this post was submitted on 08 Jun 2025
80 points (96.5% liked)

Linux

54996 readers
662 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago
MODERATORS
 

From both a technical perspective and if the maintainers of these anti-cheat will consider porting or re-writing kernel level anti-cheat to work on linux, is it possible? Do you think that the maintainers of kernel level anti-cheat will be adamant in not doing it, or that the kernel even supports it or will support it. I think that if it ever happens, there will be a influx of people moving to linux, or abandoning their duelboots, and that alot of people will hate that such a thing is available on linux.

top 50 comments
sorted by: hot top controversial new old
[–] muusemuuse@lemm.ee 3 points 1 hour ago

Short answer: no

Long answer: only the most important things should even have such low-level access to the system. A fucking game is not in that category. Nooooooo

[–] qweertz@programming.dev 7 points 4 hours ago

Every IT-literate person fights kernel-lvl malware disguising as games with everything they got.

Since Linux has a high percentage of those, I hope those "solutions" will never spread

[–] savvywolf@pawb.social 4 points 3 hours ago

It's relatively trivial, you just need to write a kernel module. You'd just need/want to make it gpl so everything it does is fully audited and transparent. That's not a problem, is it? Right?

From a technical standpoint, you could argue that someone could create a fork of the kernel that spoofs the interface that the anticheat uses to make it ignore things. You can, of course, also do something similar in Windows, but security theatre never let practicality get in the way.

[–] phantomwise@lemmy.ml 37 points 10 hours ago (1 children)

I can't wait until I am able to give random programs kernel access on my system! That doesn't sound problematic in the least! After all, I have the fullest confidence that for companies developing anticheat, my security is their highest concern! /s

[–] nanook@friendica.eskimo.com 0 points 4 hours ago (1 children)

@phantomwise @SpiderUnderUrBed Every program on your system has "kernel access", it's called "syscalls", but actually being able to modify the kernel, that is another matter.

[–] lemmylemonade@lemmy.ml 3 points 3 hours ago

lol 🤣. Aren't you a tech guy?

[–] ulu_mulu@lemmy.zip 88 points 18 hours ago (1 children)

I surely hope they never will, no user program should ever be allowed to run at kernel level, that's what malware does.

I personally avoid those kind of games, but those who won't can dual-boot.

[–] Mwa@thelemmy.club 8 points 17 hours ago
[–] AnnaFrankfurter@lemmy.ml 23 points 16 hours ago* (last edited 16 hours ago) (1 children)

From technical point of view it is possible. eBPF already has almost everything needed for doing that. And I think it can be done with a simple LKM but if they want it included in the main tree I'm sure they'll get some colorful email from Linus.

[–] Diplomjodler3@lemmy.world 15 points 15 hours ago

I really want to see that email.

[–] buckykat@hexbear.net 36 points 20 hours ago

kernel level anti cheat is malware

abandon ranked, return to private lobbies

[–] olafurp@lemmy.world 51 points 21 hours ago (2 children)

It's the other way around. Windows will stop supporting kernel level anti-cheat because of Crowdstrike

[–] EtzBetz@feddit.org 5 points 9 hours ago

They want to provide APIs that basically do an equal job but will restrict direct access.

[–] vintageballs@feddit.org 5 points 12 hours ago
[–] haui_lemmy@lemmy.giftedmc.com 22 points 19 hours ago

I sure hope not. Play on someone else's pc if you want them to have control.

[–] dan@upvote.au 40 points 22 hours ago* (last edited 19 hours ago) (8 children)

AFAIK Microsoft have plans to block kernel level anti-cheat on Windows. After the CrowdSec issues last year, they're rethinking which types of programs should even be allowed to run in kernel space.

Edit: I was wrong. They actually want to increase what can be done in user mode, to reduce reliance on kernel mode code.

[–] GenderNeutralBro 11 points 13 hours ago

They actually want to increase what can be done in user mode, to reduce reliance on kernel mode code.

That's basically what Apple did with macOS 11. They deprecated kernel extensions and replaced them with "system extensions", and created new APIs so security tools, VPNs and such could function without kernel-level privileges.

[–] coconut@programming.dev 11 points 19 hours ago (1 children)

They don't. One article lied, people never read anything but the title and here we are this getting mentioned every once in a while.

