Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed. Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it. Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.
Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed. Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it. Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.
He is wrong though, he clearly does not know how evolved cheating has become. There is a reason vanguard is doing the best job out of everything at stopping cheats.
@@brennancondon3357he explicitly said that he doesn’t like it and that it isn’t a necessary evil; not that it wasn’t effective, but that he thinks the security vulnerabilities for the end user are massively unfavorable even when weighed against how much better it might work than traditional detection
If a backdoor was going to be engineered into games, it wouldn't be anticheat systems. It would be some other driver or low level code that flies under the radar. Any other driver should do.
@@Fatboy2526 First, citation needed. Second, "new MARKETING pitch". The first electric car was made in the 1800s, but that isn't relevant when talking about modern use for the tech.
The crazy part is most games that use it simply don't need it. Any FPS has no excuse, the server knowing the position of every character along with their facing could easily spot things like tracing heads through walls which could simply send an alert to check the replay. Want to cry about human review costing too much money? AI has progressed significantly, AI review should through enough training sets be able to reach a high degree of accuracy. All of this is fully possible, and these are just basic solutions.
The algorithm is meeting demand as needed. 'Tis truly a genius invention from our lovely overlords thank you, Woah Wicky or whoever the fucks running this shit.
@@spacepterodactyl it’s an actual masterpiece, with some of the best lines Case In point- You’re telling me my plan. I already know my plan. I made up the plan. It’s my plan. What I don’t know, is how close you are to accomplishing my plan!
Same deal with test taking browsers in college. Had a prof that would only give tests in lab because he "didn't want us putting stupid fucking root kits on our computers"
@@SimonWoodburyForget One of the things that I love aboiut product safety lawsuits... they are strict liability. If someone gets hurt from using your product in a way that is intended or reasonably foreseeable, you could be held liable. Imagine if this same courtesy was extended to computers. If a company makes a piece of software that in anyway messes with the system we would have a case. And I mean ANYTHING, from having a trend of causing kernel panics (Blue Screen of Death in common Windows parlance), up to actually killing your hardware (like New World). Also, class action settlements for matters like this need to be far more than just the cost of new hardware, or a refund for a CD album that loaded a rootkit onto your system...
@@ZeldagigafanMatthewHow do you discern between any other piece of code killing hardware and the hardware/software from the manufacturer killing itself? I mean we're not talking about DOS times, where every software by default had unregulated access to the hardware. In those days you could do things like drive the monitors frequency out of range and damage the display, or position a hard drives read/write-head in a way that was not recoverable. Today the driver is the only piece of software that has the final say what to do with the hardware. And at the same time the only piece of software with access to any kind of sensor data. So any software other than the driver can't be responsible, it might just serve as an unusual case that uncovers existing flaws.
@@WirrWichtKernel-level access ignores "the driver has final say". That's why it's such a big deal that Kernel-level anti-cheats are mandatory parts of some games. The OS no longer has sole authority over the hardware.
Adding on to Thor here, what we often find in tech support is that when these anti cheats have a bug in them, it's fully capable of screwing up your operating system as a result. Specifically, Valorant's anti-cheat takes the #1 spot for most amount of problems caused by it, and it's super annoying to fix. It's really horrible
Exactly. I want to play Helldivers 2 but I'm really concerned by the anticheat, and the sus company that's behind the anticheat who have had security problems before. Ain't no way I'm risking it, I'd rather play something non intrusive.
Yeah. Have an out of date corsair driver? Sorry, Vanguard just greenscreened your pc instead of letting it boot because if it boots, valorant will ban you! Your pc being totally unuseable is better than us getting a false positive sent to our database teeeheee!😅
Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed. Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it. Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.
@@Wild_Dice "Hacking problem" Everyone, including CSGO players, admit valorant has far less cheaters. If you're looking for a 100% rate, you're looking in the wrong universe.
Yes, I love it when that Kernal level Anti cheat doesn't uninstall itself from my machine once I uninstalled the game that installed it. It also has no uninstaller in Windows app center
@@agrefile2 their are a bunch. EAC, is a classic example. They say it removes itself once them game is finished but... Not all the time.genshin impact says it uninstalls it's anti cheat once the game quits then reinstalls it once the game starts up again but, their have been several examples of it not uninstalling itself. Their was a game I saw... An ARPG called "the night was" I think. It did that as well. "Some ordinary gamers" Goes over a bunch of them.
@tomb3782 I think the reason eac doesn't uninstall is because tons of games use it, for example fortnite, apex legends, battlefield, DBD, halo and tons more. The genshin one apparently doesn't uninstall on every game exit but doesn't send any information to the servers on game exit and stops running in the bg after 30hrs of the game being closed or when the game is uninstalled which i guess means it doesn't uninstall the anticheat when you uninstall the game, very weird
@@agrefile2If it only stops running after 30 hours of not playing, that's my computer running unnecessary kernel level drivers for most of the time my computer is on.
I think you would get a kick out of how Battlestate Games “Escape from Tarkov” does their anticheat. You could analyze and tear into it for hours im sure.
Tell us you have no clue what you are even talking about. Administrator access level is nowhere near Kernel Level access. Depending on OS and ideology, there are several layers above Administrator level access before you get to Kernel access rights...
You don't even need a bug. Kernel anti cheat drivers are usually also signed by Microsoft. There was malware floating around that used Genshin Impact's signed kernel level driver.
@@Ornithopter470 there's actually a lot of REALLY low level stuff that the kernel can do that root can't directly do, it's just that most of that stuff is not something a user would want to do directly anyway. Also a non-sandboxed root is able to just ask the kernel to do a lot of it anyway. 'Protection rings' is the term you want if you want to find out more. All users, including root, are actually in Ring 3.
The other part of that is that kernel-level anti-cheat code also *completely circumvents all security measures* built into your OS. If there's anything wrong with that code, it can do absolutely anything it likes, or let anything else do anything it likes, to your entire machine. Virus and malware protection? Doesn't exist anymore. User access restrictions? What're those? You are trusting the maker of that game to full and completely uncontrolled access to your machine (even more than you are usually allowed to have yourself). Even if you trust the game maker not to abuse that kind of access (which you definitely shouldn't), all it takes is some external hacker managing to slip a bit of code into the right place in the game, and they can completely undermine all of the security protections of hundreds of thousands of computers everywhere. But the game companies don't care. Your lack of safety and security isn't their problem. They just want to use this neat library somebody sold them that promises to prevent all cheating with no work on their part (even though it won't anyway), so you'll just have to suck it up and let them do what they want with your computer, you insignificant peon.
please don't go on actively spreading misinformation if you clearly do not work or study in this field, virus and malware protection is already on the kernel level, it can already detect malware whether it is in kernelspace or userspace. another moot point (at least for the most part) is that it merely being in the kernel gives the anticheat full access to your system, news flash, full blown REAL WORLD SPYWARE operates almost exclusively in usermode, you do NOT need kernel level access to record the screen, monitor the mouse pointer, log every keypress, record every window title, and even inject or to open a readprocessmemory handle to another program and go through the entire contents of its memory unless it is specifically a driver itself that blocks off that functionality.
@@ChristopherGray00 Please don't call things misinformation when you clearly do not work or study in this field, and have no idea what you are talking about. I do work in this field, I have written kernel-level code both professionally and as a hobby for Linux, BSD, MacOS, and Windows, and am extremely familiar with how the protection models in modern OSes work. Anything running in Ring 0 has full access to the hardware and the entire memory space, and can completely circumvent or override any other code in the system (including other kernel code). That is why most well-designed, modern OSes try to run as little code as possible in kernel mode, because any bugs or exploits that do exist in such code _cannot_ be defended against in any way and _will_ have complete, unfettered access to the entire system, period. But you are correct that in general, the sorts of things these anti-cheat libraries do also largely don't need to be in kernel space to do what they want to do anyway, which just makes the whole thing even that much more stupid, really...
@@foogod4237 literally none of what you said has anything to do with spying capabilities or any of what i said about antivirus itself already being on the kernel level, your original point of contention was that kernel code can "do anything it likes", which is extremely misleading, you know that you're bringing people into the idea that kernel level code can spy but usermode programs cannot, which is just factually false.
@@foogod4237 and no, the statement that "they don't need to be in kernel space to do what they want to do anyway" is absolutely not true, it completely ignores things like DMA cheats in which any remotely sophisticated cheater can simply block off other programs from accessing information about connected PCI-E devices and how they are interacting with the system. If you have full access to all of the memory in ram, byte for byte, and read into the game's memory as a DMA device (that also has a driver blocking off usermode inquiries), this is literally undetectable by any usermode process outright, there is zero way to tell beyond doing heuristics analysis on the server, which when we're talking about things like ESP wallhack/radar, is extremely easy to hide.
Kernel level is dangerous because a vulnerability in your anticheat is no longer just a vulnerability for hackers to exploit your game, it is now a vulnerability for data breaches, DDOS attacks, or straight up bricking someone else’s machine. An exploit in the Dark Souls engine allowed hackers to remotely execute code on their multiplayer session host’s machine, and was the reason multiplayer servers for almost every from soft game were down for about a year leading up to Elden Ring’s release, and weren’t back online until a good 4-7 months after its release, depending on the game (3 was the first back online, remastered was the last back online.)
*"Pulled it out into assembly, grabbed the code cave from it, removed the polymorphic, found a way to fit it into Warden..."* Thor just casually explaining How to Catch a Bot like he's a crypto-wizard version of Chris Hansen... XD
Kernel level anti-cheat is anti-consumer in the extreme. It’s not only giving over basically full control of your computer, it also breaks things like Linux support through proton. And I feel like it doesn’t make the job of detecting or eliminating cheaters any easier.
@@goldensquirtle3325 the devs have access to all of your pc info ALL THE TIME if they want it. The kernel is the very base level of your system, nothing happens that doesn’t use the kernel. So having access to it means they can see every letter typed every network connected to and every last process that is run
Not wanting to defend them, but as of right now, sad truth is that at least temporarily it is a necessary evil. Cheaters use hardware designed to cheat that is kernel level so using kernel is the easiest way to combat it. Which is sad, Kernel anticheat are scary as hell.
@@miZuZYNWhy? I feel like all the anti kernel anti cheat people just heard it’s bad from someone else, in your own words, what makes it so scary? Before you bring up data harvesting by the way, realize that literally everything you use harvests data anyways, and that your porn preferences really aren’t actually relevant to a corporation trying to advertise to you slightly better.
@@miZuZYN that argument kinda falls apart when you understand dma, ahk and arduino based cheats are working with no problem and none of them need any access to the kernel
@@KricketGD ok but to pretend like games like valorant dont have way less cheaters because of there anti is just stupid yes there may be work arounds but the truth is its is way harder to do them with kernel level anti cheats then without, csgo vs valorant is a good example to look at since they are very similar communities 1 has a lot of cheaters and one doesnt. And no i dont think its good to have these anti cheats but i will also be honest in saying i have and will continue to have vanguard installed on my pc until there is a better way to keep cheaters out of valo
To be fair Warden was ridiculously invasive at the start. It would not only scan all programs installed on the machine, but scan the active memory outside of the game's address space to see what else was running and scan THAT data for more info. This even extended to your browser and all open tabs. There was one case of a dude getting an instant ban when Warden flagged him for running cheat software when he was doing no such thing. What happened was he had a browser tab open and the PAGE TITLE, not the URL, simply the page title was the same as a known cheat software and it automatically flagged and permabanned him. This came out because he had to fight to get his ban overturned (which he did.) And that's when it became publicly known how invasive Warden actually was. It was literally spyware at that point.
