this post was submitted on 13 Mar 2025
48 points (85.3% liked)

Linux

51894 readers
1309 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I'm not finding any information online other than that it's difficult

top 50 comments
sorted by: hot top controversial new old
[–] merthyr1831@lemmy.ml 3 points 19 hours ago* (last edited 19 hours ago) (1 children)

WINE Is Not an Emulator (that's what the acronym actually stands for).

At a program level, WINE creates a dummy Windows directory structure, slaps files where an exe expects them, and executes the program.

EXEs (well, all programs) will use system calls to request resources (ie. files, access to hardware like GPUs, data from other processes) which Windows maps to certain areas of memory and has its own protocols for how to handle requests. Linux has its own protocols and methods that are incompatible, hence why Windows and Linux apps can't run natively together.

Then the magic happens: WINE maps these requests to Linux requests so that the running program is none the wiser. It asks for GPU resources like a Windows app would, then gets those resources back just like a Windows app would expect. There are thousands of edge cases, hundreds of system calls, and a bunch else that complicates things but that's how WINE (and Proton) works.

The reason this fucks up Kernel-level anticheat is that it isn't trying to communicate via these established channels. They usually operate with full resources outside of the jurisdiction of your OS, and scan your memory bit-by-bit rather than asking the OS politely via system calls for info on other processes.

With WINE, whilst a typical application will not notice the differences they're designed to not throw a fit if your underlying OS is configured differently, a kernel anticheat will not even recognise the system as a valid OS even if it was able to run in the first place.

The solution here is systems like EasyAC that give up the benefits of being able to analyse processes at the kernel level in favour of portability. Another potential solution (though unlikely imo) is a cross-platform kernel anticheat protocol, that all major operating systems agree to implement, similar to how operating systems will implement the TCP/IP protocol to communicate across networks regardless of underlying OS.

Now the reason "WINE"s acronym is particularly important is that if it DID emulate windows, as in what most virtual machine providers do, then anticheat would be running in an environment mapped out like a real Windows install - because it is. This is how many Linux gamers prefer to run certain titles, and something that should always be functional. It is much more annoying to maintain, However - balance how much you really wanna play the latest COD with your willingness to debug GPU passthrough shit.

[–] communist@lemmy.frozeninferno.xyz 1 points 18 hours ago (1 children)

Good read, what if they just want the games to run and don't care about functional anticheat? Couldn't they send fake info to the anticheats, or do you think that would be technically impossible?

[–] merthyr1831@lemmy.ml 2 points 17 hours ago

Short answer: Yep, cheat softwares regularly do this too, but it's costly and prone to being immediately patched, and it's potentially illegal.

Anticheat systems are designed around this since a cheat client would try to do exactly that. One way for example is for the anticheat to provide a cryptographic key to the game which it uses to prove to a multiplayer server that the anticheat is functioning and untampered with. Even if you bypass anticheat locally, you still have to prove that the game client is legitimate to the server. This does happen! But kernel anticheats are much harder to access and tamper with, and in our case of using WINE are unlikely to even work from the outset.

So okay, let's hypothetically bypass anticheat locally. We modify the game to tell the server it's legit, and it works! A few days later the game gets patched, and suddenly our bypass is defunct. For cheat sellers this part of the cost of business but for people just trying to game on Linux there's little money in it, and if there is it won't ever be spent on circumventing anticheat (which also falls under some legal grey areas if not outright illegal depending on your country).

Given enough time and resources we could probably find some novel way to crack anticheat on a game as such as it becomes playable on Linux. But it's so much easier to use that effort somewhere else or just use a Windows VM that is guaranteed to work even if slightly slower.

[–] Mwa@lemm.ee 2 points 1 day ago

Only anticheat that doesn't nest itself very deep into the windows kernel.

[–] brax@sh.itjust.works 10 points 2 days ago (1 children)

I hope not. I hope it never does. Windows users are weird enough not giving a shit about installing rootkits on their computer. We don't want this in Linux. What computer is worth compromising just for some game to determine whether or not you're cheating at it?

I don't want it to properly function, I want it to run in userspace.

[–] anon5621@lemmy.ml 85 points 4 days ago (19 children)

User space level anticheat yes,kernel anticheat no and I actually happy about ,kernel level anticheat behaving literally like malware/rootkit

load more comments (19 replies)
[–] bjoern_tantau@swg-empire.de 49 points 4 days ago (3 children)

Did you know that most big anti cheat systems actually do run in Wine when allowed to by the developer?

load more comments (3 replies)
[–] eugenia@lemmy.ml 40 points 4 days ago (1 children)

No, forget anticheat games. It's not possible to create a "fake" rootkit. If it was possible, they would have done it for Windows too, and it would defeat the purpose of anti-cheat. So, just don't run these games. They don't worth your security.

[–] caseyweederman@lemmy.ca 3 points 3 days ago

I mean I wouldn't mind defeating the purpose of anticheat. Let's all defeat the purpose of anticheat.

[–] markstos@lemmy.world 22 points 3 days ago

Yes, we are waiting for the CrowdStrike aha moment where the industry learns the hard way that anticheat with root privileges was a dangerous idea not worth the risks.