[–] dan@upvote.au 8 points 19 hours ago

Thanks. I looked into it a bit more and it looks like they actually want to increase what can be done in userland, to reduce the reliance on kernel mode. That's still a good solution, if things the anti-cheat code needs to do can be moved into userland.

load more comments (6 replies)
[–] HelloRoot@lemy.lol 6 points 16 hours ago* (last edited 16 hours ago) (1 children)

Doesn't Splitgate 2 have kernel level anti cheat that works on Linux? Maybe it is "trapped" inside wine/proton but they explicitly made it work and people are thanking them on steam discussions.

[–] GregorGizeh@lemmy.zip 6 points 9 hours ago

Helldivers 2 works (or at least used to when I played it) as well, while requiring kernel access on windows

[–] coconut@programming.dev 63 points 1 day ago (4 children)

Sure hope not. If I wanted to run rookits I'd just use Windows. Why bother with Linux?

This is why I don't want more Linux adoption and don't understand people cheering every new user. We're in a sweet spot where a lot of games enable userland anticheat while we don't get kernel level ports (however they may be shipped doesn't matter). The only thing that'll come out of more adoption is kernel level anticheat ports that'll probably work with a few corporate backed distros only and we'll actually lose the games we have today. Because those will switch over the kernel level alternatives too.

The only way I'd like Linux to be a generic multiplayer platform is server side anticheats. It is very obviously the way to go and we are seeing extremely slow adoption (e.g. Marvel Rivals).

[–] Geodad@lemmy.world 3 points 13 hours ago

I think the more people who aren't using corporate operating systems, the better.

I'm firmly against Microsoft, Red Hat, and Ubuntu.

[–] ulu_mulu@lemmy.zip 4 points 18 hours ago

On one side, I'm one of those glad for people coming to Linux because Linux is truly fantastic and it can make your life easier on many things, I'm happy for them.

On the other side, I share your concerns, because everything that gets adopted by the masses is inevitably subject to enshittification, I would never want that to happen to Linux.

We should find a sweet middle-point tho I have no idea what that would be.

load more comments (2 replies)
[–] Mwa@thelemmy.club 5 points 17 hours ago

No Wine/Proton cannot translate calls that run too deep into the Kernel

[–] MachineFab812@discuss.tchncs.de 35 points 1 day ago (3 children)

I think its less a question of the technical feasibility, and more of an issue that we, as users, don't want more closed-source blobs in our kernels. Meanwhile, the publishers insist that they can't open-source their anti-cheat code; Their idea being that if we know what's in it, it will be easier to bypass.

Basically, one distro or a few(at most) may get anti-cheat integrated one day(like, say, SteamOS), but it will likely never be in your standard Linux kernal.

They could go the rought of kernel modules, I would think, but for whatever reason, we're still having this conversation.

[–] phantomwise@lemmy.ml 0 points 10 hours ago

Shite is still shite, even if it's open source shite.

[–] unprovenbreeze@lemmy.dbzer0.com 6 points 22 hours ago* (last edited 22 hours ago)

Basically, one distro or a few(at most) may get anti-cheat integrated one day(like, say, SteamOS), but it will likely never be in your standard Linux kernal.

Valve also has server side anticheat in his games (Counter Strike or Deadlock). They are also against it.

Kernel-level anticheats can be bypassed anyways, but they are the easy solution for the corps that want to sell their multiplayer game.

load more comments (1 replies)
[–] kadup@lemmy.world 24 points 1 day ago (2 children)

Absolutely nothing prevents somebody from writing a kernel level anticheat on Linux.

Users would throw a fit, and it would be way easier to bypass, but it certainly could be made.

load more comments (2 replies)
[–] Thordros@hexbear.net 12 points 22 hours ago

Meanwhile in indie land, I just tried to cheat my way through a Chapter 3 minigame in Deltarune, and Toby Fox himself showed up in his dogsona to blow up the game and make me start the minigame over.

This is the extent to which anti-cheat measures should go.