Actually had an argument for several hours about this with a guy on a Linux discord, who insisted that because most exploits involve convincing a user to run something they shouldn't, it's perfectly safe to give kernel-level access to sketchy programs loaded by publishers who actively do not care about the user.
I hope to god you pointed out "It doesn't matter if the PUBLISHER as a whole doesn't care about their customers, all it takes is one individual EMPLOYEE at said publisher to go rouge for a seemingly safe thing to turn into a MASSIVE problem." If you can't figure out why basically handing over your computer and giving unrestricted access to a bunch of people you don't know is a BAD idea, you're beyond help. Some people are just too blinded by a fucking game to think straight. Says alot about the kind of lives they lead....
People are also saying a lot of "oh XYZ also runs from kernel what about that" Riot is 100% owned by Tencent, who can be considered directly controlled by the CCP. Why does this program from a company owned by the CCP want kernel access? They might not have any concern about me, who is a random white woman in the US, but Valo and League are very popular in China and East Asia and can see what those people have loaded on their PC and what they're doing at any time
After my uncle's wedding I was heading home from the after-party, and a drunk woman sees me with my very long hair (about as long as Thor's at the time, maybe a little shorter) and she starts complimenting it and asks if she can touch it. Now, my hearing is terrible, and when I said, "sure thing" I didn't realise that she had, in fact, asked if she could braid it. So she takes out my hair ties and goes to work while her boyfriend looks at me, amused. A few minutes later she says she's done. I thank her and go home, and looking in the mirror she actually did a fairly good job, despite being pretty damn hammered. Sorry, this comment just reminded me of that story. The woman was a little rough, due to being drunk, but aside from a couple harsh tugs it felt quite nice to have my hair braided. My hair is much longer now, probably longer than Thor's, and I wouldn't mind it being braided again one day. Just maybe not by someone 10 pints down.
Actually, it’s more like paying the mob to install security cameras for you. Maybe it’s legit, maybe it’s not. The answer can change as quickly as an Executive changes sports cars
To give some pushback to Thor. I’m not advocating for kernel level anticheat, btw. However I feel like banning bots is wildly different than the realm of cheating FPS games have delved into
but it’s absolutely possible to use similar non-intrusive methods to detect cheating in fps games as well. aimbots are probably the easiest, since they generally have behavior that very few humans would do. wallhacks can be alleviated by sending less data to clients
Tell that to the kernel level cheats bypassing kernel anticheats. There is a way of being less intrusive but what we're doing now is our best realistic option. at least until VACnet AI manages to solve this.
@@mycelia_ow How about you build your game in a way that cheating is just not as rewarding? If MMOs of 15 years ago can build their games in a way that all they need to monitor for is autoclickers/autonavigator you're doing it right, if not, burn it all down, tear up the foundation and start over.
@@mycelia_ow You can bypass kernel level anticheats easily if you actually want to, they are not a foolproof solution. DMA devices are one such way to slip past kernel level anticheat completely undetected, the only way to enforce higher than that would be to have a person in your house manually inspecting your PC hardware. It's better to use proper systems to deal with cheaters rather than trying to brute force it while creating critical security vulnerabilities, because ultimately if someone really wants to cheat they always will be able to, you just have to deal with it when they do so.
@@treeaboo effective kernel level anticheat lets you basically hardware ban someone, so the cost of cheating skyrockets. It also isn't "easy" to bypass it (e.g. vast majority of cheaters have very little experience and just download the first result for cheats on Google - the difficulty of having to use some more obscure attack vector like DMA will dissuade 99% of cheaters). There are also anti-DMA techniques commonly used for competitive games, like I know riot games is world-class in anticheat and anti-DMA. You make it sound like it can be easily replaced by "proper systems" and I'd really like to know what these proper systems are.
@@treeaboo The fact that they can be bypassed doesn't mean they aren't serving a purpose or shouldn't be used. It lessens accessibility to cheats, so the only real market is paid private cheats which limits how many people do it. It's not much but it helps. It's still a barrier. While we can't get any deeper, we can do a lot more than we are now using data observed by a client. DMA cheats are exactly why we need to be this deep in your system. Valve has the right idea testing with AI, I'd imagine an AI accelerate kernel anticheats would be far more effective than what we have now, it just wont be flawless still. It's not talked about enough, it's our only option going forward.
please for the love of god, normies i beg of you to stop brazenly just spreading blatant misinformation on a topic you clearly have not studied. SPYWARE DOES NOT NEED KERNEL ACCESS, please stop prepetuating this god awful myth, literally every function you would need for spying on a system, from recording the screen, to monitoring the mouse pointer position, to intercepting every keystroke that happens on the system, windows provides an easy API call that requires no kernel access whatsoever, spyware does not need a driver, make whatever opinion about ring0 anticheat but do not say it is bad on the basis that ring0 allows any more room for spying that usermode didn't, because usermode already allows virtually full spying abilities.
@@ChristopherGray00 you mean like how the feds can see all your social medias just by asking without a warrant? That's not a theory. Or like what the NSA is doing? That's not a theory
@@ChristopherGray00 i'm a game hacker myself who has personally reversed most anti-cheat drivers you can name. they really aren't hard to get around. most of their detection vectors (EAC/BE) are actually already documented. these anti-cheats exist to stop pasters, not anyone who puts the time in to try and get around these things. really the only major way to stop cheaters from cheating is to have someone watching them.
I mean, you kinda are because most of the features that people are afraid of (like seeing your web traffic and going through your files), are all stuff that they can do from a regular install. Also, if you played any game with Easy Anti Cheat (Fall Guys, Apex, Dead By Daylight, Fortnite) that's kernel level also. The only thing different with Vanguard (Valorant's anti cheat) it's that it is vocal when it runs (icon in the notification bar) and that you can shut it off. **edit:** People saying it's ONLY running when the game runs are mistaken. EAC has a subprocess running from boot that it uses to have said Kernel level. The reasons for not running kernel level are existant. It's just not stuff that people think about really. Also, I feel like Thor is out of his wheel house a bit here. Doing anti cheat for an MMO vs an FPS is WILDLY different. Also, Thor (or his mods) are actively deleting comments bringing debunking arguments on people misconceptions. So yeah... Take that info as you please. It could be something about double posting, but either way, it doesn't look good.
You're not insane. You are correct. It only takes a single bad actor with a backdoor using that anticheat(this happened in genshin) to compromise data at a level of identity theft.
@@Karlyr_ I’m just worried about a rogue employee or bad actor exploiting a zero day or something of the sort. I know the programs can go through my files and whatnot, but if they try to go rogue I can actually stop them.
@@slamkam07you are aware that what happened with genshin was the result of a mistake on WINDOWS's part right ? It had nothing to do with the kernel anti cheat but the result of a driver that was poorly written by Microsoft's part and then abused by a malicious third party. Unfortunately, Genshin was using it and distributed it with their software. So their name got dragged along but it wasn't their fault directly.
Kernel level anti-cheat should be illegal, there is no reason a gamecompany should be allowed to have kernel access to peoples computers. Cheaters are bad sure but KERNEL LEVEL, that's like giving the authorities permission to put up cameras in every room in every home then making masturbation illegal.
how would you even make a law that delegalizes that, without hurting people that need to use kernel-level software for other reasons? i'd rather make it mandatory for a piece of software to communicate that to the user, as well as potential risks it can carry
@@_phloggy_ Not sure I understand your stance here. You would rather give kernel-level access to everyone because someone might need that for some software maybe?
@fronix5060 I think they were just saying that legally forbidding it is a bit overkill and, although the stuff is generally not a good thing to have, that just outright outlawing it is intruding the whole freedom thing quite a lot, along the lines of doing the least regulation that still gets the job done. Just because we can't think of a good use for something like that right now doesn't mean there isn't any, plus such legislation could easily overstep the intended target and make making kernel drivers all but impossible if it's drafted up by the same tech-illiterate geriatric patients that write most other laws What I'd 100% get behind is that the user both needs to be clearly told that this is what they're getting into (and that they need to understand the implications), and also that we raise the level of liability for companies that make this kind of stuff
I agree. As a CIS student, I wanted to see how well kernel level anti cheat worked, I ran my test with public python scripts easy to get used by many, i got banned at the same rate by kernel level anti cheat as I did by non kernel level anti cheats. The catch in all this is the kernel level anti cheat didn't ban me, those were manual bans by the anti cheat teams after reviewing my gameplay, vs others (non kernel access) were automated ban
Not really, he is comparing stupid WoW bots with very obvious patterns to things such as aimlock, triggers, radar hack. It cant be detected by the same systems.
@@BuddzBunnyHD if you think kernal level anitcheat is a good thing, I'm just done responding to you. It is always a massive risk for the trade off of "possibly" catching cheaters. Game devs these days are just lazy and would rather pay for battleeye or EAC and then just default to blaming them. Kernal level anitcheat is not necessary if you care about your game.
@@rhyszigich8701 play any competitive fps with a kernel anti cheat, now play any without. Goes from hackers being unicorns to seeing one every two game. Il not saying they are absolutely necessary but as a competitive player i honestly dont even want to invest any amount of time in a game where cheating is so easy. And as of now non-kernel anticheat juste don't cut it for me
@@rhyszigich8701 I am no fan of the kernel level stuff, but the only game I know of that is popular that uses it is Valorant, and as far as I'm aware, they have a much smaller cheating problem than any other FPS that I know of. Just because I don't like something, doesn't mean it's not effective. Do I play Valorant? Nah, I haven't played the new Helldivers either because of their kernel level shit either, but there does seem to be an efficacy to their use all the same.
Just FYI, these same companies that "need" kernel level anti-cheat have plenty of bugs and exploits in their games, so who's to say that the Anti-cheat doesn't have vulnerabilities that can be exploited by unauthorized people?
@@Ghosty72401 If a cheater doesn't cheat yet, they are indistinguishable from the average player. Anti-cheat theoretically catches them before they cheat, but cheat developers can always get ahead of the system. A system that watches every player and decides if they are cheating in real time is what we want, but that isn't possible currently.
@@anthonysimpson1079 Whilst that is true (I'd know as a software engineer) most vulnerabilities are often a mix of the wildest shit no one's ever gonna come up with, but still it's a vulnerability
It really doesn't get talked about enough in the gaming community that kernel-level anticheat is rootkit software. That to simply play certain games you have to submit to what in any other circumstance equates to putting the worst level of malware on your machine.
@@MrFloat777 i love how you go to a comment pretty much saying the exact thing that a huge figure in cybersecurity is saying and do the equivalent of just saying no without any further explanation it absolutely is something to be worried about
@@MrFloat777 You're completely explained both in the video and in this comment what is so wrong with it.. Man those websites and applications absolutely love you for just handing every little letter of your information and security to them.
