@LowLevel-TV I really wish the slop at the center of Windows would stop conflating itself with real modern operating systems by calling itself a kernel.
If you’re gonna cover news at least cover the news, the entire time I sat there hoping you’d cover more of the article, especially where it was claimed thousands were effected. Instead I got almost pure editorial. Damn waste of time….
Ricochet is deliberately crap, they know AC on PC is a waste of time in 2024, so instead of leaning away back towards locked-bootloaders (eg Xbox Playstaion) where ESP hacks are impossible as are DMA, they figure they(M$) will lean into making the sheep pay for their own hardware because they have their eyes on steam.. That's why COD on Xbox doesn't let you disable cross-play, PlayStation can but watch that go bye-bye when their SLA expires and then gaming will be all but ruined forever... well the old days of (mostly) fair Skill-Based Multiplayer gaming anyways
Yeah, thanks but no thanks, Windows has had it's day, it's time for GNU/Linux Gentoo to take over the wheel. (PS. Never would I allow this garbage to be installed on my system, fuck that)
Unfortunately, they'll move all the games to android with its locked down ecosystem. People need to vote blue, but also speak up and send messages to all their representatives. The party that has backed consumer rights so far is our only hope. The republicans want to stop things like wikipedia and the internet archive. If a rich moron is not making all the money, it's not allowed. Legislation could put a stop to unloackable bootloaders, no source access to block flexible use of hardware you paid for, and this low level spying on your device over a video game. Devs need to figure things out without resorting to this unacceptable level of intrusion. It is like having a camera in your toilet that someone else controls without you ever being told about it. All to play a video game. It makes zero sense. If we don't vote for freedom now, drm laden OSes will control all the content with ever rising fees for less and less content. Execs will do what they always do and squeeze everyone around them. Rich vs poor is real and its all the rich people doing it. Musk will have spent over a billion dollars on this election and his goal is to take away your rights while making rich people immune to laws like an oligarch or a high level ccp member.
That's really funny, because i remembered funny times in Lineage 2 when you could ban LITERALLY THE ENTIRE SERVER by chatting "UOPilot" in the world chat. (UOPilot being the scripting engine that can help you to automate some of the grind). Anticheat of the game saw "UOPilot" in memory of the game's process and instantly banned you. Funny part here is that it was happening 10-15 years ago. And here we are, as you said, AAA and AAAA anticheat devs cant evade stepping on the same old rake.
People don't learn. Doesn't have to do with cheating but same stupidity: Heroes of the storm hadn't a functioning report system. Toxicity spiraled out of control, it was brutal. They admitted that they didn't had a functioning report system and then fixed it. Couple of years later: The exact same thing in Overwatch and the same procedure. Both from Blizzard btw
Step 1) Make all users agree to TOS including forced arbitration. Step 2) Make all users give your program Kernal level access to their PC. Step 3) "Forget" some key safety measures that protect your users personal information and private data. Step 4) ?????? Step 5) Profit.
"There will be no cheaters, if we'll ban all players" - Activision P. S. No more likes, 666 is perfect. If you break it, you're python developer. P. S. Foukin python developer, you broke it.
How is it possible that an anti-cheat tool can permanently banning accounts, robbing people of something they legitimately paid for, based on such a flawed logic (or even total lack thereof)? That isn't just stupid, that is outright criminal. Companies deeming it acceptable to integrate such tools in their product should be held fully responsible.
@@PatashuAnd no one reads them or thinks "I don't do anything criminal, that won't hjt me anyway." Like our legal system where there are people who say "We don't need privacy, I don't do anything wrong. they can see what I do." But our system can have flaws same as an anti-cheat and your friend sends you a chat in which president and b0mb occur randomly and some secret service scan puts you on a list.
What baffles me the most is that CoD has like a 2 decade history of people just throwing verbal abuse and cheating accusations left and right, so the memory region with chat messages would be like the first place to think about when designing an anti-cheat and where to disable its checks, no?
@@Wielkimati Well, no, because them the chat is a possible vector of attack. What we're seeing here is the big inherent flaw of intrusive external anticheats, there's too many false positives and it's still not an ironclad wall. The solution is designing the code for security and having the anticheat be part of the code base itself, something as simple as server-side checks. But no one's going to bother with that now, are they?
I just stick to older games now. Modern gaming is a massive joke. "Yeah guys, let's diminish all our privacy and security and hand complete control over to a game's software so that we can play another bottom tier game with 0.0001% less cheaters!"
@@RottenMuLoT fun fact: if you run a modern game where you can blow up a barrel, you can physically feel the heat coming out of your GPU whenever you do so.
Thank you! I had to look it up, learn what it was :) I didn't know there was a name for this kind of thing. Some of the examples in Wikipedia are hilarious!
Yeah, that is the same reason I am against kernel level anti cheats. You can't trust specialized security companies like Crowdstrike with kernel access and you can definitely not trust random game companies with access to your kernel, even if it doesn't get used by bad actors it leaves plenty of room for companies wanting money to abuse the access you agreed to to play their game.
So do you run each of your game under its own user and never grant the game's installer elevated privileges without first reverse-engineering it and checking what it does? Kernel level drivers are primarily a security problem, but from a privacy standpoint, it's not a night and day difference unless you go out of your way to manually isolate everything, which no one does. And those who do wouldn't use that PC to play games.
@@hovnocuc4551no, you check what anticheat the game uses (if any, they're not mandatory) and if it runs outside userspace you play something else and don't install it, stop bikeshedding.
@@hovnocuc4551 i have made a quick bash script to start all my games in their own wine instance, while also being isolated. I wish more people did this because it wasnt really that hard to do. im still working on polishing it, but it works well enough for me and my games.
@@hovnocuc4551 The issue isn't that kernel-level anti-cheats can destroy your privacy (although with kernel-level access, they definitely could). It's that they could do stuff that either destabilizes your system or, worse, corrupt your OS in such a way as to brick it, potentially rendering all of your data inaccessible indefinitely. This is why, if you *HAVE* to write kernel-level code, that you take *EVERY* step to ensure it *NEVER* messes with *ANYTHING* but the data it is *DESIGNED* to handle. And you *DEFINITELY* don't want to allow unauthorized access to this kernel-level code, *that is asking for all the trouble in the universe.*
@@kevikiru the "reason" they use a kernel level scan is because if an external process is injecting itself into processes, and then passing on legitimate calls, it's somewhat undetectable by the host process. A game side detection method is easier to bypass. On the other hand, it's also limited to the user space for exploits.
it's hilarious as long as noone gets hurt. what people need to realize is that we're one loose pointer away from a crowdstrike level event happening to the pc gaming community
The moment the text "trigger bot" in game chat was mentioned I was struck with a flashback of some 15 year old discussion where someone theoretized that PunkBuster could get people needlessly banned if they simply received the same text strings PB was identifying cheats with in a messaging program. A more understandable issue when scanning around the whole system, you don't know where some text originated from or if word.exe is legit or cheats. But when scanning YOUR OWN GAME PROCESS?? That's the one thing in memory they actually have control over...
