this post was submitted on 15 Dec 2024
505 points (96.8% liked)

Games

32904 readers
1661 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 2 years ago
MODERATORS
 

Now that Stop Killing Games is actually being taken seriously - maybe we need to take a look at Stop Fucking Around In Our Kernels

I haven't really been personally affected by it before - I don't play any competitive multiplayer games at all. But my wife had her brother over, and he's significantly younger than us. So he wanted to play FortNite and GTA V, knowing I have a gaming PC. FortNite is immediately out of the question, it'll never work on my computer. Okay, so I got GTA V running and it was fun for a while, but it turns out all of those really cool cars only exist in Online. But oh look, now they've added BattlEye and I can no longer get online.

While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot), it's really not. Even if I wanted to install Windows ever again, I do NOT want random 3rd party kernel modules in there. Anyone remember the whole CrowdStrike fiasco? I do NOT want to wake up to my computer not booting up because some idiot decided to push a shitty update to their kernel module that makes the kernel itself shit the bed. And while Microsoft fucks up plenty, at least they're a corporation with a reputation to uphold, and I believe they even have a QA team or 2. CrowdStrike was unheard of outside of the corporate world before the ordeal and tbh nobody has ever heard of it afterwards again.

So I think this would be a good angle to push. That we should be careful about what code runs in our OS kernels, for security and stability reasons. Obviously it'd be impossible to just blanket ban 3rd party kernel modules to any OS. However, maybe here in the EU at least we could get them to consider a rule that any software that includes a component running in the OS kernel, MUST justify how that part is necessary for the software to function in the best possible way for the user of the computer the software is running on. E.g I expect a hardware driver to have a kernel module, and I can see how security software needs to have a kernel module, but I do NOT see how a video game needs to have an anti cheat with a kernel module. How does that benefit me, the customer paying to be able to play said video game?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 1 day ago

On the contrary, I think kernel level anticheat should be illegal

[–] [email protected] 6 points 1 day ago

On areweanticheatyet.com it seems like the percentage of denied/broken keeps getting higher and higher :(

I guess it makes sense, new games come out with anticheat, and rarely do new games come out without anticheat.

[–] [email protected] 61 points 2 days ago* (last edited 2 days ago) (9 children)

I usually solve this issue by... just playing something else.

It sounds hard, but I assure you, nothing is impossible.

load more comments (9 replies)
[–] [email protected] 4 points 1 day ago

While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot)

That's not trivial at all. Don't let anyone let you think otherwise.

[–] [email protected] 113 points 3 days ago (3 children)

It should be said that I'm not against games detecting cheaters and banning them from online play. It's very specifically kernel-level anticheats that I can't stand on principle.

[–] [email protected] 54 points 3 days ago (5 children)

I'm against them being able to ban you from playing online in its entirety, which is something they can do because most online games don't let you run the servers yourself anymore. Sure, if someone cheats on official servers, ban them from the official servers. They should still be able to play, cheating or not, on the server they run themselves, but that's not an option we even have most of the time.

[–] [email protected] 51 points 3 days ago* (last edited 3 days ago) (9 children)

This one is such an overlooked part of this whole dilemma. The problem is NOT THAT the official servers not allowing clients without kernel level anti cheat. It’s just we don’t have an option to host our own servers anymore and we’re confined to following the rules.

load more comments (9 replies)
load more comments (4 replies)
[–] [email protected] 23 points 3 days ago* (last edited 3 days ago) (3 children)

"Butbutbutbut server side anticheat is haaaaaaard and requires us to actually think about what values are actually valid and understand our own internal game states. Kernel level anticheat ~~lets us be lazy~~ costs us less and requires less development time!"

[–] [email protected] 18 points 3 days ago (5 children)

Unless they deviate substantially from how they build games in genres like shooters, server side anti-cheat isn't going to catch everything that kernel level anti cheat does. However, kernel level anti cheat doesn't catch hardware cheating anyway, so if cheating is always going to be imperfect, we ought to stop short of the kernel.

load more comments (5 replies)
load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 30 points 2 days ago (1 children)

There us no need. CrowdStrike was such a disaster for Microsoft that they are already on the path to locking down the kernel. Noboby but MS will have kernel access eventually. Give it a few years (and 1-2 Windows versions)

[–] [email protected] 23 points 2 days ago

Apple has already done the same with macOS 10.15 Catalina in 2019. No more kernel extensions = much better kernel-level security

This will become the industry standard

[–] [email protected] 24 points 2 days ago (1 children)

This will take a rogue agent to send malware or otherwise brick all machines by kernel injection. The crowd strike event poked a hole in the dam. This needs a full exploit to get major traction beyond game studios moving to the next kernel level drm/exploit engine.

[–] [email protected] 52 points 3 days ago (5 children)

Money talks.

Don't buy the game.

[–] [email protected] 6 points 2 days ago* (last edited 2 days ago) (1 children)

Absolute dogshit strategy. 99% of people will always buy the game so you not buying won't matter in the slightest. Unfortunate but true.