@@MrFloat777The issue is that they are trusted and have high level of access. There were some malware that exploited some issues in one of them to gain privileged access. More than that, you didn't actually need to have it installed: it was nice enough to install it for yourself since the anticheat installer was a signed and trusted executable
One somewhat reasonable explanation for why they do use it could be because most people aren’t hacking the game itself they’re using a third party program. ( but I know jack about this so don’t believe me)
im necroing your post but Warden was and still is notoriously one of the worst anti cheat detections around kernal level anti cheat is bad for other reasons but as long as its fulfilling its primary objective generally its worth the trade it also depends on the game. if im playing stardew valley or terraria or a single player game obviously it makes no sense but if im playing the HIGHEST level of competition on a game i want to REALLY make sure im playing a fair game sure it will never be 100% but we aren't shooting for 100% we are just shooting for a high number and sending a prayer to Thor that its enough. its a little disingenuous to say all kernal level anti cheat is bad because technically speaking the anti cheat itself is great its just you are leaving a metaphorical computer nuke on your pc for a fair game.
@MerkSig gonna have to hard disagree on the generally a good tradeoff, sure in competitions you need sanctioning and invasive rule-checking, I'll 100% agree there. However, to the average player, in my eyes this thing looks to be on the level of just running every random .exe you find as admin because that way they can't fail due to permissions. It's a glaring security hole and the companies making them presently just don't care that much about that part, lest it affects their reputation of course. I think if we both educated people on how dangerous these things actually are, as well as held these companies strictly liable for whatever exploits are found to be in their little kernel concoctions, I and a lot of people would be a lot less stuck up about KLACs. Personally I don't want to see them anywhere near me, but I feel like as long as a person is allowed to actually understand what exactly they are getting into before getting into it, then that's fine in my eyes and they can make bad decisions if they so desire since they're at least aware of what they're letting into their PC.
I went in, broke the chunglebumps apart into Cheebles, grabbed the Schmode Rave, pulled their geodesic generator, and fit it into Flembry, and huzzah, the Scrumblifier scrumbled no more!
Any anti-cheat developer will also tell you that it isn't possible to stop all cheats because there is always a way to avoid detection. It doesn't matter how many people you have banned. We are talking about how many more can we catch and ban? Where I find the issue is with dishonest companies like Activision, which built their own kernel anti-cheat for CoD just to protect their advertising cheaters and not let that info leak out.
It’s not about banning every hacker. It’s about making it as difficult/expensive as possible to hack. The more advanced the hack the more it costs, both software and hardware.
In other words detectives should stop catching murderers because a few of them get away with it? Kernel AC has the highest cheater ban rate than any other AC method. The entire point of AC is to reduce # of cheaters.
@@JohnsmithhjoeNo, but detectives should not be allowed to flaunt due process and the law simply because, _maybe_ , they might be able to catch more criminals. Sure, tyrants are somewhat better deterrents against murderers. But at what cost?
Thank you been saying this for years and I always heard BS from people claiming “we need it to stop cheaters” no it introduces tons more risks and issues we don’t need nor should ever have to deal with for a damn video game.
ex cs cheat developer here, kernel anticheat is absolutely a nessecary vector for detection of cheats, here are some examples of situations where a kernel level anticheat is able to detect a cheat, and a usermode anticheat has no ability to detect reasonably : 1. DMA (direct memory access) cheats, these are physical hardware cheats in which a device is plugged into a PCI-E slot, and has unadulterated, complete access to every single byte of memory on the entire system, in other words, you do not even need to be interacting with the game on the software level, with this device, you can manipulate or simply monitor the game's memory and send that information to and from a second machine that will tell you everything that the game stores within RAM, such as player positions, utilities, grenades (for warning/velocity etc) a usermode anticheat cannot detect this with any proper DMA setup that blocks off any usermode program from enquiring as to what is on the PCI-E bus and specifically what the device is and how it functions, with a kernel driver, it can absolutely inspect the PCI-E bus to see what is on it, and monitor what it is doing to determine possible cheating activity. 2. virtual machine detection, this is important because if the player is utilizing virtualization, the host can monitor and manipulate the memory of the guest without having any such software running on the guest system, to a usermode anticheat this appears as benign (if you are only reading from guest, literally impossible to detect, if you are writing to the guest suspiciously, there could possibly be some room for detection). a kernel level anticheat can detect this because there are little windows API calls that windows makes avaliable that would reveal information beyond what the user could have potentially falsified, by default, virtual machine systems will almost always advertise that they are infact a virtual machine to the rest of the system, however this information is very easy to change in order to make what is known as a "stealth VM", this is a system specifically designed to act like it is just a normal host system. kernel level allows the module to actually investigate and look into drivers (without having to manipulate them) and determine whether or not the system is actually a virtual machine, and if so, kick (not ban) the user from the gameserver. we see this done with battleye, easyanticheat, and faceit's anticheat modules, and they are pretty successful at it, however usermode anticheats have limited ability in this regard.
@@jaydengraham8303 anti cheat solutions will never work to stop people like us game hackers. i personally do it for the challenge, people like to gas up vanguard and yet its not that complicated to bypass. however the act of cheating itself is pretty boring imo. its fun for the first like game or 2, as you feel good about making something that works and is considered "difficult", but you dont stay, you go and take the next challenge thats available. sorry about the tangent there, point is. only thing that can stop cheaters is LAN only gaming, where someone over your shoulder can see you. even then, the exploit there is the actual person. slip em a 20 and you'd be fine lol.
The difference is that Thor is a competent person willing to do some work to make sure cheaters are dealt with, while most game dev companies just want to shit out a solution that works, customers be damned.
@@ssarkos5148 It never prevented cheating. So how is a solution that works a bit better than other solutions with a way bigger impact on the security of your system "not an option"? There will always be cheating in online games and the best way of prevention is active monitoring by people not leaving that issue to apps that can be bypassed or corrupted.
@ssarkos5148 if you truly, truly believe that the cheating is so bad you need to do that, then just stop playing those games Kernel access is *the* access level, there is *no* going back once you give it up. If you're demanding all your games get kernel access, you're turning every game you own into malware. "But it's a game, how could it be malware." All it takes is one malicious *line* and you could be screwed. One disgruntled employee and every user of the game has to throw out their laptops. Someone hacks the company? Say goodbye to your information. Are you really so desperate for an anticheat, are your games so incredibly rife with cheaters, that you are willing to not only get rid of your own safety and security, but demand that an entire userbase do so as well?
@@gen9695 A usermode application has access to all the files on your pc, a developer doesnt need kernel access to screw you. Kernel has more power but if you dont trust the company you shouldnt download their game at all.
AZ’s final trial was a battle, he needed to learn how to lose, to really lose, fair and square and NOT retaliate like he did the first time. That’s why his acceptance of defeat is the last piece, instead of a chip on his shoulder, losing to us gives him peace. He’s Lysander’s foil. He was a man who kept losing and getting more and more angry that life could always get worse versus a man who won over and over and got angry that he wasn’t rewarded for being “better”. Lysander’s fleeting and feigned affection for his personal inner circle, indicated by his “friends” and Gyrados contrasts AZ’s long held love and longing for a single individual and reclusiveness towards everyone else. In the opposite end, AZ didn’t care that his weapon would cause genocidal levels of destruction-but Lysander did. Both couldn’t find a way to solve their problem without the use of violence, but while one received permanent death as a punishment the other received permanent life, an arguably worse punishment. This character contrast also explains why Lysander can use mega evolution despite being an actual fascist: he embraces love only when it brings him power, whereas AZ does so at the cost of it.
I don't know if Thor knows this, but the way he draws a square is exactly how you write the character "mouth" in Chinese 口 (which is a square). I find that satisfying af.
Kernel level anti cheat, aka rootkit that is whitelisted on Windows defender. Basically get someone to download a modified version and you have a straight up rootkit that gives you kernel access that Windows defender won't even scan
@@andrewgreeb916a modified version would have a different hash, you would need to hijack it using a vulnerability and inject your code for it to be OK from the POV of defender
the biggest problem is that a "certain" kernel level anti cheat doesnt just run with the game. it will go through your files at any point, and without warning will just permanently delete anything it objects to. no program should ever have that access.
@@ANDR0iD tbf for an anti-virus it’s much more understandable as it’s doing that to keep unwanted hidden programmes out. Real time scanning is a pain and should be done away with but disabling anti-virus completely isn’t smart either.
@@FutureCommentatorYeah, not really. Its selling like hotcakes. Thor isn't incorrect, but not all issues can be solved by what he suggests. There are different things that cause different issues. Helldivers has a resource issue that, unless Arrowhead is investing in MASSIVE amounts of server back ups for flash restores, is easily exploited by cheaters, and thus ruining the game for everyone else. You don't have to agree with me, while also agreeing with Thor. What he said is valid for THAT scenario which is what he spent his time doing primarily.
The difference here is that bots are something completely different than cheats in fps games, take a look at cod or cs2 and how bad the issue is in those games where most of the players on the leaderboards are in discord servers dedicated to cheating their way to the top and then selling their accounts for a ton which sell in minutes and then take a look at val which does have cheaters but you meet one like once a year and the cheating community is not as open as other games like cs2 or cod
I botted for 7 years in Wow. Never got caught. I would say doing gathering routes for 12+ hours every day would be a bit suspicious. Never even got a whisper.
not only that: people are ok with installing kernel-level cheats to bypass non-kernel anti-cheats (because of course they can totally trust the nice hacker who created it, right?)
@@RegnumMortispeople will install kernel level anticheats from companies owned and operated in countries like Saudi Arabia and China which is even more fucked.
A LOT of people, especially content creators, PC's have this. One day there will be a big exploit and all their PCs get compromised. Helldivers isn't a bad game, it's only the rootkit that's the issue.
Not only are they okay with it, gamers now actively demand it from developers thinking Kernel level ACs will eradicate cheating forever. People suffer a minor inconvenience in their video game and are immediately comfortable signing away all their privacy to companies. Like the chatter in this clip calling it a "necessary evil" LMAO. If Netflix.exe, a cheat that has a readme file of like, 4 installation steps can bypass a Kernel AC, I don't think that trade is working out, Bros.
@@DonkeyOnAUnicycleBut again, he's not running Helldivers 2 on a machine containing anything else. He built a machine dedicated just to helldivers 2 to burn it after the Democracy wins.
@@RobluexHow did he do it? Is he using a virtual machine or did he build another computer to play this game? I'm in the same boat, I want to play it but no kernel anti cheat will touch my computer.
I mean, I don't personally think it is that bad. Perhaps a bit overkill in some scenarios, but the concept isn't something I'm against. It's like using a sledgehammer to open a wallnut. If you're not careful, you might break the table in the process. But you can be sure that you're gonna crack the nut. You could go and get a nutcracker instead, but those don't always work, especially for any kind of nut. But a sledgehammer? It'll crack any of them. Just make sure you're swinging it on something safe.