When I had learned that PunkBuster was doing that, it suddenly made sense to me why PB bans weren't worth anything back in the day, since they were constantly being revoked. This is an embarrassment that companies are still doing this.
This reminds me of tricks that were used back in the dialup days. Send AT commands in hex strings and it'd cause people's modems to do weird stuff, including but not limiting to hanging up, waiting a bit, and dialing a different number as specified by the one sending the command.
So, it's 'startkeylogger' from the golden IRC-Age all over again (nod to 'Norton Anti Virus ') The 'security software' industry has an extremely flat learning curve, as it seems.
what's even the point of it running at kernel level if it's just reading the game's memory to look for signatures and not checking if another process is doing something??? genuine question
It's another one of those development cost issues. Examining a process and determining what it's doing is likely a complex software problem. On the other hand, it's cheap and easy to just scan everything for a signature hit and double down on cheating allegations because the software is law. There were various ways to hide a process on older versions of windows and newer versions have isolation modes, so my guess is they're simply using kernel mode to get around those limitations.
Not sure how Ricochet works, but from what I know, a core part of Anti-Cheat software is to check all input sources to make sure a user isn’t using, for example, a joystick while pretending to play with a Keyboard and Mouse, or prevent unsigned drivers from being used in the game. It also needs to monitor system calls to check for weird behavior.
Activision banned me from playing Modern Warfare using the Battlenet Client 1-2 months ago. Purchased back in 2019 It was a clean installation. No cheat used or something that could modify the game files. I played a few matches and then quit. 5 hours or so later. I got an email from Activision saying that I was permanently banned. Tried to appeal. Could only type 1000 characters. What a joke. But was talking to deaf ears and got the final email stating, that the decision was final. Their "security team" had reviewed my case. They have reviewed shit and nothing. Is the first time I have got banned for just playing the game, just as anyone else does. The matches I played was also normal, and nothing abnormal with them. I will never buy another call of duty title after this. 60$ dollars lost and a lost game. Still til this day, I have recieved no unban and no justice. Trust me, If I did something shady. I will own it and move on. But this is just pathetic from Activision. I'm 100% sure I'm not the only victim, and we most likely will go unnoticed. I hope everyone thinks twice before purchasing another Call of Duty title. You don't think It can happend to you, but It can. All I can do now, is to never buy another activision title, and stay away from their anti cheat.
You aren't alone. It's the most idiotic "anti-cheat" and handling of appeals for unjustified bans that I've ever seen. Money down the drain and a permanent mark on the account 4 years ago. Neither Activision nor any other company associated with Activision will get my support ever again.
It's funny that Valve gets hated for being one of the few developers that are actively against kernel-level anti-cheats. They are simply thinking ahead of everybody else with their AI model concept as a server-sided anti-cheat
Developers: *Keep putting invasive kernel-level anti-cheat in their games.* Us players: _"How many times do we have to teach you this lesson old men!?"_
A similar thing happened with Vangaurd way back when it was first introduced. You could send an image in a discord chat appended with a known detected cheat vector at the end of the image data, and anybody who viewed the image while Vanguard was installed would get flagged and banned since it would just indiscriminately scan memory. Great times
The scariest part about all this to me is how easy it's been in some games in the past for cheat devs to find ways to inject data into /other players/ games, not just through chat. Look at the pro players who had literal aim-hacks forced onto them remotely by a known hacker during a major tournament for APEX Legends like half a year ago. That kind of vulnerability happening in a game with kernal anti cheat could cause cheat devs to build features that target ban other players by causing them to appear to have certain strings like this inside their memory beyond the "expected" places like chat, even if the kernel anti cheat was /correctly/ scanning and didn't have the bug featured in this video.
@@jpr4232 So, along with the recently banned accounts being reversed, multiple streamers have reported that their _previously_ banned accounts going back several years _(including accounts legitimately banned for cheating)_ have also had access restored out of the blue. Now I'm no programmer, but simple logic tells me that if Activision are unbanning accounts that they _CORRECTLY_ detected cheats on 6, 8, 12 or more months ago, Ricochet is a disaster waiting to happen. And the kicker is that Activision has been proudly pushing back on unfairly banned _paying_ customers for _years_ saying _"there is no such thing as a false perma-ban."_ I suspect that they just don't have the infrastructure built to track & manage ban events with enough granularity to review, isolate & correct errors... ie. Risk Management 101.
What I find most offensive about this, is that they asked for kernel level access to do CTRL+F. I’d expect a higher sophistication from a Kernel Anti-Cheat than this naive approach to perma banning.
That's not how it works. The message isn't stored within COD memory while you're typing it out, it's stored in a separate string buffer which is then directly sent to the recipient.
@@karlp2277 I don't think we got the full story on how it's being done.bfor example it says "send a friend request or..." How will sending a friend request get anyone banned?
Conflicted: I want you to show how bad kernel level anti-cheat is. But I don't want kernel level anti-cheat software to improve. It's such a fundamentally bad idea to have kernel level anti-cheat, period.
Could you do a video explaining how DRM works and why it is so complex to bypass? This could link to online shows, games etc. Might be a good topic for a security video.
asymmetric keys. example, there are two keys signed by HP, one is being used in their printers and the second one is being used on their ink cartridges and they are used to check on each-other. if the printer key does not align with the cartridge key, it's an invalid cartridge. and you can't generate those keys since they need to be signed by HP. that's the basics, you can over-engineer this as much as you want to make it invulnerable.
@@kkuribohSay, there should be a code block that should always return a 'true', a number, or anything that makes the program run after the checks Can't someone just, bypass all that? The only way I could think of protecting everything is to actually cypher the program bytes with the key so it's valid when decoded
@@mystcat3That's how some software cracks work, but DRM makers like to reduce performance through slow and obfuscated encryption/decryption of game assets, and multiple hidden calls to phone home and other nasty stuff.
Windows is not android Apk app mod is yes signature changed . In windows the game still original and cheat tools inject without modding the game installer
@@alexandergabadze2361 xX_momthumper_69420_Xx sent you a message: *"WALLHACK CHEATER KYS!!!"* alexandergabadze2361 has been permanently banned xX_momthumber_69420_Xx to rest of game: "Git rekt, scrub! DEATH TO WALLHACK CHEATERS!!!" xx_momthumper_69420_Xx and 8 others have been permanently banned xX_momthumber_69420_Xx to himself: "... oops."
