Cheating on PC games is still rampant to this day. Game developers are constantly searching for ways to prevent this. One solution that companies have done is applying kernel-level anti-cheat.
The kernel-level anti-cheat system that developers are using is getting controversial nowadays. There are a lot of reasons why gamers are calling for its removal.
The term “kernel” might be unfamiliar for most people. It is a technical term that is not easily understood.
To keep it simple, the kernel is the base of an operating system. The kernel loads up immediately after the boot sequence. It has total control of everything inside a computer.
What is kernel-level anti-cheat?
Understanding kernel and rings are too technical and might be hard to understand. Basically, there are privilege tiers inside a computer called rings.
High privilege software is on Ring 0—meaning it is the top-most priority. One mistake at a kernel-level might brick the computer.
The next two tiers called Ring 1 and Ring 2 are for device drivers. Ring 3 with the least privilege belongs to all other apps installed on the computer. If one of these apps fail, the computer will still run smoothly.
Game developers have anti-cheat software included when a game is installed. It runs in the background while the game is open. This prevents maphacks, aimbots, and other known cheating mechanics.
However, some developers are forcing people to install kernel-level anti-cheat in order for users to play their games. This kernel-level anti-cheat system overrides some drivers installed on the PC.
These drivers are needed by some games in order for them to run smoothly. If a kernel-level anti-cheat is installed, it blocks the communication between the game and the drivers. This ends up with the game stuttering or encountering other issues.
If it is for cheat protection, why is it worrying?
Kerne-level programs are granted top privileges as mentioned earlier. The concept is nice on paper. However, these kernel-level programs are not fully secured—it still has its own vulnerability.
Think of this scenario: It is a regular gaming day and a kernel-level anti-cheat program runs at the boot sequence. It is now granted high privileges and may make or break the system when a hacker gains access.
Regular hacking is only limited to apps with the least privilege. But one potential exploits on the high privilege software risks losing one’s whole computer.
This kernel-level anti-cheat alter the communication between a computer and its drivers. All softwares that rely on a certain driver will not run as long as the anti-cheat system is running.
Some people might say that the anti-cheat system is easily closed through the Task Manager. However, that is not always the case.
The kernel-level anti-cheat programs run during a computer’s startup. This means that a software might not work immediately upon booting up a PC.
Will it decrease a computer’s performance?
There are reports that kernel-level anti-cheat messes up with a computer’s performance. It might be true, it might be not. But it is worth pondering.
Anti-cheat programs use CPU resources in order to run. It might take a lot of processing power but there is no proof yet.
Gamers often report that their PC slows down after the anti-cheat program runs. However, they do not consider other factors such as ambient temperature, overclock speeds, and other background apps.
For now, anti-cheats are not considered a CPU hogger.
Why do companies implement this level of anti-cheat?
There are players who use cheat engines at a Ring 0 level. This means that any anti-cheat software that a developer uses will not work if it is not on the same level. A Ring 3 anti-cheat software cannot block a Ring 0 threat.
The company has stood by its statement that Vanguard does not spy on users. It also claimed that the anti-cheat system will work seamlessly.
Riot even offered a US$100,000 [AU$150,431] bounty to anyone who can find flaws in their anti-cheat system.
Valorant is one of the hottest first-person shooting games available today. But, it is not playable if Vanguard is disabled. The game detects the PC as vulnerable and it will not run.
There are lists of games that use kernel-level anti-cheats that are being constantly updated.
Preventing cheaters is a top-priority for game developers. Kernel-level anti-cheat software is a great solution in theory. But, it has risks involved and it is understandable why there is a call for it to be removed.