@RenAki5 If I understand the analogy right, its different when someone else is swing the sledgehammer. Do you have 100% trust that their intentions are good. Are you able to completely trust the code that acts as a sledgehammer? The point being you're essentially giving a stranger keys to your digital house and hoping they don't do anything sketchy when snooping around.
@@Leedledled1 I mean, I'd trust the guy installing security cameras and home defense alarms to not be up to no good. And just the same, I trust anyone in Cyber Security to know what they should and shouldn't be doing. Any program, not just kernel level ones, can cause a lot of problems/damage to a computer. Do you trust them to not have updates or software in them that could be harmful? Any video game could just as easily add crypto mining software that runs on the side of it, and destroy your GPU. And uh, the obvious issue of literally shooting your own company in the foot by actually causing harm to your entire userbase. I'd much sooner trust the massive video game development company with kernel level access, as they're going to be regulated and have much more honest communication about it, than some random cheat software online, with 0 regulation, and no idea who or what the creator's intentions are, that also goes kernel level to dodge lower level anticheats.
100% this. DMA devices are the biggest threat which kernal level doesn't detect. Anything else can be done via normal detection or stats grabbing. Headshot %, KDR, movement xyz coords, gold increases, ANYTHING can be trapped in a database and be a route to detection not to mention normal process injection detection/code injection type stuff.
That only works if the cheater is rage cheating, if they know what they are doing you cant catch them like that. Kernel level acs can detect dma unless you have your own completely private hardware.
I *highly* doubt you can catch a cheater in LoL just by analysing their gameplay statistics. Even if you catch dodge-scripters by cleverly differentiating their movement, how would you catch people who cheat by removing the fog of war? That's just information to them, like wall-hacks but less noticeable.
Trust me it's sometimes it's even hard catching a cheater while watching overwatch on cs specially if they know what people are looking out for. Stack team of 4/5 have one guy walling and the advantage is enough to climb the ranks. Mmos are different a lot of it is server side, unfortunately fps games a lot of the time it's client based that's where kernel AC potentially is required but from what I've been seeing that AI cheats running between monitor and PC it's going to be pointless soon potentially future AC will be requiring a hardware device 😅
@@capbarker By not sending the state and position of players when they're not visible. FYI League already does this, but it does have a small buffer zone where player data is sent. So you don't have someone blink into your vision out of nowhere.
My thoughts exactly. It's a game. It doesn't need to invade my privacy to make it harder for some people who are going to cheat. Cheaters will cheat using direct memory access hardware. It is ridiculous for game companies to request such access and i refused installing games that require me to install drivers for drm and anticheat and will continue to do so. Companies need to do better and keep the state at server-side
Kernel-level anticheat is an artifact of the past, as counter-measure of the nature of online games in Asia back then. MMO had played a big real money trading, means hacked accounts = loss of money. Development was also very slow and rigid back then so game/engine updates may come once annually or two, hence game update may differ to content update. plus, win98/xp also has lots of security holes so memory alter/tampering (zero binary modification) cheat was a thing back then. dev/publisher will do anything to secure their game from intrusion.
@@gothpunkboy89 Either accept that it happens in fps games or stop playing them. Tbh I play less and less online games nowadays. There are cheaters everywhere every game. Just stop playing if you are overwhelmed.
That's exactly why they do it tho. Companies trying to lessen costs and cut out engineers they see as cost inefficient by using invasive services instead.
So basically, like many other modern AAA game development techniques, Kernel anti cheat is the way it is purely out of laziness to create better systems. Instead of putting a door in the wall to get to the other side, they simply blow up the whole building to get that result.
No, with our current technology kernel ac is the best weapon we have against cheaters. As soon as you leave the kernel cheaters can just shut down your anti cheat. Ai could work to catch aimbots but you still need kernel against wallhacks.
@@ssarkos5148 you can bypass kernel. It just gives you a false sense of security. And you can definatly use Ai to detect wall hacks. Because you play differently if you where everyone is and that is detectable. And you can probably add fake players only people with wall hacks can see. Like how you can add fake blocks to mess with X-ray in minecraft. But why do something like that when you have Kernel-level anti-cheat? Because that's obviously the only good way.
@@ssarkos5148 kernal level against wallhacks? are you really that dumb? There's at least 2 defenses you can do in the game itself. force a pure texture state (something that many Valve games do). You can also just not render anything if it is fully obscured by objects or terrain in the player's field of view.
I think the necessity of ANY anti-cheating measure is just to maintain a good player experience for the majority of players. You don't need to eradicate cheating entirely; you just need to address wide-scale, accessible cheating that has a perceptible negative effect on the player base. The upper echelon of cheaters/hackers are a minority and they're not worth pursuing at the expense of everyone else's privacy or security. The more money is involved the harder it is to apply that though because it becomes more of an assessment on ROI-if installing spyware on the whole player base's machines results in a net gain, management will be foaming at the mouth for it.
I think thats a major component and a great thing to highlight. There's an additional problem with cheating though that can cause major issues. If you have a competitive leaderboard, and being a top player can mean real money for the team you're on, even just a player or 2 doing these cheats could cause major issues for a game studio and the people watching these matches. Similar issue to PIDs in professional sports
you forgot the most important part: The kernel level program is only a corrupted C&C server away from infecting your system. You already have kernel level access on that machine then
Any antivirus that scans kernel level anti cheats will flag them as a rootkit. Because they are a rootkit. And bad actors like to abuse the part where anti viruses whitelist anti cheats.
It would already be a bad idea fundamentally just due to how much of a massive unnecessary overreach it is, but its made incomprehensibly worse by the fact that it very often doesn't even work. Helldivers 2 has kernal level anticheat and for weeks prior to the mech stratagem being released, cheaters were already using them by hacking them out of the otherwise unused/unaccessable code. Its like using a thermonuclear bomb to blow up a single building full of terrorists, and then it lands and doesnt go off, and now you have an unexploded nuke sitting in the wild and have to just trust that nobody takes it and uses it on innocent people.
Thanks for telling the world the truth. Too bad the executives at big companies don't care, so we need to vote with our wallets and stop buying games with kernel level anti-cheat.
@@MrDuLukesMost games use kernel level anti-cheats, but most of them aren't what people have problems with. Like, take Easy Anti-Cheat or BattlEye, both run as kernel anti-cheats. But EAC and BE only open and run while the game is open, unlike Vanguard which is open all the time from computer start. Personally, I dont care about EAC and BE because they only start and run when you play a game. Of course they still have kernel level anti-cheat, but at that point it doesnt bother me much.
As for how to find out.. Well, if it has an anti-cheat, it's mentioned somewhere, and you can just google it. But it most likely will nearly always be kernel level.
As someone who has wrote cheats, kernel level anti-cheat makes cheating a lot harder. Yeah you can detect cheats without it, but you also detect way less sophisticated cheats.
@@superslash7254 he's not creating anti-cheat, he is creating the cheat software. And he is saying that he has an easy time if there is no kernel level anti-cheat.
It makes it harder, but not impossible. If it's worth protecting the competitive environment at the cost of bricking some computers, it's worth cheating at the cost of writing harder to detect cheats.
km anti-cheats doesn't make cheating harder lol. only beginner game hackers struggle with it. reversing the anti-cheat i'd say is the only "struggle" as the driver is typically virtualized to stop reversers. however, the detection methods for things like EAC/BE are already well documented on forums, so you've already got everything you need already lol, as long as you have a decent knowledge of windows internals you can bypass them with not a lot of effort.
It’s one thing to have an anticheat in an MMO it’s a completely different beast in competitive FPS games where people play online tournaments for tens of thousands (sometimes more) of dollars
he is most likely talking about Honorbuddy which was a very popular bot that came about shortly after WoW Glider. Blizzard shut both of them down. All of Honorbuddies other bots got shot down too for other games
Minecraft does that pretty good. Anti-Xray for example has a long history of back and forth. First they introduced false block informations send by the server. Then people got creative and build seecrackers to simulate ore generation in order to get around that. And guess what ? Developers figured, if you use a random seed generator for each chunk and just merge them into one landscape, ore simulation won’t work anymore.
It is fair for non-competitive games. But for highly competitive ones (LoL, DotA, CS, Starcraft etc.) You do not have a month to sit there and reverse engineer a cheat. As ppl using them are ruining competitive right now
If you don't have a month to reverse engineer a cheat, you also don't have a robust enough process to be safely monkeying around in the kernel (of all the thousands of different builds of machines your game runs on) to try and catch the cheat. Not to mention just having kernel access isn't a magic bullet to suddenly catch everything easily.
i don't know a single person complaining about cheating in lol. from casual players to pro players. there's been constant complaints about every aspect of soloQ in the game, and cheaters has never been one of them.
@@mustdy7177 Get out of here. Scripters are pretty much only present on the very very top of the rank ladder and even there the ratio is probably one scripter for your entire lifetime. On the other hand, the first months after Valorant was released there was pretty much 2 cheaters for every match. Heck, on the same week they started distributing keys you already had literally DOZENS of cheats on the market. Kernel level or not, didn't make any difference except for the fact that it was a resource hog and a privacy and security hole. League has been up for 24 years and they still haven't managed to build a stable, efficient, bug-free game client and you somehow expect them to write kernel level code decently? Are you ok? Have you actually used either lol or valorant for any extended period of time?
Dude casually mentions Warden one of the most invasive anti-sheets that is not kernel level. I don't think he's on as much of a precipice as he seems to think he is
That is because there are more players than ever before and game studios have gotten lax, relying on kernel level anti cheat that fucks over their loyal players to deal with the problem in a functional manner.
I would absolutely love to hear your thoughts on what some other good detection methods would be for games like valorant/other competitive fps that use kernel level anti-cheat.
Idk I feel Thor generalized too much. Back then when he worked at Blizzard cheats werent that advanced. Right now many anticheats are kernel level because otherwise is extremely difficult to detect some cheats
@@wassup4532 If you were savvy enough, you could theoretically silence kernel-level anticheats entirely at the network level, entirely externally to the machine you're playing on. Hell, there are kernel level cheats out there too. Thor did not overgeneralize. You CANNOT trust anything that is not running YOUR software on YOUR hardware. AKA: Never trust the client. Ever. Most games companies slap on kernel level anticheat and automated report-based systems because it's easier and cheaper than actually properly validating and sanity checking what players are trying to do on the server side. But it's lazy, still possible to bypass, and straight up is a security risk. In fact, I would LOVE it if tomorrow regulatory bodies started regulating kernel-level code legislatively. It's not needed for much. All kernel-level anticheats do is escalate the battle between cheat makers and game developers in a way that leaves consumers open to more threat actors than before.
@@wassup4532 Yeah.. idk about Thors take here. If anti cheats don't need kernel level access to function well, why is it that Valorant is like the only game that remains *somewhat* cheat free (and if there are cheats they are shut down near instantly)? Kinda funny how all these other games he worked on have infinite cheats.