Same thing happened to PunkBuster back in the day. But back then PB was scanning all of your memory. So people were spamming the signatures into Counter Strike IRC channels and getting people kicked from games…. The more things change, the more they stay the same…
@@nordgaren2358 oh thanks i didn't think about that. but why would they do such a thing getting people banned just speaks on their trustworthiness, and all for nothing.
was waiting on your take on this. would have been interesting if whispers or squad messages affected more than the targeted persons and reveal some more shoddy programming
So, what, if anything is stopping anyone from using screen capture and AI to implement software based hardware control and auto-aiming? That never touches the COD memory.
Mainly, how slow AI runs Except stuff like YOLO, most image processing AIs take too long to identify images, so they wouldn't be able to act in time based on the images
This is already done but not with "AI". There are mice with firmware level scripts for spray control, or hardware/firmware level macros that allow you to do certain things no humans could do (super human timing, etc.) Of done right those are very hard to detect.
@@user-zz6fk8bc8u that's kind of my point. If ricochet is detecting only cheats that access COD memory, then all anyone needs is a cheat that doesn't do that. I've only ever played CODM, but I quit a few months ago because it's either full of aimbots, or I suddenly sucked in ways that I never sucked before. Either way, it was too frustrating.
Client-side anticheat is rubbish anyway. Never trust the client with anything important. Validate all input server-side, client should be only responsible for rendering images and UI.
The fact that a simple string-based exploit caused widespread bans is a huge red flag, and it does raise questions about the robustness of other parts of the system
Back in the day punk buster had this same issue. You could send someone a message on any messenger , including IRC, with a memory address. If it was running in the background while they were playing it would get them busted. This also worked for games that used it with PM systems. The anti cheat that gunbound and Ragnarok online had the same issue but it was a specific text phrase that got you hit because it was a hard coded check to make sure the system was working. You could go into town square in RO and say the phrase. It would lead to everyone, including GMs, getting banned. Finally EAC had the same thing and was patched out in around 2017. However, that patch also counted RGB software as cheats. So if you used any RGB software to manage your system EAC would ban you. This also included razor and Logitech RGB.
Accusing some one falsely, and creating a loss is no small beer. Imagine the same quality of code running at the tax office or your bank. Oh wait, that already is the case...
Sounds like another Crowdstrike on the way. @4:30 Hmmmm maybe they are using a Crowdstrike service with their filter rules to detect the cheats and it's just looking across the whole apps memory space? So they have little control over the scanned range.
PunkBuster used to do kinda something like that, it scanned all memory regions of all running programs, seeking patterns. And then someone found out and posted an offending string to popular IRC channels. Good times.
@@bulletflight Yes, I watched video about it how money grab policy became disgusting to those devs who used to make good games and who sincerely wanted to make good game and not money grabs so they just went to other companies that are more customer friendly.
So does it also mean that if someone renames the triggerbot software into cauliflower, then the super advanced, kernel level anti-cheat software cannot recognize it?
1) There's an argument for hardware requiring drivers to install something at the kernel level. There is no argument _ever_ for any piece of software to do so. None. 2) Anti-cheat has never worked and will never work. Let users run their own server, force clients in to a reliable identifier for online interaction, and let users handle banning bad actors from their own online servers.
That's not a bug. It's a breach of privacy everyone saw problematic. Like if any official party did this outside gaming, it would be a huge legal issue. Scanning your computer deeply and permanently banning someone for a word is exactly the dystopia people have wanted to avoid and why the laws about privacy in EU are so tight.
Nothing new here. When I was young and playing Counter-Strike 1.6, which was like a million years ago, there was one anti-cheat program that checked for many hack names in the memory. I remember that if I joined a server with a name that matched one of the banned strings, it would instantly ban all the players in the serve, It was hilarious, and I would often join servers with a blacklisted hack name just to see everyone get banned immediately :D
LL, how do you feel about games running in an SEV-enabled VM with some sort of passthrough for the GPU and TPM protection from modification, or some similar solution? Each game gets their own VM image (could just be a diff from a base Windows). Hardware guarantees that the hypervisor can't read memory from the guest because it's encrypted. You can't modify the VM image due to TPM verification (maybe it would end up a little more complicated than that). SEV is only available on enterprise hardware (Epyc, I believe), but I think it might be useful to have trickle down to consumer for this reason.
Microsoft does this one the xbox one and up with Hyper-V pretty neat stuff. I believe kernel access should be restricted to programs that give access to hardware such as your GPU or networking card, *NOTHING* else.
The requirement to apply for a job at Activision must be; 1- Ability to dress up in the morning without the help of your parents 2-Must be having a face (that is to have your picture printed on your badge)
So, Ricochet is reading the memory and based on that it can ban you or (i dont know if this is a thing) flag your account. So any injection in the game code, through ricochet, can only do these two things lets say? The big trouble is really only if ricochet code is compromised. So, the engineers who wrote it may have mapped out their threat factors and with the comfort of knowing that as long as the Ricochet code can only make two things happen, and the development pipeline is secure, a silly harmless bug was introduced. In summary, the engineers took care of everything where a real threat could lie and made a silly omission - or so we can hope.
Bugs like this are insane as they commit criminal offenses against players. They take their legitimate access away due to extremely bad software design. Those developers should be personally accountable for the financial damage they cause for essentially stealing accounts from innocent players.
Moraly speaking it's true, but legaly they give you access as they want, because it's written in the TOS that they reserve the right to cut the service at any time... They could even say "I don't like you without any reason and I ban you from my game" and it would be legal. Welcome to liberal capitalism.
@@pierrotA Depends on the country you are in. In parts of Europe banning people for something they didn't do is an offense. Unfortunately those offenses have no consequences for the offenders except that they are required to restore access. In the US this might be completely different tho.
Moving certain code, such as anti-cheat systems or EDR software, from kernel mode to user mode can reduce the risk of bugs and vulnerabilities. However, it also exposes that code to greater threats from other user-mode applications. Many EDR tools that operate in user mode, particularly those monitoring API calls, inject a DLL into each process to "hook" specific Windows APIs. This allows the EDR software to inspect the API call's arguments before passing control back to the original Windows API. Although these solutions often include some kernel-level monitoring, the user-mode hooks can frequently be bypassed. Attackers can invoke the original Windows API directly by accessing it through various methods, such as loading the DLL from disk, inspecting the executable's import table, or querying the DLL's export table. This only requires modifying the process's own memory, at most! A similar issue arises with user-mode anti-cheat software. While I don't know much about their mechanisms, if the majority of the protection resides in user mode, it becomes vulnerable to manipulation by external processes, potentially allowing attackers to bypass its safeguards.
