the machine, kernel level anti-cheat has the same level of access to hardware and applications as the kernel itself.
Anti-cheat runs as part of the kernel's functionality and is a continuous background process.
This allows the software to look outside the game's bounds and check for tools that may affect gameplay, such as aimbots.
Kernel-level anti-cheat is a clever solution to monitor competitive fairness in online games, many of which are e-sports. Counter-Strike has a long-standing and successful e-sports scene, and one of the largest prize pools in any e-sport today, so it makes sense to ensure that professional play is rigorous. After all, professional athletes are tested for steroid use! Counter-Strike tournaments have used Faceit, a kernel-level anti-cheat software, since its launch in 2016, so the technology itself is not new.
But allowing a company to install software with this level of access on your machine seems like too much for the average home gamer. Anti-cheat software can monitor every program on your machine, so any suspicious programs risk being banned (many of which are hardware-based) with no way to challenge them. Giving large companies this unrestricted access to your PC and revoking your own access sets a dangerous precedent that could impact the safety of your PC and your data.
Externally downloaded applications that you have no control or visibility over are eerily reminiscent of malware. This type of software is a rootkit. In fact, in 2013, an anti-cheat provider was fined for installing a hidden Bitcoin miner. While this is an extreme example, it is a cautionary tale about allowing rootkits on your machine. You should fully rely on anti-cheat providers that employ best practices.
When Riot introduced Vanguard (a proprietary anti-cheat solution) to existing popular game and esport League of Legends, users complained about PC crashes. While it has not been confirmed that Vanguard was the cause of these crashes, kernel-level driver glitches have a more system-wide impact compared to user-level applications like Discord.
The concern is that any weaknesses that could be exploited in these systems are not limited to a single application, but are system-wide. Coupled with the fact that more and more game developers are shipping their own kernel-level anti-cheat, you end up with multiple potential points of failure within the OS kernel. This is a pretty significant risk, especially since most PC gamers are unlikely to have a dedicated gaming machine.
Gorodenkov/shutterstock.com
Cheating in multiplayer games fundamentally ruins the experience for players, so developers have a huge incentive to keep their anti-cheat software up to date and effective. Add to the mix the multi-million dollar esports scene, and it's clear that addressing sophisticated cheating is a top priority for game developers.
However, forcing players to download kernel-level software onto their personal machines in order to play a game is an unfair and offensive proposition. Asking players to compromise the security of their machines in order to play a game is unreasonable and relies on players not understanding the risks involved with kernel-level software.
Developers need to take responsibility for protecting the rights of their player base with broad and transparent privacy policies, while at the same time giving control back to users. Anti-cheat software should not have to run as a background process when you're not playing a game or using hacks for single player games. However, this is unlikely to change unless developers have sufficient incentives.
Kernel-level anti-cheat is becoming standard practice in many competitive games, so it's ultimately your choice to decide whether a particular game is worth the potential risk to your PC. If you have multiple machines and a dedicated gaming PC, you're probably fine, but if not, it's wise to limit the number of anti-cheat apps you install, or avoid installing them at all.
It's unlikely that developers will move away from kernel-level anti-cheat anytime soon without pressure from the gaming community, but don't underestimate your power as a player: your voice is just as important as everyone else's.