@@luckra808 Compare Valorant (1 cheater every 100 matches or something) with CS2 (1 cheater every 2 games). Obv just subjective experience but the difference is very noticable for anyone that is somewhat experienced with both games. I would give Valve Kernel level in a heartbeat if it meant I could play the game without cheaters again
To clarify for anyone who's confused: he's talking about Blizzard's Warden anticheat, which worked by fingerprinting running programs on the user's machine and matching them against a known list of cheat tools, the same basic principle that antivirus tooling uses. He favors this over the kernel-level behavior-oriented approach, which instead purports to flag any unapproved interaction with the running game. Honestly, valid, if you take the stance that no approach is ever going to be perfect and the most important thing is raising the bar for an average person to get a cheat set up without direct tech support
@@user-ye2vn4dh8h this is about Riot Games introducing Vanguard, a kernel level anti cheat, after their top league is ddosed through a bug in their other anti cheat.👌
It sucks watching more and more games go the route of Kernal and having to decide between safety and just enjoying a couple hours of games Id genuinely enjoy. I almost miss my ignorance before I learned about cyber security, but then I remember how in trouble I would of been if something happened before I knew as much as I do now.
before long it's a case of split the monitor output to a machine vision module, and some USB devices that pretend to be a keyboard and mouse or a gamepad, under control of the entirely separate hardware. No software there to detect.
@@davidskidmore3442It's already at that point. There's documented cases of that exact setup being used. And it's via cheaters self-reporting and showing off their hardware to do it.
Some are impossible to detect. I remember hearing about an MSI monitor on The Wan Show. It had some sort of AI tool monitoring what was shown on screen. It had a light strip at the bottom and the AI could be set to monitor some portion of the screen (like health) and give and indicate it's status so you don't need to focus on it as hard. It could also monitor the mini map and anytime an opponent came out of of the FoW, it would mark it with a circle and an arrow. Now only LoL was mentioned so I don't know about other games. I also don't know if it does anything else or what kind of options it has for adjustments to the overlay (if it has any). But it would definitely be an advantage... and through hacking or hardware mods it could be the most powerful and completely undetectable piece of cheat hardware _ever_.
@@davidskidmore3442 I wouldn't worry myself too much about that for a few reasons. 1. good detection relies on watching inputs as well, not just the software running. 2. do you know how expensive a setup like that would be? You need a system powerful enough, and software well built enough to analyze the data in as close to real time as possible and make decisions on what to do. What counter do you suggest? activating HDCP in a way that leaves the result a low resolution mess that no one would want to use anyways?
Its absurd I 100 percent agree with you I HATE knowing that if I want to play certain games that they will force you to have a kernel level anti cheat. The funny thing too as a player most of the games that have that feel to have more cheaters too.
Thor just pulled the “I was there when they were written” on us.
not even that, he pulled the "I was one of the writers"
Like mf moses
“Do not quote the deep magic to me, witch!” 😂
@@jeremygardner5987and Aslan
Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed.
Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it.
Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.
I’m so glad he drew that square to illustrate what he was talking about. I would have been so confused if he hadn’t
Lmaooo
This man is amazing. He speaks about this with such confidence, expertise and knowledge. Hats off to a true professional.
Maybe this is his "outside of the box thinking" explanation. I mean, he is certainly not inside the box 😅
You think you are so great😂 keep going little buddy
It's the kern of kernel
i love how he draws a box and nothing else
It's all this man needs to get his point across
That’s a kernel
Abstract art:
The weirdest part is it makes sense.
@@flankman9385Exactly. How could anyone miss that?
Thor: Roast Kernel-Level anti-cheat
Paint: 🔳
@@eldermartins130 Thor has 2 million body’s he’s in game deleted that many ppl 😭
Epitome of "do not recite the dark magic to me, witch, I was there when it was written"
Was thinking Azlan haha
Was this a Narnia quote?
the old magic
It's oft the thought, not the grammar, that counts
Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed.
Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it.
Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.
When Thor is so passionate about something that he forgets to use paint
: O i just realised that
The square (your machine) he drew at the start was all that's needed to get his point across
Fr
He is wrong though, he clearly does not know how evolved cheating has become. There is a reason vanguard is doing the best job out of everything at stopping cheats.
@@brennancondon3357he explicitly said that he doesn’t like it and that it isn’t a necessary evil; not that it wasn’t effective, but that he thinks the security vulnerabilities for the end user are massively unfavorable even when weighed against how much better it might work than traditional detection
"Oh! Lets create a back door for even worse problems"
Nah, they just want that sweet free information they can sell later to big data companies.
Both
wich is a backdoor@@Raikos100
If a backdoor was going to be engineered into games, it wouldn't be anticheat systems. It would be some other driver or low level code that flies under the radar. Any other driver should do.
@@JordanPNW a bug is a feature if well documented....
"Kernel level" is now the new marketing pitch the anti-cheat companies use to sell the shiny new "security options".
but why need kernel level anti cheat if we can have ai powered anti cheat.
yes i am joking
Kernel level anti cheat has been used by companies like valve since before 2002, not exactly new, especially for the internet
@@Fatboy2526 First, citation needed. Second, "new MARKETING pitch".
The first electric car was made in the 1800s, but that isn't relevant when talking about modern use for the tech.
4K HD anti cheat
The crazy part is most games that use it simply don't need it.
Any FPS has no excuse, the server knowing the position of every character along with their facing could easily spot things like tracing heads through walls which could simply send an alert to check the replay.
Want to cry about human review costing too much money? AI has progressed significantly, AI review should through enough training sets be able to reach a high degree of accuracy.
All of this is fully possible, and these are just basic solutions.
"DO NOT CITE THE DEEP MAGIC TO ME, WITCH! I WAS THERE WHEN IT WAS WRITTEN!"
Bonus point for remembering it is cite instead of recite or quote.
Makes me feel like rewatching Narnia
More appropriately to this situation would be "Do not cite the Cheat Detection to me, Witch. For I was there to write it."
he was there because he wrote them...
YEA
it's rare to watch a short from thor this early
Same
10 minuter in and you have 170 likes. Pretty cool
Its 10 pm over here
Oh I’m hella early
The algorithm is meeting demand as needed. 'Tis truly a genius invention from our lovely overlords thank you, Woah Wicky or whoever the fucks running this shit.
the square he drew really summarizes the point
I love when he just draws shapes and acts like its a variable that he just plugged his words into
Everyone remembers the Narnia line, but I still love the old Buzz Lightyear Movie line:
“I know the regulations, I wrote half of them!”
What is the movie? Used to watch the animated show as a kid.
@@regiuseques6333 There was a direct to tv/home-video movie to kick off the show, called Buzz Lightyear of Star Command: the Adventure Begins.
@@regiuseques6333Toy Story
@@regiuseques6333 I think the movie was called “Buzz Lightyear of Star Command: The Adventure Begins”
@@spacepterodactyl it’s an actual masterpiece, with some of the best lines
Case In point-
You’re telling me my plan.
I already know my plan.
I made up the plan.
It’s my plan.
What I don’t know,
is how close you are
to accomplishing my plan!
Same deal with test taking browsers in college. Had a prof that would only give tests in lab because he "didn't want us putting stupid fucking root kits on our computers"
Literally the reason why I had to turn my lap top into a burner, just for that shit. Bum ass professors refused to compromise.
Based prof.
Smart prof...
Based
I don’t get why that’d matter
Another reason it's not a necessary evil: catching people cheating is less important than not messing up your customer's machines, actually.
@@SimonWoodburyForget One of the things that I love aboiut product safety lawsuits... they are strict liability. If someone gets hurt from using your product in a way that is intended or reasonably foreseeable, you could be held liable. Imagine if this same courtesy was extended to computers. If a company makes a piece of software that in anyway messes with the system we would have a case. And I mean ANYTHING, from having a trend of causing kernel panics (Blue Screen of Death in common Windows parlance), up to actually killing your hardware (like New World).
Also, class action settlements for matters like this need to be far more than just the cost of new hardware, or a refund for a CD album that loaded a rootkit onto your system...
@@SimonWoodburyForgetthose games are not for you then lol
@@ZeldagigafanMatthewHow do you discern between any other piece of code killing hardware and the hardware/software from the manufacturer killing itself? I mean we're not talking about DOS times, where every software by default had unregulated access to the hardware. In those days you could do things like drive the monitors frequency out of range and damage the display, or position a hard drives read/write-head in a way that was not recoverable. Today the driver is the only piece of software that has the final say what to do with the hardware. And at the same time the only piece of software with access to any kind of sensor data. So any software other than the driver can't be responsible, it might just serve as an unusual case that uncovers existing flaws.
People will just cheat again anyways, banning them doesnt do a lot.
@@WirrWichtKernel-level access ignores "the driver has final say". That's why it's such a big deal that Kernel-level anti-cheats are mandatory parts of some games. The OS no longer has sole authority over the hardware.
Thor just pulled the “I was there when they were written” on us.
Adding on to Thor here, what we often find in tech support is that when these anti cheats have a bug in them, it's fully capable of screwing up your operating system as a result. Specifically, Valorant's anti-cheat takes the #1 spot for most amount of problems caused by it, and it's super annoying to fix. It's really horrible
Exactly. I want to play Helldivers 2 but I'm really concerned by the anticheat, and the sus company that's behind the anticheat who have had security problems before. Ain't no way I'm risking it, I'd rather play something non intrusive.
Yeah. Have an out of date corsair driver? Sorry, Vanguard just greenscreened your pc instead of letting it boot because if it boots, valorant will ban you! Your pc being totally unuseable is better than us getting a false positive sent to our database teeeheee!😅
@@MinaeVainEnjoy missing out on a good game simply because you’re paranoid the anti cheat will go through your p*rn folders.
Also there have been several Kernel level anti-cheats that pose tangible risk to your PC's security, look at Genshin Impact's as an example.
@@fairlywren3664 exactly
He really pulled out the "You dare to preach the knowledge of the stone to me?! I WAS THERE WHEN IT WAS WRITTEN!" Well played Thor of Ass-guard
knowledge of the stone? not that i care but it seems like everyone gets this quote wrong oddly enough
@@rooknado I went for theatrics, not accuracy.
Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed.
Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it.
Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.
@@SleepyStreak Not exactly, considering there's still a hacking problem in Valorant even with their invasive anti-cheat
@@Wild_Dice "Hacking problem" Everyone, including CSGO players, admit valorant has far less cheaters. If you're looking for a 100% rate, you're looking in the wrong universe.
Yes, I love it when that Kernal level Anti cheat doesn't uninstall itself from my machine once I uninstalled the game that installed it. It also has no uninstaller in Windows app center
which one are you talking about? vanguard is in the app center for me
@@agrefile2 their are a bunch. EAC, is a classic example. They say it removes itself once them game is finished but... Not all the time.genshin impact says it uninstalls it's anti cheat once the game quits then reinstalls it once the game starts up again but, their have been several examples of it not uninstalling itself. Their was a game I saw... An ARPG called "the night was" I think. It did that as well. "Some ordinary gamers" Goes over a bunch of them.
@tomb3782 I think the reason eac doesn't uninstall is because tons of games use it, for example fortnite, apex legends, battlefield, DBD, halo and tons more. The genshin one apparently doesn't uninstall on every game exit but doesn't send any information to the servers on game exit and stops running in the bg after 30hrs of the game being closed or when the game is uninstalled which i guess means it doesn't uninstall the anticheat when you uninstall the game, very weird
@@agrefile2 doesn't change the fact that I do not like it.