@@nordgaren2358 I think anti-cheat code has bigger argument on why it is on kernel. In case of the EDR, the attacker is some user process, but in case of anti-cheat the attacker is the user controlling the system, which can kill any process or unload any DLL that tries to check for signatures in game's memory if it was in user mode instead of kernel.
@@aymensekhri the attacker isn't always just some user process. It wasn't in Eternal Blue. Anticheat has less of a reason to be there. EDR has all the reason to be.
Oh neat. It's a remote denial of service attack that might be present in ant-virus too. Can you imagine if they add a module that starts scanning your computer for "illegal speech"
Now if they're this rudimentary about detecting it, imagine how shoddy the rest of the anticheat must be. Security exploits to gain kernel level access galore!
Blizzard banned a bunch of Linux users at least once while I worked there, because some Linux dll had the same name as a cheat dll and that's all that was being checked. EDIT: For the Linux apologists that seem to be coming out of the woodwork, yes it was technically a “Wine” DLL, but since that has no use outside of Linux, it’s a DLL that’s used for Linux and the “technicality” doesn’t change the fact that only Linux systems are impacted by that DLL.
Blizzard perma banned my overwatch account for cheating except I never cheated. It was an 8 year old account that was from day 1 of overwatch 1 release with thousands of hours on it. I never even had warnings on the account before it was randomly permabanned. Of course any attempt to reach customer service was met by automated responses. Fuck that company. I had been purchasing blizzard content for 20 years now ill never send them another penny. Worst of all if I actually WAS a cheater I'd just make a new account because it's f2p, now I simply don't play it anymore.
haha anyway if you want to learn to code check out my courses at lowlevel.academy (on sale)
@LowLevel-TV
I really wish the slop at the center of Windows would stop conflating itself with real modern operating systems by calling itself a kernel.
Please do a video on DMA cheats using DMA cards.
If you’re gonna cover news at least cover the news, the entire time I sat there hoping you’d cover more of the article, especially where it was claimed thousands were effected. Instead I got almost pure editorial. Damn waste of time….
Ricochet is deliberately crap, they know AC on PC is a waste of time in 2024, so instead of leaning away back towards locked-bootloaders (eg Xbox Playstaion) where ESP hacks are impossible as are DMA, they figure they(M$) will lean into making the sheep pay for their own hardware because they have their eyes on steam.. That's why COD on Xbox doesn't let you disable cross-play, PlayStation can but watch that go bye-bye when their SLA expires and then gaming will be all but ruined forever... well the old days of (mostly) fair Skill-Based Multiplayer gaming anyways
Did the banned players from this event get unbanned?
Sounds like the kind of engineers I want running kernel-mode code on my machine. I'll stick with my Doom community projects, thanks.
Yeah, thanks but no thanks, Windows has had it's day, it's time for GNU/Linux Gentoo to take over the wheel. (PS. Never would I allow this garbage to be installed on my system, fuck that)
@@Siim-m8r nice bait
Unfortunately, they'll move all the games to android with its locked down ecosystem. People need to vote blue, but also speak up and send messages to all their representatives. The party that has backed consumer rights so far is our only hope. The republicans want to stop things like wikipedia and the internet archive. If a rich moron is not making all the money, it's not allowed.
Legislation could put a stop to unloackable bootloaders, no source access to block flexible use of hardware you paid for, and this low level spying on your device over a video game. Devs need to figure things out without resorting to this unacceptable level of intrusion. It is like having a camera in your toilet that someone else controls without you ever being told about it. All to play a video game. It makes zero sense.
If we don't vote for freedom now, drm laden OSes will control all the content with ever rising fees for less and less content. Execs will do what they always do and squeeze everyone around them. Rich vs poor is real and its all the rich people doing it. Musk will have spent over a billion dollars on this election and his goal is to take away your rights while making rich people immune to laws like an oligarch or a high level ccp member.
@@Siim-m8rYou quite literally have no clue what you’re talking about kiddo
Congratulatuons, folks. Enjoy your linux
when you lied on your resume and now you have to make an anticheat program with code you copied from stackoverflow:
My friend Kevin did this one time
That's really funny, because i remembered funny times in Lineage 2 when you could ban LITERALLY THE ENTIRE SERVER by chatting "UOPilot" in the world chat. (UOPilot being the scripting engine that can help you to automate some of the grind). Anticheat of the game saw "UOPilot" in memory of the game's process and instantly banned you.
Funny part here is that it was happening 10-15 years ago.
And here we are, as you said, AAA and AAAA anticheat devs cant evade stepping on the same old rake.
Instantly hearing Kelsey Grammer
People don't learn.
Doesn't have to do with cheating but same stupidity:
Heroes of the storm hadn't a functioning report system. Toxicity spiraled out of control, it was brutal.
They admitted that they didn't had a functioning report system and then fixed it.
Couple of years later: The exact same thing in Overwatch and the same procedure.
Both from Blizzard btw
Ah good old surveillance -states- games, taking away your freedom to do what you want in exchange for supposed entertainment!
@@iwakureal - Good games make it optional, where if you don't use anti-cheat there's still single player and private servers.
@@iwakureallearned from the best. Ah, the Romans lol😂
Step 1) Make all users agree to TOS including forced arbitration.
Step 2) Make all users give your program Kernal level access to their PC.
Step 3) "Forget" some key safety measures that protect your users personal information and private data.
Step 4) ??????
Step 5) Profit.
Step 4) Spy on users every activity because KLAC doesn't shut down after user turns off the game.
Step 4) Mine crypto in the background in kernel mode.
Step 6) Lawsuits are now illegal so you never face any consequences for your cybercrime!
"There will be no cheaters, if we'll ban all players"
- Activision
P. S. No more likes, 666 is perfect. If you break it, you're python developer.
P. S. Foukin python developer, you broke it.
"There will be no acti, if we fuck with the vision"
"the most secure computer is one that's permanently off"
Call of doodie am I right?
"Acti-vate all kill bots, kill all players!" "Game Over!" heh
Someone made it 667 😭😭
How is it possible that an anti-cheat tool can permanently banning accounts, robbing people of something they legitimately paid for, based on such a flawed logic (or even total lack thereof)? That isn't just stupid, that is outright criminal. Companies deeming it acceptable to integrate such tools in their product should be held fully responsible.
ToSes are usually like 'we can ban you for any reason and don't have to explain what the reason is'.
@@PatashuAnd no one reads them or thinks "I don't do anything criminal, that won't hjt me anyway."
