In the past decade, major competitive online games, especially first-person shooters like Activision-Blizzard’s Call of Duty and Bungie’s Fate 2, had to scale up its operations massively to combat the business boom of fraudulent sellers. But a growing segment of players are voicing concern that the software used to detect and ban cheaters has become too broad and invasive, posing a significant threat to privacy and integrity. of the system.
The problem is kernel level drivers, a relatively new escalation against cheaters. The kernel itself—sometimes referred to as “ring zero”—is a distinct part of a computer where its core functionality runs. Software in this area includes operating systems, drivers that interface with hardware — like keyboards, mice, and video cards — as well as software that requires high-level permissions, such as anti-virus suites. While the faulty code is executed in user mode – “round 3”, where web browsers, word processors and the rest of the software we use exist – resulting in that particular software being corrupted. hangs, a bug in the kernel crashes the entire system, usually during the common Blue Screen of Death. And because of that arrangement, user-mode software has very limited visibility into what’s happening in the kernel.
Therefore, it is not surprising that some people make reservations in advance. But the reality is that security engineers, especially those working to establish fairness in the hyper-competitive FPS genre, don’t have much of a choice. Anti-cheat systems are heading to the kernel in part because that’s where the cheaters are.
Paul Chamberlain, a security engineer who worked on anti-cheat systems for games like Valuable substance, Fortniteand League of Legends. Chamberlain recalls witnessing his first kernel-based game exploit — the infamous game World of Warcraft Glider — at Defcon . Security Conference in 2007. “But by about 2015, most of the sophisticated, organized fraudsters were using kernel drivers.” With the tools available, there isn’t much anti-cheat software that can combat aimbots and wallhacks living in the kernel. Also around this time, at Steam developer conferenceAarni Rautava, an engineer with Easy Anti-Cheat – which will eventually be acquired by Epic Games – claims the overall market for cheats has grown to $100 million north.
However, game researchers are and often remain cautious about implementing their own driver solutions. Working in the kernel is hard – it’s more specialized and requires a lot of QA testing because the potential impact of bad code is much stronger – leading to increased costs. “Even at Riot, no one wants us to be drivers. Clint Sereday, another security engineer who worked on Vanguard, said: Valuable substancenuclear level anti-cheat system. “At the end of the day, they don’t want to have to bring in a driver to protect their game if they don’t have to.” But in the hyper-competitive FPS space, especially as a tactical shooter, where a single hit to the head can lead to instant death, high-impact cheats can quickly erode erode player confidence. In the end, Riot seems to have calculated that whatever backlash a nuclear solution generates (and there are many) is better than being thwarted when fighting cheaters on the ground.
But for many gamers, Who pushed to the kernel first doesn’t matter. They worry that an anti-cheat kernel driver might secretly spy on them or create exploitable vulnerabilities in their PCs. As one Redditor said: “I will live with cheaters. My privacy is more important than a freak game.”
A kernel driver can certainly introduce some kind of vulnerability. But the chance that a hacker targets it is slim, at least for the vast majority of people. “You are saying easily hundreds of thousands of dollars, perhaps millions of dollars for such an exploit if it is remotely executable,” said Adriel Desautels, founder of penetration testing firm. Netragard. “What attackers want to spend their time and money on are things where they can hit one thing and get lots of loot,” like other malware or criminal attacks where Large amounts of valuable data are stolen or held for ransom.