@@agrefile2If it only stops running after 30 hours of not playing, that's my computer running unnecessary kernel level drivers for most of the time my computer is on.
Man.. That little box really speaks to me on how intrusive Kernel level Anti-cheats are. It's there, but doesn't need to be. Profound.
You know what. I think somewhere in his unconscious he meant exactly that
I think you would get a kick out of how Battlestate Games “Escape from Tarkov” does their anticheat. You could analyze and tear into it for hours im sure.
I came here to say that and ask his opinion
Does it even have anti cheat
To be fair how do you even cheat in eft there is no goals or point of playing it’s not like ur grinding to be grand champion in escape from tarkov
I really want Thor to make a video on it now
@@5-iwnl-596with that logic. Why does anybody cheat in any game?
From a pure security standpoint: Kernel-level anti-cheat is also a point of failure that can be exploited. At kernel (administrator) level access.
Tell us you have no clue what you are even talking about. Administrator access level is nowhere near Kernel Level access. Depending on OS and ideology, there are several layers above Administrator level access before you get to Kernel access rights...
@Ornithopter470 except when apps are in a container like with flatpak as root user in the container might not mean that much
You don't even need a bug. Kernel anti cheat drivers are usually also signed by Microsoft. There was malware floating around that used Genshin Impact's signed kernel level driver.
@@Ornithopter470 there's actually a lot of REALLY low level stuff that the kernel can do that root can't directly do, it's just that most of that stuff is not something a user would want to do directly anyway. Also a non-sandboxed root is able to just ask the kernel to do a lot of it anyway. 'Protection rings' is the term you want if you want to find out more. All users, including root, are actually in Ring 3.
Uhhhhhhh Kernel is far beyond administrator
The other part of that is that kernel-level anti-cheat code also *completely circumvents all security measures* built into your OS. If there's anything wrong with that code, it can do absolutely anything it likes, or let anything else do anything it likes, to your entire machine. Virus and malware protection? Doesn't exist anymore. User access restrictions? What're those? You are trusting the maker of that game to full and completely uncontrolled access to your machine (even more than you are usually allowed to have yourself).
Even if you trust the game maker not to abuse that kind of access (which you definitely shouldn't), all it takes is some external hacker managing to slip a bit of code into the right place in the game, and they can completely undermine all of the security protections of hundreds of thousands of computers everywhere.
But the game companies don't care. Your lack of safety and security isn't their problem. They just want to use this neat library somebody sold them that promises to prevent all cheating with no work on their part (even though it won't anyway), so you'll just have to suck it up and let them do what they want with your computer, you insignificant peon.
you think windows defender and Microsoft would question t kernel-level anti-cheat sure if it's from A company we know we can trust it
please don't go on actively spreading misinformation if you clearly do not work or study in this field, virus and malware protection is already on the kernel level, it can already detect malware whether it is in kernelspace or userspace.
another moot point (at least for the most part) is that it merely being in the kernel gives the anticheat full access to your system, news flash, full blown REAL WORLD SPYWARE operates almost exclusively in usermode, you do NOT need kernel level access to record the screen, monitor the mouse pointer, log every keypress, record every window title, and even inject or to open a readprocessmemory handle to another program and go through the entire contents of its memory unless it is specifically a driver itself that blocks off that functionality.
@@ChristopherGray00 Please don't call things misinformation when you clearly do not work or study in this field, and have no idea what you are talking about.
I do work in this field, I have written kernel-level code both professionally and as a hobby for Linux, BSD, MacOS, and Windows, and am extremely familiar with how the protection models in modern OSes work. Anything running in Ring 0 has full access to the hardware and the entire memory space, and can completely circumvent or override any other code in the system (including other kernel code). That is why most well-designed, modern OSes try to run as little code as possible in kernel mode, because any bugs or exploits that do exist in such code _cannot_ be defended against in any way and _will_ have complete, unfettered access to the entire system, period.
But you are correct that in general, the sorts of things these anti-cheat libraries do also largely don't need to be in kernel space to do what they want to do anyway, which just makes the whole thing even that much more stupid, really...
@@foogod4237 literally none of what you said has anything to do with spying capabilities or any of what i said about antivirus itself already being on the kernel level, your original point of contention was that kernel code can "do anything it likes", which is extremely misleading, you know that you're bringing people into the idea that kernel level code can spy but usermode programs cannot, which is just factually false.
@@foogod4237 and no, the statement that "they don't need to be in kernel space to do what they want to do anyway" is absolutely not true, it completely ignores things like DMA cheats in which any remotely sophisticated cheater can simply block off other programs from accessing information about connected PCI-E devices and how they are interacting with the system.
If you have full access to all of the memory in ram, byte for byte, and read into the game's memory as a DMA device (that also has a driver blocking off usermode inquiries), this is literally undetectable by any usermode process outright, there is zero way to tell beyond doing heuristics analysis on the server, which when we're talking about things like ESP wallhack/radar, is extremely easy to hide.
Kernel level is dangerous because a vulnerability in your anticheat is no longer just a vulnerability for hackers to exploit your game, it is now a vulnerability for data breaches, DDOS attacks, or straight up bricking someone else’s machine. An exploit in the Dark Souls engine allowed hackers to remotely execute code on their multiplayer session host’s machine, and was the reason multiplayer servers for almost every from soft game were down for about a year leading up to Elden Ring’s release, and weren’t back online until a good 4-7 months after its release, depending on the game (3 was the first back online, remastered was the last back online.)
*"Pulled it out into assembly, grabbed the code cave from it, removed the polymorphic, found a way to fit it into Warden..."* Thor just casually explaining How to Catch a Bot like he's a crypto-wizard version of Chris Hansen... XD
That’s all yapology terms. I like Thor and respect him but a lot of times he exaggerates or adds flair where it isn’t needed
@@MrFloat777gonna say sounded like talking out the side of your mouth when you don't know but want to impress.
it's word salad, anticheat detections are typically signature based anyways.
@@no-ld3hzWhat? No it isn't? Tell me you don't know what you're talking about 😅
None of that makes any sense. Why would he read in assembly 😂
Kernel level anti-cheat is anti-consumer in the extreme.
It’s not only giving over basically full control of your computer, it also breaks things like Linux support through proton.
And I feel like it doesn’t make the job of detecting or eliminating cheaters any easier.
So wait that means the devs have access to PC and info if they even think you're hacking?
Easier to steal your data and harder to pirate
@@goldensquirtle3325and it can be malicious if it's fucked. Like genshin had that issue.
@@goldensquirtle3325 the devs have access to all of your pc info ALL THE TIME if they want it. The kernel is the very base level of your system, nothing happens that doesn’t use the kernel. So having access to it means they can see every letter typed every network connected to and every last process that is run
I think someone dosent know what anti consumer means
love how the first thing anyone tried to say was "it's a necessary evil" like there are no better alternatives
Not wanting to defend them, but as of right now, sad truth is that at least temporarily it is a necessary evil. Cheaters use hardware designed to cheat that is kernel level so using kernel is the easiest way to combat it. Which is sad, Kernel anticheat are scary as hell.
@@miZuZYNWhy? I feel like all the anti kernel anti cheat people just heard it’s bad from someone else, in your own words, what makes it so scary?
Before you bring up data harvesting by the way, realize that literally everything you use harvests data anyways, and that your porn preferences really aren’t actually relevant to a corporation trying to advertise to you slightly better.
@@miZuZYN that argument kinda falls apart when you understand dma, ahk and arduino based cheats are working with no problem and none of them need any access to the kernel
@@KricketGD ok but to pretend like games like valorant dont have way less cheaters because of there anti is just stupid yes there may be work arounds but the truth is its is way harder to do them with kernel level anti cheats then without, csgo vs valorant is a good example to look at since they are very similar communities 1 has a lot of cheaters and one doesnt. And no i dont think its good to have these anti cheats but i will also be honest in saying i have and will continue to have vanguard installed on my pc until there is a better way to keep cheaters out of valo
If you're a shit programmer there isn't a better way.
To be fair Warden was ridiculously invasive at the start. It would not only scan all programs installed on the machine, but scan the active memory outside of the game's address space to see what else was running and scan THAT data for more info. This even extended to your browser and all open tabs. There was one case of a dude getting an instant ban when Warden flagged him for running cheat software when he was doing no such thing. What happened was he had a browser tab open and the PAGE TITLE, not the URL, simply the page title was the same as a known cheat software and it automatically flagged and permabanned him. This came out because he had to fight to get his ban overturned (which he did.) And that's when it became publicly known how invasive Warden actually was. It was literally spyware at that point.
So it proves that you don't need kernel level for a spyware
Actually had an argument for several hours about this with a guy on a Linux discord, who insisted that because most exploits involve convincing a user to run something they shouldn't, it's perfectly safe to give kernel-level access to sketchy programs loaded by publishers who actively do not care about the user.
I hope to god you pointed out "It doesn't matter if the PUBLISHER as a whole doesn't care about their customers, all it takes is one individual EMPLOYEE at said publisher to go rouge for a seemingly safe thing to turn into a MASSIVE problem."
If you can't figure out why basically handing over your computer and giving unrestricted access to a bunch of people you don't know is a BAD idea, you're beyond help.
Some people are just too blinded by a fucking game to think straight. Says alot about the kind of lives they lead....
That dude has never heard of RCE
People are also saying a lot of "oh XYZ also runs from kernel what about that"
Riot is 100% owned by Tencent, who can be considered directly controlled by the CCP. Why does this program from a company owned by the CCP want kernel access?
They might not have any concern about me, who is a random white woman in the US, but Valo and League are very popular in China and East Asia and can see what those people have loaded on their PC and what they're doing at any time
I could not imagine a Linux user being that naive.
I mean I could, but it's really funny.
@@CircusFoxxoYeah, I don't want American corporations spying on me either, lol.
I want to braid this mans hair as he explains game code and software stuff
That's so real of you
Thats the best comment I've ever read on this channel💀
I just love how wholesome this is❤
I would love to have my hair braided while I just talk about networking tech. That would be amazing.
After my uncle's wedding I was heading home from the after-party, and a drunk woman sees me with my very long hair (about as long as Thor's at the time, maybe a little shorter) and she starts complimenting it and asks if she can touch it. Now, my hearing is terrible, and when I said, "sure thing" I didn't realise that she had, in fact, asked if she could braid it.
So she takes out my hair ties and goes to work while her boyfriend looks at me, amused. A few minutes later she says she's done. I thank her and go home, and looking in the mirror she actually did a fairly good job, despite being pretty damn hammered.
Sorry, this comment just reminded me of that story. The woman was a little rough, due to being drunk, but aside from a couple harsh tugs it felt quite nice to have my hair braided. My hair is much longer now, probably longer than Thor's, and I wouldn't mind it being braided again one day. Just maybe not by someone 10 pints down.
Trusting kernel anti cheat is like trusting the police to install security cameras in your home
THIS.
Trusting Amazon to install security cameras in your home.
Oh wait, people already do that...