Like our legal system where there are people who say "We don't need privacy, I don't do anything wrong. they can see what I do." But our system can have flaws same as an anti-cheat and your friend sends you a chat in which president and b0mb occur randomly and some secret service scan puts you on a list.
Its really a consumer rights issue but gamers in general would chop off their own legs if they thought a cheater somewhere was getting banned.
isn't enforceable in the EU, but the player has to sue@@Patashu
Have fun risking thousands of eurodollarbucks worth of money and working for dozens of hours out of pure spite.
What baffles me the most is that CoD has like a 2 decade history of people just throwing verbal abuse and cheating accusations left and right, so the memory region with chat messages would be like the first place to think about when designing an anti-cheat and where to disable its checks, no?
But if there's a region of memory that's safe from scrutiny, wouldn't you design your cheating software to use that region? It's an arms race.
You think that any developers working on CoD have any knowledge of CoD history? They’re all outsourced third party folks
@@Wielkimati Well, no, because them the chat is a possible vector of attack. What we're seeing here is the big inherent flaw of intrusive external anticheats, there's too many false positives and it's still not an ironclad wall.
The solution is designing the code for security and having the anticheat be part of the code base itself, something as simple as server-side checks. But no one's going to bother with that now, are they?
I just stick to older games now. Modern gaming is a massive joke. "Yeah guys, let's diminish all our privacy and security and hand complete control over to a game's software so that we can play another bottom tier game with 0.0001% less cheaters!"
This. And games 5-10 years ago are running generally butter smooth on today's computer and are dirt cheap. Sounds like a win win win situation to me.
Doubt act🎉ivion cares
@@RottenMuLoT fun fact: if you run a modern game where you can blow up a barrel, you can physically feel the heat coming out of your GPU whenever you do so.
The only purpose of many modern games is to just sell microtransactions as well.
An anti-cheat running on kernel mode is a nice way to greatly increase an attack surface.
They turned the Scunthorpe problem into a method of digital assassination.
Wouldn't have thought to hear about the Scunthorge problem again ever - feels like so few know it.
10/10. :D
Wow, there is no reason for this kind of language! You could have at least said S****horpe instead!
Thank you! I had to look it up, learn what it was :) I didn't know there was a name for this kind of thing. Some of the examples in Wikipedia are hilarious!
I miss Tom Scott :(
Did you mean digital buttbuttination?
Yeah, that is the same reason I am against kernel level anti cheats. You can't trust specialized security companies like Crowdstrike with kernel access and you can definitely not trust random game companies with access to your kernel, even if it doesn't get used by bad actors it leaves plenty of room for companies wanting money to abuse the access you agreed to to play their game.
So do you run each of your game under its own user and never grant the game's installer elevated privileges without first reverse-engineering it and checking what it does? Kernel level drivers are primarily a security problem, but from a privacy standpoint, it's not a night and day difference unless you go out of your way to manually isolate everything, which no one does. And those who do wouldn't use that PC to play games.
@@hovnocuc4551 no. I just don't play games that act as malware.
@@hovnocuc4551no, you check what anticheat the game uses (if any, they're not mandatory) and if it runs outside userspace you play something else and don't install it, stop bikeshedding.
@@hovnocuc4551 i have made a quick bash script to start all my games in their own wine instance, while also being isolated. I wish more people did this because it wasnt really that hard to do.
im still working on polishing it, but it works well enough for me and my games.
@@hovnocuc4551
The issue isn't that kernel-level anti-cheats can destroy your privacy (although with kernel-level access, they definitely could). It's that they could do stuff that either destabilizes your system or, worse, corrupt your OS in such a way as to brick it, potentially rendering all of your data inaccessible indefinitely.
This is why, if you *HAVE* to write kernel-level code, that you take *EVERY* step to ensure it *NEVER* messes with *ANYTHING* but the data it is *DESIGNED* to handle. And you *DEFINITELY* don't want to allow unauthorized access to this kernel-level code, *that is asking for all the trouble in the universe.*
And this is why I don't want kernel level anti cheat on my system.
It would also be a problem if it was game level, it would still ban you because it seems the chat is part of the game. Am I wrong?
@@kevikiruyou‘re not these people probably didn’t watch the video lmao
@@kevikiru it’s not the specific code that is the problem. it is the level of care and attention given to what they put into the kernel.
@@zarakiyt4758 If they made this rookie mistake, what _else_ did they do wrong?
@@kevikiru the "reason" they use a kernel level scan is because if an external process is injecting itself into processes, and then passing on legitimate calls, it's somewhat undetectable by the host process. A game side detection method is easier to bypass. On the other hand, it's also limited to the user space for exploits.
"Use your player base as a botnet" I'm literally dying 🤣🤣🤣
it's hilarious as long as noone gets hurt. what people need to realize is that we're one loose pointer away from a crowdstrike level event happening to the pc gaming community
But the PC gaming community isn't as important as infrastructure
@@nordgaren2358 no its bigger than you think alot biggger
He said important
indeed
@@nordgaren2358 Sure but it could still be hundreds of thousands of people getting ID thefted / PCs bricked
The moment the text "trigger bot" in game chat was mentioned I was struck with a flashback of some 15 year old discussion where someone theoretized that PunkBuster could get people needlessly banned if they simply received the same text strings PB was identifying cheats with in a messaging program.
A more understandable issue when scanning around the whole system, you don't know where some text originated from or if word.exe is legit or cheats.
But when scanning YOUR OWN GAME PROCESS??
That's the one thing in memory they actually have control over...
When I had learned that PunkBuster was doing that, it suddenly made sense to me why PB bans weren't worth anything back in the day, since they were constantly being revoked. This is an embarrassment that companies are still doing this.
3:26 Bro created an overflow without doing any code
Essentially they recreated a medieval justice system, where a single accusation from one trusted witness could get you... permabanned.
This reminds me of tricks that were used back in the dialup days. Send AT commands in hex strings and it'd cause people's modems to do weird stuff, including but not limiting to hanging up, waiting a bit, and dialing a different number as specified by the one sending the command.
oh no. i need to know more. *grabs popcorn*
So, it's 'startkeylogger' from the golden IRC-Age all over again (nod to 'Norton Anti Virus ')
The 'security software' industry has an extremely flat learning curve, as it seems.
Users should be able to sue for false bans. This could be a huge loss in wages and reputation which is a big deal these days.
In the EU, they probably can. If they can afford enough lawyering for a lawsuit, and decline any settlement offers.
what's even the point of it running at kernel level if it's just reading the game's memory to look for signatures and not checking if another process is doing something??? genuine question
It's another one of those development cost issues. Examining a process and determining what it's doing is likely a complex software problem. On the other hand, it's cheap and easy to just scan everything for a signature hit and double down on cheating allegations because the software is law. There were various ways to hide a process on older versions of windows and newer versions have isolation modes, so my guess is they're simply using kernel mode to get around those limitations.
