EA announces kernel-level anti-cheat system for PC games

[+] smoldesu|3 years ago|reply

> EA says kernel-level protection is “absolutely vital” for competitive games like FIFA 23, as existing cheats operate in the kernel space, so games running in regular user mode can’t detect that tampering or cheating is occurring.

There are soccer games from the 90s that didn't need to run in Ring 0.

[+] sensitivefrost|3 years ago|reply

Yeah but to be fair, those games were nowhere nearly as popular as FIFA is today both casually and competitively.

[+] modshatereality|3 years ago|reply

They love their DRM. This won't stop programs running outside EA's view of "kernel space". Total waste of time, and opening a new side channel.

[+] mackatap|3 years ago|reply

Epic games has kernel level anticheat for fortnite and you hardly ever run into a cheater, I honestly cannot recall running into a single one in the last 2 years. Compare that to warzone that is rampant with cheaters. Comes with trade offs, but it is effective. Cheating ruins competitive games.

[+] nradov|3 years ago|reply

Any bets on how long it will take hackers to find a security exploit in this crap? Anything running at kernel level is going to be a prime target.

[+] josephcsible|3 years ago|reply

Given the track record with other games' kernel-level anti-cheat, probably not very long.

[+] sascha_sl|3 years ago|reply

Fun fact: Early on into Vanguard, Valorant's Anticheat, some system monitoring software would not run at all - even with Valorant not running, because cheaters used a vulnerable kernel module included with that software to get their code into kernel mode.

[+] gjsman-1000|3 years ago|reply

If they use remote attestation, it will be basically irrelevant if they do from EA’s perspective.

[+] stoicjumbotron|3 years ago|reply

Is there any good write-up or a video series where the hacker explains how they bypassed DRM or some other anti cheat system?

[+] honkycat|3 years ago|reply

Gross. Also a recipe for disaster. However:

As a "gamer", I have to say: We are running out of options for anti-cheat.

The cheaters are EVERYWHERE in games like Destiny 2, Fortnite, CS: GO, New World... any popular online game, the cheaters are in 1/10 matches ruining your fun.

Weather or not a kernel level anti-cheat will help? Probably not. It is unfortunate that a lot of lower information consumers are going to install this crap onto their PCs.

[+] josephcsible|3 years ago|reply

A lot of games already have kernel-level anti-cheat. Was it successful in fixing the cheating problem for any of them?

[+] sascha_sl|3 years ago|reply

Getting a machine dedicated to games where I don't do much else has been a decision that, although costly and annoying, keeps being correct.

[+] pjmlp|3 years ago|reply

This is the kind of thing UWP sandbox, or killing kexts in macOS forbids, but hey lets enjoy the freedom of installing anything.

They manage on mobile devices without kernel level anti-cheat systems.

[+] alex7734|3 years ago|reply

You have SafetyNet in Android which does the same thing, prevent device or app tampering.

[+] anvic|3 years ago|reply

You don't need that on mobile devices because Android and iOS already provide with attestation systems, which Windows lacks (by now)

[+] rasz|3 years ago|reply

We need total DRM to sell you NFTs^^^uh, I mean player cards!

[+] peanut_worm|3 years ago|reply

Elden Ring has kernel-level anticheat and people STILL cheat

[+] TylerH|3 years ago|reply

I'd sooner have real IDs tied to internet personas than this shit

[+] taskforcegemini|3 years ago|reply

don't encourage them

[+] lillecarl|3 years ago|reply

Couldn't secureboot disable the kernel anticheat then? Microsoft has verified your kernel and drivers for you.

[+] mccorrinall|3 years ago|reply

No. A cheat developer could still just sign a driver like every other developer and load a hypervisor. Then hook everything you want and youre gucci.

Another option: there are a lot of vulnerable drivers, such as intels LAN driver, or capcoms. Of course those are blacklisted and anti cheats usually don’t let you start the game when those are loaded, but you can use exploitable those to load your own driver, and then unload the vulnerable driver.

Other things you can do: DMA stuff, uefi payloads and more.

You will never be able to prevent cheating on user owned hardware which sits under their desk.

[+] db48x|3 years ago|reply

No thank you.

[+] whatsthatabout|3 years ago|reply

Bad news for proton / the steamdeck I believe?

[+] goosedragons|3 years ago|reply

Depends on whether EA cares enough about it. Epic did make EasyAntiCheat compatible with Proton so it's not un-doable.

EA at least said it won't be every game either so hopefully if they didn't it won't be a huge problem either way.

[+] jbverschoor|3 years ago|reply

So run it in a VM and cheat from there?

[+] Szpadel|3 years ago|reply

from a long time already running in VM is automatically detected as cheating. a lot of people lost their accounts because of that (with permanent bans)

[+] ElfinTrousers|3 years ago|reply

If anyone from EA is reading this, please consider this to be a formal invitation to kiss my skinny white ass.

44 comments