[–] MonkderVierte@lemmy.zip 3 points 16 hours ago
[–] thingsiplay@beehaw.org 11 points 23 hours ago (2 children)

One way I can imagine it being some certified Linux kernel versions that are accepted and worked together with anticheat creators. That way Valve could use the Kernel in Steam Deck or SteamOS, so any game works out of the box. And other distribution users can just install this Kernel too, if their distributions provide it.

Anyone who don't want to have Kernel level anticheat systems enabled on their system, do not need to install the Kernel. Therefore they are secure against it. But for anyone else who wants it, they can. At least this option would be a compromise.

[–] vrighter@discuss.tchncs.de 5 points 22 hours ago (4 children)

if it's linux, it has to be open source. If it's open source, people will code around it immediately. How about not trying to shoehorn this useless crap in the first place?

[–] 0xtero@beehaw.org 6 points 22 hours ago

It doesn’t have to be open source. There’s plenty of binary firmware and drivers around.

load more comments (3 replies)
load more comments (1 replies)
[–] JTskulk@lemmy.world 12 points 23 hours ago (3 children)

I'm not a programmer or cheater or anything, but I think the answer is yes and no. Yes it could technically be done and even work as intended as long as the device is locked down to prevent the user from replacing the shipped kernel (which would be a bad thing for users). However, savvy people could (in theory) make custom kernels that lie to the kernel module, causing the module to report there is no cheating when there is. It's my understanding that it's close to the current situation with Windows and virtual machines and anticheat: you can cheat by running your game in a VM and then have that virtual hardware extract secret information or flip bits in the right spots. Most competitive games will refuse to run in a VM for this reason.

[–] coconut@programming.dev 3 points 20 hours ago (2 children)

Kernel level anti cheats require secure boot. You can't just "lie" and load an unsigned kernel.

[–] DarkMetatron@feddit.org 7 points 20 hours ago* (last edited 19 hours ago) (5 children)

You can add your own signing keys to the UEFI and boot an modified bootloader and Kernel that you have signed yourself. So yes, it is possible to "lie"

For such a locked down system, akin to game consoles or smartphones, would be needed. And even those get jail broken and manipulated, so "total security" on there is not complete but easier to check and ensure. Another way to make sure that the code is not manipulated would be to put all those games into the cloud and have every player only play via streaming. All the code would then run on secured, locked down and verified machines.

[–] jbloggs777@discuss.tchncs.de 2 points 18 hours ago* (last edited 18 hours ago)

Another technique that helps is to limit the amount of information shared with clients to need to know info. This can be computationally intensive server-side and hard to get right .. but it can help in many cases. There are evolving techniques to do this.

In FPS games, there can also be streaming input validation. eg. Accurate fire requires the right sequence of events and/or is used for cheat detection. At the point where cheats have to emulate human behaviour, with human-like reaction times, the value of cheating drops.

That's the advanced stuff. Many games don't even check whether people are running around out of bounds, flying through the air etc. Known bugs and map exploits don't get fixed for years.

load more comments (4 replies)
load more comments (1 replies)
load more comments (2 replies)
[–] MTK@lemmy.world 6 points 20 hours ago

It is probably actually easier to create on linux as it is foss and there are also good projects like eBPF which can maybe even simplify and make it more secure.

[–] bad_news@lemmy.billiam.net 12 points 1 day ago (3 children)

It already works, but studios using anticheats that DO support Linux CURRENTLY don't bother implementing it because we're maaaaaybe 3% of the market on a good day, so they say "fuck it" and don't expend a few dev hours to enable it because they see it as a pain to deal with v users who need it.

[–] bonn2@lemmy.zip 11 points 1 day ago (1 children)

AFAIK the current anticheat systems on Linux only run in userspace not at kernel level. This does mean Linux is theoretically easier to bypass compared to windows, some games just dont seem to want to take that risk. For as you said 3% of the market.

I personally disagree with that stance though, because all it takes is a hardware device and all software anticheats are useless no matter the os (think a raspberry pi, and capture card). So anticheat is really a losing battle anyways.

load more comments (1 replies)
load more comments (2 replies)
[–] southsamurai@sh.itjust.works 8 points 1 day ago

I hope to fuck not.

[–] solrize@lemmy.ml 8 points 1 day ago (2 children)

What does it even mean? People can recompile the kernel to turn the crap off.

load more comments (2 replies)
load more comments
view more: next ›