Not sure how Ricochet works, but from what I know, a core part of Anti-Cheat software is to check all input sources to make sure a user isn’t using, for example, a joystick while pretending to play with a Keyboard and Mouse, or prevent unsigned drivers from being used in the game.
It also needs to monitor system calls to check for weird behavior.
Activision banned me from playing Modern Warfare using the Battlenet Client 1-2 months ago. Purchased back in 2019
It was a clean installation. No cheat used or something that could modify the game files. I played a few matches and then quit. 5 hours or so later.
I got an email from Activision saying that I was permanently banned. Tried to appeal. Could only type 1000 characters. What a joke.
But was talking to deaf ears and got the final email stating, that the decision was final. Their "security team" had reviewed my case.
They have reviewed shit and nothing.
Is the first time I have got banned for just playing the game, just as anyone else does.
The matches I played was also normal, and nothing abnormal with them.
I will never buy another call of duty title after this. 60$ dollars lost and a lost game.
Still til this day, I have recieved no unban and no justice. Trust me, If I did something shady. I will own it and move on. But this is just pathetic from Activision.
I'm 100% sure I'm not the only victim, and we most likely will go unnoticed.
I hope everyone thinks twice before purchasing another Call of Duty title. You don't think It can happend to you, but It can.
All I can do now, is to never buy another activision title, and stay away from their anti cheat.
You aren't alone. It's the most idiotic "anti-cheat" and handling of appeals for unjustified bans that I've ever seen. Money down the drain and a permanent mark on the account 4 years ago. Neither Activision nor any other company associated with Activision will get my support ever again.
Class action lawsuit
tbf cod is such a slop you shouldn't be buying it even w/o this anti-cheat fiasco
Techno feudalism this is. Yes mi-lord. Thank you mi-lord.
In those 100 characters, you should have message them "Nice Trigger Bot dude!" to crash their banning network. lol
Makes me wonder what Ricochet's K/D ratio is...
@@makebreakrepeat It's 0 now. They unbanned everyone that has ever been banned.
It's funny that Valve gets hated for being one of the few developers that are actively against kernel-level anti-cheats. They are simply thinking ahead of everybody else with their AI model concept as a server-sided anti-cheat
>allows remote kernel level triggering
"It's perfectly safe guys"
Developers: *Keep putting invasive kernel-level anti-cheat in their games.*
Us players: _"How many times do we have to teach you this lesson old men!?"_
without even trying, no less.
Stop paying for software that the publisher can take away from you. Simple.
Love to see everyone adopting the Pirate Software MS paint meta
A similar thing happened with Vangaurd way back when it was first introduced. You could send an image in a discord chat appended with a known detected cheat vector at the end of the image data, and anybody who viewed the image while Vanguard was installed would get flagged and banned since it would just indiscriminately scan memory. Great times
The scariest part about all this to me is how easy it's been in some games in the past for cheat devs to find ways to inject data into /other players/ games, not just through chat. Look at the pro players who had literal aim-hacks forced onto them remotely by a known hacker during a major tournament for APEX Legends like half a year ago. That kind of vulnerability happening in a game with kernal anti cheat could cause cheat devs to build features that target ban other players by causing them to appear to have certain strings like this inside their memory beyond the "expected" places like chat, even if the kernel anti cheat was /correctly/ scanning and didn't have the bug featured in this video.
What happened to the banned players? How do you rectify an anti-cheat doing its job wrong?
Sometimes manually by hand unfortunately.
they have to appeal and have a person review it and HOPe thye get unbanned
DELETE from bannedtbl WHERE date > (when bug was introduced);
@@jpr4232 So, along with the recently banned accounts being reversed, multiple streamers have reported that their _previously_ banned accounts going back several years _(including accounts legitimately banned for cheating)_ have also had access restored out of the blue.
Now I'm no programmer, but simple logic tells me that if Activision are unbanning accounts that they _CORRECTLY_ detected cheats on 6, 8, 12 or more months ago, Ricochet is a disaster waiting to happen.
And the kicker is that Activision has been proudly pushing back on unfairly banned _paying_ customers for _years_ saying _"there is no such thing as a false perma-ban."_ I suspect that they just don't have the infrastructure built to track & manage ban events with enough granularity to review, isolate & correct errors... ie. Risk Management 101.
What I find most offensive about this, is that they asked for kernel level access to do CTRL+F. I’d expect a higher sophistication from a Kernel Anti-Cheat than this naive approach to perma banning.
Not saying they shouldn’t have these checks, but their method shows immaturity. Any cheat could easily avoid the words or obfuscate them.
@@Bry4nMWthere is likely more than one check, targeted at different "audiences"
If it didn't differentiate memory at all then it should also be possible to get banned just by typing it to send it to another player.
Lol
That's not how it works. The message isn't stored within COD memory while you're typing it out, it's stored in a separate string buffer which is then directly sent to the recipient.
@@themichaelconnor42 So you can't see what you typed yourself after you sent it?
Yea, but the people sending these messages probably have bypassed the anticheat on their end.
@@karlp2277 I don't think we got the full story on how it's being done.bfor example it says "send a friend request or..." How will sending a friend request get anyone banned?
3:11 dude get some ad blocker 🤦♂️
Crowdstrike flavoured kernel monitoring
the Genshin Impact Anticheat driver was used to distribute maolware. It was used to disable the antivirus, but who knows how else this could be used.
Conflicted: I want you to show how bad kernel level anti-cheat is. But I don't want kernel level anti-cheat software to improve. It's such a fundamentally bad idea to have kernel level anti-cheat, period.
Could you do a video explaining how DRM works and why it is so complex to bypass? This could link to online shows, games etc.
Might be a good topic for a security video.
asymmetric keys.
example, there are two keys signed by HP, one is being used in their printers and the second one is being used on their ink cartridges and they are used to check on each-other. if the printer key does not align with the cartridge key, it's an invalid cartridge. and you can't generate those keys since they need to be signed by HP.
that's the basics, you can over-engineer this as much as you want to make it invulnerable.
@@kkuribohSay, there should be a code block that should always return a 'true', a number, or anything that makes the program run after the checks
Can't someone just, bypass all that?
The only way I could think of protecting everything is to actually cypher the program bytes with the key so it's valid when decoded
@@mystcat3That's how some software cracks work, but DRM makers like to reduce performance through slow and obfuscated encryption/decryption of game assets, and multiple hidden calls to phone home and other nasty stuff.