[–] [email protected] 3 points 1 day ago* (last edited 1 day ago) (3 children)

Why would they listen to your personal complaint if you, singular, are going to buy it anyway? Your voice only matters to a company if it means you won't buy their product otherwise. Don't buy the game, then tell them why you didn't.

load more comments (3 replies)
[–] [email protected] 25 points 2 days ago (1 children)

This doesn't work. It will never work. You can't shame conscious consumers into voting with their wallets while the other 99% keeps buying the bad practices.

Thing is, if nobody on Lemmy, and literally nobody in general who cares about anticheat, buys GTA 6, you know what effect that would have on the company's bottom line? None, they'll make record profits.

[–] [email protected] 19 points 2 days ago (2 children)

So now you try to convince the 99% of players that are buying the bad practices, that a magic (to them) program that prevents cheaters is bad (since "has too much access" doesn't really explain anything). They don't care and won't care.

[–] [email protected] 9 points 2 days ago (1 children)
load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 17 points 3 days ago

Right, well they are trying to start a campaign to popularize the comment you just made. Or at least that's my understanding

load more comments (2 replies)
[–] [email protected] 74 points 3 days ago (1 children)

I think it should also be noted that the games industry is not audited for security to the same degree as a lot of other industries. So vulnerabilities may not be found until years after launch and then go unpatched indefinitely because the company has already moved on to the next thing.

Hell, one of the older CoD games had an RCE vulnerability that as far as I'm aware is still not patched.

Plus, major publishers like EA are now pushing to create their own kernel-level anticheat in-house. Why should anyone trust them to create a secure piece of software that runs with the highest permissions possible when they can't even be trusted to create stable, functional games?

[–] [email protected] 31 points 3 days ago (1 children)

Someone discovered Dark Souls games had a RCE but they never responded to the person that kept emailing them about it for months. The security guy then started invading streamers and crashing the game while doing fun stuff like showing text on the screen. Only then did Fromsoft take down the servers and patch things up - which took a few months.

Yes, game companies really don't take security seriously.

load more comments (1 replies)
[–] [email protected] 23 points 2 days ago

Now that Stop Killing Games is actually being taken seriously

600k signatures to go. Link for EU citizens.

[–] [email protected] 23 points 2 days ago (2 children)

Arguing that buying something means you own it is much more digestible for the general public. Arguing that the video game codes run slightly different on your machine than you would like is esoteric and a non-starter. This is not a matter for the government, just don’t buy shitty games. Literally no game is required to be bought.

load more comments (2 replies)
[–] [email protected] 31 points 3 days ago (13 children)

It's been time. Game companies have no right to access that level of any system I paid for. If they want to use kernal level anti-cheat on their consoles, that's on them. But my computer? Absolutely not. They don't have a right to that, when I bought the computer I didn't agree to that in a EULA or TOS, and they do not make it apparent that their games carry this level of anti-cheat at sale.

load more comments (13 replies)
[–] [email protected] 25 points 3 days ago (2 children)

competitive multiplayer

I feel it should be added that this is one use of anti-cheat, but it also gets used on noncompetitive single player games, too.

Usually if a game has micro-transactions, but also to "protect our IP" as has been seen with a number of older non-MTX single player games recently being retrofitted with it.

load more comments (2 replies)
[–] [email protected] 29 points 3 days ago

With you on this, regardless of the method used, no app has any business running or snooping outside of the container that it was set up in. And this doesn’t just apply to desktop operating systems, mobile and entertainment consoles too.

I’d even take it a step further, that nonsense shouldn’t be on my machine in the first place.

Want to run anticheat stuff? Run it on your own crappy servers at your own cost and processing power. Live detect it through packets that are sent to you and are being processed, be it voice or input.

Whatever happens on my machine is none of your business.

[–] [email protected] 26 points 3 days ago (3 children)

This issue would be solved / non existent if matchmaking was not the only option for playing online game, which wouldn't be an issue if publishers stopped being so greedy and predatory when it comes to player retention, which wouldn't be an issue if the economic system we live in didn't promote this toxic behaviour.

So yeah, kernel based anticheats are mostly just a symptom of a larger problem, the rotten video games industry

load more comments (3 replies)
[–] [email protected] 23 points 3 days ago (3 children)

Good post thank you.

Totally agree. Went all-in on Linux earlier this year and it was all working pretty good but there is really no solution when all your buddies are playing fortnite.

The multiple "game streaming" services our there wasn't really cutting it either. I recall reading that Microsoft was going to be more strict with allowing kernel level anticheat but I don't remember exactly where in saw that and I'm too lazy to Google. I hope with all the new PC handhelds coming out (steam deck, etc), that major companies start pushing for this or figuring out a workaround.

[–] [email protected] 18 points 3 days ago (2 children)

In the wake of Crowdstrike, Microsoft was going to allow for additional avenues for hooks into the OS that don't reach as deep into the kernel level, but they never said they were removing the hooks that Crowdstrike or anti-cheat use, as far as I can tell. One solution for PC handhelds is to run whatever modified version of Windows that Microsoft is cooking up, so that you get the console-like interface without compromising on the anti-cheat compatibility. The solution Valve is seemingly hoping for is that, by disclosing kernel-level anti-cheat on the store page, such a solution becomes poison in the marketplace and developers choose a different one.

load more comments (2 replies)
load more comments (2 replies)
load more comments
view more: next ›