Categories: GamingSecurity

Why should you worry about kernel-level anti-cheat?


Cheating on PC games is still rampant to this day. Game developers are constantly searching for ways to prevent this. One solution that companies have done is applying kernel-level anti-cheat.

The kernel-level anti-cheat system that developers are using is getting controversial nowadays. There are a lot of reasons why gamers are calling for its removal.

The term “kernel” might be unfamiliar for most people. It is a technical term that is not easily understood.

To keep it simple, the kernel is the base of an operating system. The kernel loads up immediately after the boot sequence. It has total control of everything inside a computer.

What is kernel-level anti-cheat?

Understanding kernel and rings are too technical and might be hard to understand. Basically, there are privilege tiers inside a computer called rings.

High privilege software is on Ring 0—meaning it is the top-most priority. One mistake at a kernel-level might brick the computer.

The next two tiers called Ring 1 and Ring 2 are for device drivers. Ring 3 with the least privilege belongs to all other apps installed on the computer. If one of these apps fail, the computer will still run smoothly.

Game developers have anti-cheat software included when a game is installed. It runs in the background while the game is open. This prevents maphacks, aimbots, and other known cheating mechanics.

However, some developers are forcing people to install kernel-level anti-cheat in order for users to play their games. This kernel-level anti-cheat system overrides some drivers installed on the PC.

These drivers are needed by some games in order for them to run smoothly. If a kernel-level anti-cheat is installed, it blocks the communication between the game and the drivers. This ends up with the game stuttering or encountering other issues.

If it is for cheat protection, why is it worrying?

Kerne-level programs are granted top privileges as mentioned earlier. The concept is nice on paper. However, these kernel-level programs are not fully secured—it still has its own vulnerability.

Think of this scenario: It is a regular gaming day and a kernel-level anti-cheat program runs at the boot sequence. It is now granted high privileges and may make or break the system when a hacker gains access.

Regular hacking is only limited to apps with the least privilege. But one potential exploits on the high privilege software risks losing one’s whole computer.

This kernel-level anti-cheat alter the communication between a computer and its drivers. All softwares that rely on a certain driver will not run as long as the anti-cheat system is running.

Some people might say that the anti-cheat system is easily closed through the Task Manager. However, that is not always the case.

The kernel-level anti-cheat programs run during a computer’s startup. This means that a software might not work immediately upon booting up a PC.

Will it decrease a computer’s performance?

There are reports that kernel-level anti-cheat messes up with a computer’s performance. It might be true, it might be not. But it is worth pondering.

Anti-cheat programs use CPU resources in order to run. It might take a lot of processing power but there is no proof yet.

Gamers often report that their PC slows down after the anti-cheat program runs. However, they do not consider other factors such as ambient temperature, overclock speeds, and other background apps.

For now, anti-cheats are not considered a CPU hogger.

Why do companies implement this level of anti-cheat?

There are players who use cheat engines at a Ring 0 level. This means that any anti-cheat software that a developer uses will not work if it is not on the same level. A Ring 3 anti-cheat software cannot block a Ring 0 threat.

Riot is one of the companies that implemented kernel-level anti-cheat on their recent games. League of Legends and Valorant has a Ring 3 protection called Vanguard.

The company has stood by its statement that Vanguard does not spy on users. It also claimed that the anti-cheat system will work seamlessly.

Riot even offered a US$100,000 [AU$150,431] bounty to anyone who can find flaws in their anti-cheat system.

Valorant is one of the hottest first-person shooting games available today. But, it is not playable if Vanguard is disabled. The game detects the PC as vulnerable and it will not run.

There are lists of games that use kernel-level anti-cheats that are being constantly updated.

Preventing cheaters is a top-priority for game developers. Kernel-level anti-cheat software is a great solution in theory. But, it has risks involved and it is understandable why there is a call for it to be removed.

Images used courtesy of ChristianaT/Pixabay, Valorant/Facebook, League of Legends

Aim Orallo

Aim is a sports leader for Decathlon Philippines. He has great knowledge of marketing, sales, and management and previously worked as a sports multimedia journalist for a huge sports team in the Philippines. He currently writes about the latest news in gaming and technology for Micky.

Published by
Aim Orallo

Recent Posts

Bitcoin breaks past $57,000 to register new all-time high

Just barely 24 hours after the top digital asset climbed more than $50,000 and hit…

58 mins ago

BTS promises fans to release good songs after ‘BE Essential Edition’

After BTS released the "essential edition" of their latest smash BE, BTS promised their fans…

1 hour ago

Chloe Zhao teases new mythology for MCU with ‘Eternals’

Nomadland director Chloe Zhao will make her MCU debut with Eternals later this year. And she's excited for…

2 hours ago