Actually, it’s more like paying the mob to install security cameras for you. Maybe it’s legit, maybe it’s not. The answer can change as quickly as an Executive changes sports cars
@@ClokworkGremlin people already trust kernel anti cheat too, doesn't make it any less foolish.
What online games you play then, its pretty hard to avoid now days
To give some pushback to Thor. I’m not advocating for kernel level anticheat, btw. However I feel like banning bots is wildly different than the realm of cheating FPS games have delved into
but it’s absolutely possible to use similar non-intrusive methods to detect cheating in fps games as well. aimbots are probably the easiest, since they generally have behavior that very few humans would do. wallhacks can be alleviated by sending less data to clients
Kernel level access is the hatchet, where one needs the scalpel.
Tell that to the kernel level cheats bypassing kernel anticheats. There is a way of being less intrusive but what we're doing now is our best realistic option. at least until VACnet AI manages to solve this.
@@mycelia_ow How about you build your game in a way that cheating is just not as rewarding? If MMOs of 15 years ago can build their games in a way that all they need to monitor for is autoclickers/autonavigator you're doing it right, if not, burn it all down, tear up the foundation and start over.
@@mycelia_ow You can bypass kernel level anticheats easily if you actually want to, they are not a foolproof solution.
DMA devices are one such way to slip past kernel level anticheat completely undetected, the only way to enforce higher than that would be to have a person in your house manually inspecting your PC hardware.
It's better to use proper systems to deal with cheaters rather than trying to brute force it while creating critical security vulnerabilities, because ultimately if someone really wants to cheat they always will be able to, you just have to deal with it when they do so.
@@treeaboo effective kernel level anticheat lets you basically hardware ban someone, so the cost of cheating skyrockets. It also isn't "easy" to bypass it (e.g. vast majority of cheaters have very little experience and just download the first result for cheats on Google - the difficulty of having to use some more obscure attack vector like DMA will dissuade 99% of cheaters). There are also anti-DMA techniques commonly used for competitive games, like I know riot games is world-class in anticheat and anti-DMA. You make it sound like it can be easily replaced by "proper systems" and I'd really like to know what these proper systems are.
@@treeaboo The fact that they can be bypassed doesn't mean they aren't serving a purpose or shouldn't be used.
It lessens accessibility to cheats, so the only real market is paid private cheats which limits how many people do it. It's not much but it helps. It's still a barrier.
While we can't get any deeper, we can do a lot more than we are now using data observed by a client. DMA cheats are exactly why we need to be this deep in your system.
Valve has the right idea testing with AI, I'd imagine an AI accelerate kernel anticheats would be far more effective than what we have now, it just wont be flawless still. It's not talked about enough, it's our only option going forward.
"Yeah sure we could do the right thing, but getting full admin access and spying on you is quicker and easier so we do it instead"
Is more profitable for secret government contracts*
please for the love of god, normies i beg of you to stop brazenly just spreading blatant misinformation on a topic you clearly have not studied.
SPYWARE DOES NOT NEED KERNEL ACCESS, please stop prepetuating this god awful myth, literally every function you would need for spying on a system, from recording the screen, to monitoring the mouse pointer position, to intercepting every keystroke that happens on the system, windows provides an easy API call that requires no kernel access whatsoever, spyware does not need a driver, make whatever opinion about ring0 anticheat but do not say it is bad on the basis that ring0 allows any more room for spying that usermode didn't, because usermode already allows virtually full spying abilities.
@@michaelsorensen7567oh god this isn't youtube if it doesn't have baseless unsubstantiated wild conspiracy theories.
@@ChristopherGray00 you mean like how the feds can see all your social medias just by asking without a warrant? That's not a theory. Or like what the NSA is doing? That's not a theory
@@ChristopherGray00 i'm a game hacker myself who has personally reversed most anti-cheat drivers you can name. they really aren't hard to get around. most of their detection vectors (EAC/BE) are actually already documented.
these anti-cheats exist to stop pasters, not anyone who puts the time in to try and get around these things.
really the only major way to stop cheaters from cheating is to have someone watching them.
My friends act like I'm insane for refusing to play Valorant for this reason 😂
I mean, they are right. Can't blame them XD
I mean, you kinda are because most of the features that people are afraid of (like seeing your web traffic and going through your files), are all stuff that they can do from a regular install.
Also, if you played any game with Easy Anti Cheat (Fall Guys, Apex, Dead By Daylight, Fortnite) that's kernel level also. The only thing different with Vanguard (Valorant's anti cheat) it's that it is vocal when it runs (icon in the notification bar) and that you can shut it off. **edit:** People saying it's ONLY running when the game runs are mistaken. EAC has a subprocess running from boot that it uses to have said Kernel level.
The reasons for not running kernel level are existant. It's just not stuff that people think about really.
Also, I feel like Thor is out of his wheel house a bit here. Doing anti cheat for an MMO vs an FPS is WILDLY different.
Also, Thor (or his mods) are actively deleting comments bringing debunking arguments on people misconceptions. So yeah... Take that info as you please. It could be something about double posting, but either way, it doesn't look good.
You're not insane. You are correct. It only takes a single bad actor with a backdoor using that anticheat(this happened in genshin) to compromise data at a level of identity theft.
@@Karlyr_ I’m just worried about a rogue employee or bad actor exploiting a zero day or something of the sort. I know the programs can go through my files and whatnot, but if they try to go rogue I can actually stop them.
@@slamkam07you are aware that what happened with genshin was the result of a mistake on WINDOWS's part right ? It had nothing to do with the kernel anti cheat but the result of a driver that was poorly written by Microsoft's part and then abused by a malicious third party.
Unfortunately, Genshin was using it and distributed it with their software. So their name got dragged along but it wasn't their fault directly.
Kernel level anti-cheat should be illegal, there is no reason a gamecompany should be allowed to have kernel access to peoples computers. Cheaters are bad sure but KERNEL LEVEL, that's like giving the authorities permission to put up cameras in every room in every home then making masturbation illegal.
how would you even make a law that delegalizes that, without hurting people that need to use kernel-level software for other reasons?
i'd rather make it mandatory for a piece of software to communicate that to the user, as well as potential risks it can carry
@@_phloggy_ Not sure I understand your stance here. You would rather give kernel-level access to everyone because someone might need that for some software maybe?
@@_phloggy_ what other reason?
@fronix5060 I think they were just saying that legally forbidding it is a bit overkill and, although the stuff is generally not a good thing to have, that just outright outlawing it is intruding the whole freedom thing quite a lot, along the lines of doing the least regulation that still gets the job done. Just because we can't think of a good use for something like that right now doesn't mean there isn't any, plus such legislation could easily overstep the intended target and make making kernel drivers all but impossible if it's drafted up by the same tech-illiterate geriatric patients that write most other laws
What I'd 100% get behind is that the user both needs to be clearly told that this is what they're getting into (and that they need to understand the implications), and also that we raise the level of liability for companies that make this kind of stuff
Agreed, someone can exploit that anti cheat and use it for their malware, since it signed by microsoft it will pass all antivirus engine
I agree. As a CIS student, I wanted to see how well kernel level anti cheat worked, I ran my test with public python scripts easy to get used by many, i got banned at the same rate by kernel level anti cheat as I did by non kernel level anti cheats.
The catch in all this is the kernel level anti cheat didn't ban me, those were manual bans by the anti cheat teams after reviewing my gameplay, vs others (non kernel access) were automated ban
CIS student, as opposed to TRANS student?
@@Zayd-bg1ptTechnology Research and Associated Networking Systems? 😝
@@Zayd-bg1ptgarbage joke with baked-in hatred.
@@Zayd-bg1pt I understand that this is probably a joke, but CIS in this context stands for Computer Information Systems
@@Zayd-bg1pt 💀
Thor spitting absolute facts
Not really, he is comparing stupid WoW bots with very obvious patterns to things such as aimlock, triggers, radar hack. It cant be detected by the same systems.
@@BuddzBunnyHDdoesn't mean they can't be detected...
@@BuddzBunnyHD if you think kernal level anitcheat is a good thing, I'm just done responding to you. It is always a massive risk for the trade off of "possibly" catching cheaters. Game devs these days are just lazy and would rather pay for battleeye or EAC and then just default to blaming them. Kernal level anitcheat is not necessary if you care about your game.
@@rhyszigich8701 play any competitive fps with a kernel anti cheat, now play any without. Goes from hackers being unicorns to seeing one every two game. Il not saying they are absolutely necessary but as a competitive player i honestly dont even want to invest any amount of time in a game where cheating is so easy. And as of now non-kernel anticheat juste don't cut it for me
@@rhyszigich8701 I am no fan of the kernel level stuff, but the only game I know of that is popular that uses it is Valorant, and as far as I'm aware, they have a much smaller cheating problem than any other FPS that I know of. Just because I don't like something, doesn't mean it's not effective. Do I play Valorant? Nah, I haven't played the new Helldivers either because of their kernel level shit either, but there does seem to be an efficacy to their use all the same.
Just FYI, these same companies that "need" kernel level anti-cheat have plenty of bugs and exploits in their games, so who's to say that the Anti-cheat doesn't have vulnerabilities that can be exploited by unauthorized people?
It does have vulnerabilities but they are so rarely exploited that nobody cares.
No no no. They do have vulnerabilities. They are written by people.
@@Ghosty72401 If a cheater doesn't cheat yet, they are indistinguishable from the average player.
Anti-cheat theoretically catches them before they cheat, but cheat developers can always get ahead of the system.
A system that watches every player and decides if they are cheating in real time is what we want, but that isn't possible currently.
I wouldn't be surprised if the NSA doesn't already have a nice stack of zero-day exploits they use on a variety of anticheats.
@@anthonysimpson1079 Whilst that is true (I'd know as a software engineer) most vulnerabilities are often a mix of the wildest shit no one's ever gonna come up with, but still it's a vulnerability
*draws square*
"Do you understand now?"
Kernel-level anti-cheat is like forcing someone to wear an explosive-laden jockstrap or you won't let them play Soccer.
It really doesn't get talked about enough in the gaming community that kernel-level anticheat is rootkit software. That to simply play certain games you have to submit to what in any other circumstance equates to putting the worst level of malware on your machine.
This type of worry is on par with people terrified about FB and TikTok. I’m not sure why everyone is so afraid of this type of sjit
@@MrFloat777 i love how you go to a comment pretty much saying the exact thing that a huge figure in cybersecurity is saying and do the equivalent of just saying no without any further explanation
it absolutely is something to be worried about
@@MrFloat777 You're completely explained both in the video and in this comment what is so wrong with it.. Man those websites and applications absolutely love you for just handing every little letter of your information and security to them.
@@Miss_GiggleFarts Ok but at the same time he says this is my area yet video games have anti cheat and still millions of cheaters.
@@MrFloat777The issue is that they are trusted and have high level of access.
There were some malware that exploited some issues in one of them to gain privileged access.
More than that, you didn't actually need to have it installed: it was nice enough to install it for yourself since the anticheat installer was a signed and trusted executable
if only bungie has someone like you
Why? They'd just fire him so management can keep their pay bonus.
