The CrowdStrike example really got me thinking about how fragile our systems are when software runs at the kernel level. I get that kernel-level anti-cheats are efectve at catching hackers who moved there first, but giving game devs that much control still feels risky. If Microsoft actually follows through on locking down kernel acess after all the promises, where does that leave competitive games?
Thing is, even with kernel level access, anti-cheat is not perfect. And there are new, and new ways coming to cheat, just check this for example: https://www.youtube.com/watch?v=9alJwQG-Wbk
And I understand this is an extreme example, but there are many of such ways to still cheat the anti-cheat system.
How do you even counter that with software?
If cheats are going to go so far that they exist out side of software and hardware, anti-cheat is not the solution.
So a new model needs to be developed anyways, regardless of if MS closes of kernel or not.
@neuralfoundry that's a really good question, and one that I'm not qualified to answer but I'll still share what comes to my mind.
I agree with you that especially after the CrowdStrike incident, closing the kernel does feel like the right thing. And with reports of security vulnerabilities present in k-level anticheat themselves, its basically volunteering for rootkits in a way. I myself wouldn't go with that on my main PC.
I think once and if MS actually goes on to close kernel-level access, the gaming industry will have to evolve by learning from the emerging attacks. The attacks could implement more sophisticated versions of software attacks, or outright from another dimension like hardware attacks that we've come to know about.
As @saqibtahir pointed out that kernel-level anti-cheats aren't perfect. I think, the question to ask is whether they are worth the privacy, stability and security concerns? Is getting a rootkit in return, a good trade for your system's stability?
Because of kernel-closure, I feel the attackers and anticheat devs are on an equal standing (from a privilege pov). And as usually goes with security, hackers usually outsmart everyone, but the security community eventually catches up to the attackers, to some degree at-least.
Btw, I'm really happy to have people like you reading and engaging with my pieces asking the right questions that even make me think too ;)
The CrowdStrike example really got me thinking about how fragile our systems are when software runs at the kernel level. I get that kernel-level anti-cheats are efectve at catching hackers who moved there first, but giving game devs that much control still feels risky. If Microsoft actually follows through on locking down kernel acess after all the promises, where does that leave competitive games?
Thing is, even with kernel level access, anti-cheat is not perfect. And there are new, and new ways coming to cheat, just check this for example: https://www.youtube.com/watch?v=9alJwQG-Wbk
And I understand this is an extreme example, but there are many of such ways to still cheat the anti-cheat system.
How do you even counter that with software?
If cheats are going to go so far that they exist out side of software and hardware, anti-cheat is not the solution.
So a new model needs to be developed anyways, regardless of if MS closes of kernel or not.
Let's hope for the best.
@neuralfoundry that's a really good question, and one that I'm not qualified to answer but I'll still share what comes to my mind.
I agree with you that especially after the CrowdStrike incident, closing the kernel does feel like the right thing. And with reports of security vulnerabilities present in k-level anticheat themselves, its basically volunteering for rootkits in a way. I myself wouldn't go with that on my main PC.
I think once and if MS actually goes on to close kernel-level access, the gaming industry will have to evolve by learning from the emerging attacks. The attacks could implement more sophisticated versions of software attacks, or outright from another dimension like hardware attacks that we've come to know about.
As @saqibtahir pointed out that kernel-level anti-cheats aren't perfect. I think, the question to ask is whether they are worth the privacy, stability and security concerns? Is getting a rootkit in return, a good trade for your system's stability?
Because of kernel-closure, I feel the attackers and anticheat devs are on an equal standing (from a privilege pov). And as usually goes with security, hackers usually outsmart everyone, but the security community eventually catches up to the attackers, to some degree at-least.
Btw, I'm really happy to have people like you reading and engaging with my pieces asking the right questions that even make me think too ;)
Thanks for the response, great stuff, subscribed!
Thanks