[–] NutWrench@lemmy.ml 34 points 4 days ago* (last edited 4 days ago)

Will wine ever be able to run antiCheat.

I hope not. I switched to Linux to get away from malware and spyware.

[–] EarlGrey@discuss.tchncs.de 12 points 3 days ago* (last edited 3 days ago) (1 children)

IIRC Most major anti-cheat platforms not using kernel -level support linux these days. The SteamDeck forced their hand.

The problem is the developers. They have the ability to specifically block Linux and that's only going to change once enough people use it. As for kernel level that's an entirely different can of worms and I'm fine just not playing those games.

[–] merthyr1831@lemmy.ml 1 points 19 hours ago

There's also the challenge of getting developers to retroactively fix AC support for games that are still popular but not otherwise maintained. Though this is usually an issue with kernel level stuff that can't easily be fixed on Proton's end on a case by case basis.

[–] the_riviera_kid@lemmy.world 4 points 2 days ago (1 children)

https://areweanticheatyet.com/no-js

Proton anti-cheat works with punk buster and what ever garbage gta5 is using now.

[–] merthyr1831@lemmy.ml 1 points 19 hours ago

GTAV? I thought there would be more fanfare considering how much coverage the removal of Linux support got

Anticheat detects if you're running normal Windows or something else.

If you're using something else, they won't let you play the game.

Wine is something else.

[–] richardisaguy@lemmy.world 22 points 4 days ago (6 children)

Unlikely; ultimately wine can run userspace anti-cheat but not kernel level anti-cheat, not by itself, is this were to happen it would take a few changes on how we do things

[–] LoreSoong@lemm.ee 4 points 4 days ago

Ive seen it suggested from others/content-creators that valve or some other finacially involved company should make their own distro or simply a kernel that would have built in killswitch that flags the user when they fail required modification checks and prevents online play.

What really needs to happen is the eventual mass exodus from windows due to its continued enshitification. The increase in linux users + any notable figures like pro gamers or content creators that switch over to linux will force game developers financially to open anticheat to linux users and make a blanket solution.

load more comments (5 replies)
[–] gnuhaut@lemmy.ml 10 points 3 days ago

Anti cheat software tries to find cheats running on the computer, and in order to that, so called kernel-level anticheat hooks into NT (Windows kernel) internals, and runs at the highest possible privilege level. It has to do that so it can monitor everything going on in the system. If it didn't do that, the cheat could just hide from the anticheat software by running with superior privileges.

Wine does not implement undocumented/internal parts of NT, and neither does it run at an elevated privilege level. It also cannot realistically implement any and all possible NT kernel internals, and it cannot possibly hide the fact that it's actually wine, and not real Windows, from any program that really wants to figure this out.

If wine tried to implement a specific workaround for a specific anti-cheat software/version, in order to it trick into thinking it's running on a real Windows system with elevated privileges, the anti-cheat vendor would likely interpret this as a kind of deception, and they could easily update their software to detect this situation.

Theoretically, anti-cheat vendors could do kernel-level anticheat for the Linux kernel specifically if the game runs on Linux, but this has problems: First of all a general backlash and complete lack of cooperation from the Linux community (btw, Microsoft isn't too happy about them doing this on Windows either, and they might at some point do something about this, since it's bad for security and stability). Also, Linux kernel internals aren't at all stable, and so just practically you cannot hook into the Linux kernel nearly as easily as you can into NT.

Some anti-cheat vendors do support Linux though, but only optionally if the game dev allows that. In practice, this just means many checks will just be disabled on Linux, which is presumably why many games do not enable the Linux support.

tl;dr: No. Only the anti-cheat vendor / game dev can realistically fix the situation, and they may not want to because it'll be worse at actually detecting cheats on Linux in practice.

[–] Cris16228@lemmy.today 17 points 4 days ago (1 children)
load more comments (1 replies)
[–] irotsoma@lemmy.blahaj.zone 1 points 2 days ago

Most could, but most are also designed not to because adding a virtualization type of layer allows for ways to circumvent it. Anticheat needs to trust the environment it is running in so it can rely on the information. Wine is designed to replicate things it trusts in Windows, but not actually necessarily replicate the way the kernel actually does those things, so the things they are relying on might not mean the same thing as the do in Windows. So they'd need to analyze and possibly implement things a bit differently. This takes time and money and for companies like this, the customer isn't the user, so they have little reason to cater to users needs. Pro gaming and a few online game companies are their primary customers and they generally don't want to support Linux anyway.

[–] umbrella@lemmy.ml 5 points 3 days ago

it already runs anticheat whenever game developers allow it to.

[–] mactan@lemmy.ml 3 points 4 days ago

Lightning flashes, sparks shower, in one blink of your eyes you've mis-seen.

[–] notanapple@lemm.ee 2 points 4 days ago (1 children)

I wonder if immutable systems could negate the need for kernel anti cheat. If the game can ensure the current kernel and image is one from a list of acceptable ones, it doesn't need to kernel anti cheat. They could do this by comparing the checksum or something.

[–] Blaiz0r@lemmy.ml 4 points 3 days ago

That's essentially a console and not a 'pc'

load more comments
view more: next ›