That is a beginner mistake or lazy coding, the dev's need to be ashamed about that mistake 😒
So an anti-cheat engine named "Richochet" backfired? Oh, the irony.
Dang, this is like the tiananmen square copypasta for everyone else. Hilarious.
Very dumb way to check cheats, what a company. Disgusting. Thats why anticheat is not working.
Signature based detection is cheap, fast and easy. It will always be part of detection system.
@@MiesvanderLippe What signature?
I have an idea for them, ban if there is string 'WALLHACK' in memory.
Windows is not android
Apk app mod is yes signature changed .
In windows the game still original and cheat tools inject without modding the game installer
@@alexandergabadze2361
xX_momthumper_69420_Xx sent you a message: *"WALLHACK CHEATER KYS!!!"*
alexandergabadze2361 has been permanently banned
xX_momthumber_69420_Xx to rest of game: "Git rekt, scrub! DEATH TO WALLHACK CHEATERS!!!"
xx_momthumper_69420_Xx and 8 others have been permanently banned
xX_momthumber_69420_Xx to himself: "... oops."
Same thing happened to PunkBuster back in the day. But back then PB was scanning all of your memory. So people were spamming the signatures into Counter Strike IRC channels and getting people kicked from games….
The more things change, the more they stay the same…
Wouldn't they both get banned? Just wondering
Not if you're running a bypass for the anticheat on your side.
@@nordgaren2358 oh thanks i didn't think about that. but why would they do such a thing getting people banned just speaks on their trustworthiness, and all for nothing.
As a colorblind person, I feel like I'm back at university when you put green, red, and yellow text all on the same document.
was waiting on your take on this. would have been interesting if whispers or squad messages affected more than the targeted persons and reveal some more shoddy programming
This video is great. Hope you do more gaming content like this.
It's better to ban 100 innocent player rather than let 1 cheater go unpunished -activision probably 😂
comparing to colors is quite a clever way to explain this to an layman
So, what, if anything is stopping anyone from using screen capture and AI to implement software based hardware control and auto-aiming? That never touches the COD memory.
Mainly, how slow AI runs
Except stuff like YOLO, most image processing AIs take too long to identify images, so they wouldn't be able to act in time based on the images
Already happened
This is already done but not with "AI". There are mice with firmware level scripts for spray control, or hardware/firmware level macros that allow you to do certain things no humans could do (super human timing, etc.) Of done right those are very hard to detect.
@@user-zz6fk8bc8u that's kind of my point. If ricochet is detecting only cheats that access COD memory, then all anyone needs is a cheat that doesn't do that.
I've only ever played CODM, but I quit a few months ago because it's either full of aimbots, or I suddenly sucked in ways that I never sucked before. Either way, it was too frustrating.
Client-side anticheat is rubbish anyway. Never trust the client with anything important. Validate all input server-side, client should be only responsible for rendering images and UI.
The fact that a simple string-based exploit caused widespread bans is a huge red flag, and it does raise questions about the robustness of other parts of the system
Back in the day punk buster had this same issue. You could send someone a message on any messenger , including IRC, with a memory address. If it was running in the background while they were playing it would get them busted. This also worked for games that used it with PM systems.
The anti cheat that gunbound and Ragnarok online had the same issue but it was a specific text phrase that got you hit because it was a hard coded check to make sure the system was working. You could go into town square in RO and say the phrase. It would lead to everyone, including GMs, getting banned.
Finally EAC had the same thing and was patched out in around 2017. However, that patch also counted RGB software as cheats. So if you used any RGB software to manage your system EAC would ban you. This also included razor and Logitech RGB.
Accusing some one falsely, and creating a loss is no small beer. Imagine the same quality of code running at the tax office or your bank. Oh wait, that already is the case...
it's a feature, it's a chatbot that if you mention cheating, everyone gets banned 😂
Sounds like another Crowdstrike on the way.
@4:30 Hmmmm maybe they are using a Crowdstrike service with their filter rules to detect the cheats and it's just looking across the whole apps memory space?
So they have little control over the scanned range.
Oh yes!
PunkBuster used to do kinda something like that, it scanned all memory regions of all running programs, seeking patterns. And then someone found out and posted an offending string to popular IRC channels. Good times.
How come the person sending the message doesn't get the same issue?
The security of your computer is more important than the sanctity of your game.
Not the first time this has happened. PunkBuster fell victim too many years ago (early CoD and other games) , plain text or hex
incredible cut at 2:09
it's (or was i guess) funny how a malware that runs in Kernel mode got destroyed by an exploit
That actully so funny eveyday i shock more on how these big companies fall into these stupid mistakes
Great video Mr. Learning.
Activision back in the day: makes banger games
Activision now: fails in basic software architecture design due to sheer, unadulterated laziness
The good developers with 20 years of experience have been headhunted by consulting companies. They've been left with the interns and fresh graduates.
@@bulletflight Yes, I watched video about it how money grab policy became disgusting to those devs who used to make good games and who sincerely wanted to make good game and not money grabs so they just went to other companies that are more customer friendly.
My guy reppin lil rhody. Big ups!
kernel antic is largely to prevent people from reskinning locally cause they charge for skins as mtx lol
So does it also mean that if someone renames the triggerbot software into cauliflower, then the super advanced, kernel level anti-cheat software cannot recognize it?
Imagine setting your name to triggerbot 😂 and ban every lobby you join ... i guess you would be banned first though 😅
This is objectively funny
I use sponsor block and it flagged your mention of the Ford f150 as an ad read 😂😂😂
HA
@@portobellomushroom5764 SponsorBlock doesn't flag anything itself, the segments are user-created.
1) There's an argument for hardware requiring drivers to install something at the kernel level. There is no argument _ever_ for any piece of software to do so. None.
2) Anti-cheat has never worked and will never work. Let users run their own server, force clients in to a reliable identifier for online interaction, and let users handle banning bad actors from their own online servers.
I appreciate the irony of an anti-cheat system named Ricochet getting the wrong target.
would be fun to pwn all kernel mode anti cheats, and troll them til they give up their scummy practices
Can we talk about how smooth that twitch ad for his channel was
That's not a bug. It's a breach of privacy everyone saw problematic. Like if any official party did this outside gaming, it would be a huge legal issue. Scanning your computer deeply and permanently banning someone for a word is exactly the dystopia people have wanted to avoid and why the laws about privacy in EU are so tight.
Nothing new here. When I was young and playing Counter-Strike 1.6, which was like a million years ago, there was one anti-cheat program that checked for many hack names in the memory. I remember that if I joined a server with a name that matched one of the banned strings, it would instantly ban all the players in the serve, It was hilarious, and I would often join servers with a blacklisted hack name just to see everyone get banned immediately :D
LL, how do you feel about games running in an SEV-enabled VM with some sort of passthrough for the GPU and TPM protection from modification, or some similar solution? Each game gets their own VM image (could just be a diff from a base Windows). Hardware guarantees that the hypervisor can't read memory from the guest because it's encrypted. You can't modify the VM image due to TPM verification (maybe it would end up a little more complicated than that).
SEV is only available on enterprise hardware (Epyc, I believe), but I think it might be useful to have trickle down to consumer for this reason.
So it's a feature that does not exist on consumer-grade hardware, and you propose that as a solution.
like how dumb are you?
If the firmware of this GPU is not write protected, you will have a huge whole in your VM sandbox (and yes, passtrough is dangerous)
Microsoft does this one the xbox one and up with Hyper-V pretty neat stuff. I believe kernel access should be restricted to programs that give access to hardware such as your GPU or networking card, *NOTHING* else.
@@homework8969Tbh, the consoles use custom hardware, so they likely have virtualization features similar to NVIDIA MIG built right into the GPU.
@@tablettablete186 Yeah the second paragraph was something else, sorry.
The requirement to apply for a job at Activision must be; 1- Ability to dress up in the morning without the help of your parents 2-Must be having a face (that is to have your picture printed on your badge)
“Ricochet” more like deflecting the ban bullets
This is kind of stuff you get in end-game enshittification
"How many Kernel-level Antichrat can we fit in a computer?"
Let me know later, anticheat makers. Thanks
So, Ricochet is reading the memory and based on that it can ban you or (i dont know if this is a thing) flag your account. So any injection in the game code, through ricochet, can only do these two things lets say?
The big trouble is really only if ricochet code is compromised. So, the engineers who wrote it may have mapped out their threat factors and with the comfort of knowing that as long as the Ricochet code can only make two things happen, and the development pipeline is secure, a silly harmless bug was introduced.
In summary, the engineers took care of everything where a real threat could lie and made a silly omission - or so we can hope.
Bugs like this are insane as they commit criminal offenses against players. They take their legitimate access away due to extremely bad software design. Those developers should be personally accountable for the financial damage they cause for essentially stealing accounts from innocent players.
Moraly speaking it's true, but legaly they give you access as they want, because it's written in the TOS that they reserve the right to cut the service at any time...
They could even say "I don't like you without any reason and I ban you from my game" and it would be legal.
Welcome to liberal capitalism.
@@pierrotA Depends on the country you are in. In parts of Europe banning people for something they didn't do is an offense. Unfortunately those offenses have no consequences for the offenders except that they are required to restore access. In the US this might be completely different tho.
I wish we've had this back when the screaming-14-year-old stereotype was far more common. It'd be so much easier to just clear them out XD
I think same exact thing is in GTAO with their new anticheat. People typed in chat something like "Invincible Vehicle" or "Godmode" and game hangs 😂
Moving certain code, such as anti-cheat systems or EDR software, from kernel mode to user mode can reduce the risk of bugs and vulnerabilities. However, it also exposes that code to greater threats from other user-mode applications. Many EDR tools that operate in user mode, particularly those monitoring API calls, inject a DLL into each process to "hook" specific Windows APIs. This allows the EDR software to inspect the API call's arguments before passing control back to the original Windows API. Although these solutions often include some kernel-level monitoring, the user-mode hooks can frequently be bypassed. Attackers can invoke the original Windows API directly by accessing it through various methods, such as loading the DLL from disk, inspecting the executable's import table, or querying the DLL's export table. This only requires modifying the process's own memory, at most!
A similar issue arises with user-mode anti-cheat software. While I don't know much about their mechanisms, if the majority of the protection resides in user mode, it becomes vulnerable to manipulation by external processes, potentially allowing attackers to bypass its safeguards.
I think EDRe have a valid reason to run in the Kernel. Anticheats do not.
@@nordgaren2358 I think anti-cheat code has bigger argument on why it is on kernel. In case of the EDR, the attacker is some user process, but in case of anti-cheat the attacker is the user controlling the system, which can kill any process or unload any DLL that tries to check for signatures in game's memory if it was in user mode instead of kernel.
@@aymensekhri the attacker isn't always just some user process. It wasn't in Eternal Blue. Anticheat has less of a reason to be there. EDR has all the reason to be.
Scanning memory is the lazy way of doing anticheat. Validate all user inputs server-side. Do not trust the client, the client is an unreliable liar.
@@bulletflight it's not the lazy way. Memory scanning is s a valuable technique.
low level gaming
Oh neat. It's a remote denial of service attack that might be present in ant-virus too.
Can you imagine if they add a module that starts scanning your computer for "illegal speech"
Now if they're this rudimentary about detecting it, imagine how shoddy the rest of the anticheat must be. Security exploits to gain kernel level access galore!
they just needed an excuse to unban their bobby boy
1:37 - "You need this level of access" - uh, no, you don't, that's an easy way out and a never-ending battle at the _wrong battlefront_
Blizzard banned a bunch of Linux users at least once while I worked there, because some Linux dll had the same name as a cheat dll and that's all that was being checked.
EDIT: For the Linux apologists that seem to be coming out of the woodwork, yes it was technically a “Wine” DLL, but since that has no use outside of Linux, it’s a DLL that’s used for Linux and the “technicality” doesn’t change the fact that only Linux systems are impacted by that DLL.
@@Ilix42 Linux doesn't use DLLs.
Must've been too cold of a blizzard for a penguins
Blizzard perma banned my overwatch account for cheating except I never cheated. It was an 8 year old account that was from day 1 of overwatch 1 release with thousands of hours on it. I never even had warnings on the account before it was randomly permabanned. Of course any attempt to reach customer service was met by automated responses. Fuck that company. I had been purchasing blizzard content for 20 years now ill never send them another penny. Worst of all if I actually WAS a cheater I'd just make a new account because it's f2p, now I simply don't play it anymore.
@@eeroi6118 maybe they ment a wine dll?
@@adamruck Do you still play the game though?
Isn't this a problem with memory scannning and not specifically related to kernel mode ac?
shouldn't that also result in a perma ban of the person who send the message? it would be in their systems memory as well.
It would be nice to have a link to the artcile some where
Continuing the corporate tradition of taking a bad situation and making it much worse.
please link to the articles you are covering
Imagine sending a chat message in-game, ouch 😂
How is the sender exempt from this? Would that not be stored in their memory too?
Thumbs up for using the phrase "willy-nilly"!
The anti cheat really be like:
If memory strings contains (cheat | hack) then: ban player