Easy stop playing Bungie games. That company has been a husk of its former self since 2011.
Right?? Poor guy was hacking TW shogun 2 and got banned from destiny2
One somewhat reasonable explanation for why they do use it could be because most people aren’t hacking the game itself they’re using a third party program. ( but I know jack about this so don’t believe me)
Thats still technically hacking the game since it messes with the game system @@outbreakperfected5704
**Corporate would like access to your data**
*slowly proceeds to extend middle finger*
The box represents the coffin he's gonna put kernel anti cheats into
im necroing your post but Warden was and still is notoriously one of the worst anti cheat detections around kernal level anti cheat is bad for other reasons but as long as its fulfilling its primary objective generally its worth the trade it also depends on the game. if im playing stardew valley or terraria or a single player game obviously it makes no sense but if im playing the HIGHEST level of competition on a game i want to REALLY make sure im playing a fair game sure it will never be 100% but we aren't shooting for 100% we are just shooting for a high number and sending a prayer to Thor that its enough.
its a little disingenuous to say all kernal level anti cheat is bad because technically speaking the anti cheat itself is great its just you are leaving a metaphorical computer nuke on your pc for a fair game.
@MerkSig gonna have to hard disagree on the generally a good tradeoff, sure in competitions you need sanctioning and invasive rule-checking, I'll 100% agree there. However, to the average player, in my eyes this thing looks to be on the level of just running every random .exe you find as admin because that way they can't fail due to permissions. It's a glaring security hole and the companies making them presently just don't care that much about that part, lest it affects their reputation of course. I think if we both educated people on how dangerous these things actually are, as well as held these companies strictly liable for whatever exploits are found to be in their little kernel concoctions, I and a lot of people would be a lot less stuck up about KLACs. Personally I don't want to see them anywhere near me, but I feel like as long as a person is allowed to actually understand what exactly they are getting into before getting into it, then that's fine in my eyes and they can make bad decisions if they so desire since they're at least aware of what they're letting into their PC.
This is perhaps your grandest and most beautiful illustration ever.
"Do not quote the deep code to me, i was there when it waa written" Thor of Narnia lol
I went in, broke the chunglebumps apart into Cheebles, grabbed the Schmode Rave, pulled their geodesic generator, and fit it into Flembry, and huzzah, the Scrumblifier scrumbled no more!
Any anti-cheat developer will also tell you that it isn't possible to stop all cheats because there is always a way to avoid detection.
It doesn't matter how many people you have banned. We are talking about how many more can we catch and ban?
Where I find the issue is with dishonest companies like Activision, which built their own kernel anti-cheat for CoD just to protect their advertising cheaters and not let that info leak out.
It’s not about banning every hacker. It’s about making it as difficult/expensive as possible to hack. The more advanced the hack the more it costs, both software and hardware.
In other words detectives should stop catching murderers because a few of them get away with it?
Kernel AC has the highest cheater ban rate than any other AC method. The entire point of AC is to reduce # of cheaters.
@@Johnsmithhjoe All it does is stop people who don't have the know how. Like piracy, those with the means make it available to everyone anyway.
@@JohnsmithhjoeNo, but detectives should not be allowed to flaunt due process and the law simply because, _maybe_ , they might be able to catch more criminals.
Sure, tyrants are somewhat better deterrents against murderers. But at what cost?
He has a platform, whilst he is knowledgable, he yaps a lot of crap about anticheats.
Thank you been saying this for years and I always heard BS from people claiming “we need it to stop cheaters” no it introduces tons more risks and issues we don’t need nor should ever have to deal with for a damn video game.
ex cs cheat developer here, kernel anticheat is absolutely a nessecary vector for detection of cheats, here are some examples of situations where a kernel level anticheat is able to detect a cheat, and a usermode anticheat has no ability to detect reasonably :
1. DMA (direct memory access) cheats, these are physical hardware cheats in which a device is plugged into a PCI-E slot, and has unadulterated, complete access to every single byte of memory on the entire system, in other words, you do not even need to be interacting with the game on the software level, with this device, you can manipulate or simply monitor the game's memory and send that information to and from a second machine that will tell you everything that the game stores within RAM, such as player positions, utilities, grenades (for warning/velocity etc)
a usermode anticheat cannot detect this with any proper DMA setup that blocks off any usermode program from enquiring as to what is on the PCI-E bus and specifically what the device is and how it functions, with a kernel driver, it can absolutely inspect the PCI-E bus to see what is on it, and monitor what it is doing to determine possible cheating activity.
2. virtual machine detection, this is important because if the player is utilizing virtualization, the host can monitor and manipulate the memory of the guest without having any such software running on the guest system, to a usermode anticheat this appears as benign (if you are only reading from guest, literally impossible to detect, if you are writing to the guest suspiciously, there could possibly be some room for detection).
a kernel level anticheat can detect this because there are little windows API calls that windows makes avaliable that would reveal information beyond what the user could have potentially falsified, by default, virtual machine systems will almost always advertise that they are infact a virtual machine to the rest of the system, however this information is very easy to change in order to make what is known as a "stealth VM", this is a system specifically designed to act like it is just a normal host system.
kernel level allows the module to actually investigate and look into drivers (without having to manipulate them) and determine whether or not the system is actually a virtual machine, and if so, kick (not ban) the user from the gameserver.
we see this done with battleye, easyanticheat, and faceit's anticheat modules, and they are pretty successful at it, however usermode anticheats have limited ability in this regard.
Current anti cheats for fps games are not working, what do you propose
Kernel level is not working either lol. In context Thor was talking about apex being hacked, and Apex has kernel level
@@jaydengraham8303 anti cheat solutions will never work to stop people like us game hackers. i personally do it for the challenge, people like to gas up vanguard and yet its not that complicated to bypass. however the act of cheating itself is pretty boring imo. its fun for the first like game or 2, as you feel good about making something that works and is considered "difficult", but you dont stay, you go and take the next challenge thats available.
sorry about the tangent there, point is. only thing that can stop cheaters is LAN only gaming, where someone over your shoulder can see you. even then, the exploit there is the actual person.
slip em a 20 and you'd be fine lol.
@@jaydengraham8303 there is fundamentally no true solution for cheating
The difference is that Thor is a competent person willing to do some work to make sure cheaters are dealt with, while most game dev companies just want to shit out a solution that works, customers be damned.
Thor is talking about mmo anti cheat, not going kernel is just not an option for fps games nowadays.
@@ssarkos5148 It never prevented cheating. So how is a solution that works a bit better than other solutions with a way bigger impact on the security of your system "not an option"?
There will always be cheating in online games and the best way of prevention is active monitoring by people not leaving that issue to apps that can be bypassed or corrupted.
@@ssarkos5148 Bullshit, it can't even detect the shit that matters. It's a deterrent that puts everyone at risk of a company no one should trust.
@ssarkos5148 if you truly, truly believe that the cheating is so bad you need to do that, then just stop playing those games
Kernel access is *the* access level, there is *no* going back once you give it up. If you're demanding all your games get kernel access, you're turning every game you own into malware. "But it's a game, how could it be malware." All it takes is one malicious *line* and you could be screwed. One disgruntled employee and every user of the game has to throw out their laptops. Someone hacks the company? Say goodbye to your information. Are you really so desperate for an anticheat, are your games so incredibly rife with cheaters, that you are willing to not only get rid of your own safety and security, but demand that an entire userbase do so as well?
@@gen9695 A usermode application has access to all the files on your pc, a developer doesnt need kernel access to screw you. Kernel has more power but if you dont trust the company you shouldnt download their game at all.
AZ’s final trial was a battle, he needed to learn how to lose, to really lose, fair and square and NOT retaliate like he did the first time. That’s why his acceptance of defeat is the last piece, instead of a chip on his shoulder, losing to us gives him peace. He’s Lysander’s foil. He was a man who kept losing and getting more and more angry that life could always get worse versus a man who won over and over and got angry that he wasn’t rewarded for being “better”. Lysander’s fleeting and feigned affection for his personal inner circle, indicated by his “friends” and Gyrados contrasts AZ’s long held love and longing for a single individual and reclusiveness towards everyone else. In the opposite end, AZ didn’t care that his weapon would cause genocidal levels of destruction-but Lysander did. Both couldn’t find a way to solve their problem without the use of violence, but while one received permanent death as a punishment the other received permanent life, an arguably worse punishment. This character contrast also explains why Lysander can use mega evolution despite being an actual fascist: he embraces love only when it brings him power, whereas AZ does so at the cost of it.
Thank you for the visualisation below. Now I understood perfectly.
In an alternate universe, his name is "Tor" instead of "Thor"
I don't know if Thor knows this, but the way he draws a square is exactly how you write the character "mouth" in Chinese 口 (which is a square). I find that satisfying af.
In America we call this
“Yap yap yap”
Just kidding lmao this is a dumb joke this guys super entertaining lol
Same as Japanese kanji! I know a ton of hanzi and kanji are the same but I thought I’d just add this on lol
when someone says "I programmed a kernel level anti-cheat" they actually mean "I just don't know how to do a better job"
Kernel level anti cheat, aka rootkit that is whitelisted on Windows defender.
Basically get someone to download a modified version and you have a straight up rootkit that gives you kernel access that Windows defender won't even scan
@@andrewgreeb916a modified version would have a different hash, you would need to hijack it using a vulnerability and inject your code for it to be OK from the POV of defender
the biggest problem is that a "certain" kernel level anti cheat doesnt just run with the game. it will go through your files at any point, and without warning will just permanently delete anything it objects to. no program should ever have that access.
Let me guess: Vanguard?
@@phsycresconquest6636nProtect GameGuard is doing this with Helldivers 2 right now.
@@phsycresconquest6636 Helldivers 2
Damn I even got mad at Windows defender for doing it like 4 years ago, now it is just permanently disabled. Never missed it.
@@ANDR0iD tbf for an anti-virus it’s much more understandable as it’s doing that to keep unwanted hidden programmes out. Real time scanning is a pain and should be done away with but disabling anti-virus completely isn’t smart either.
Helldivers 2 has this and I really hope they change it
They won’t.
@@hexerin sucks for them
Holding out until it gets replaced or my spare PC gets finished
@@hexerinThey should, there's so many people refusing to buy it because it has nPGG.
@@FutureCommentatorYeah, not really. Its selling like hotcakes.
Thor isn't incorrect, but not all issues can be solved by what he suggests. There are different things that cause different issues. Helldivers has a resource issue that, unless Arrowhead is investing in MASSIVE amounts of server back ups for flash restores, is easily exploited by cheaters, and thus ruining the game for everyone else.
You don't have to agree with me, while also agreeing with Thor. What he said is valid for THAT scenario which is what he spent his time doing primarily.
The difference here is that bots are something completely different than cheats in fps games, take a look at cod or cs2 and how bad the issue is in those games where most of the players on the leaderboards are in discord servers dedicated to cheating their way to the top and then selling their accounts for a ton which sell in minutes and then take a look at val which does have cheaters but you meet one like once a year and the cheating community is not as open as other games like cs2 or cod
I botted for 7 years in Wow. Never got caught. I would say doing gathering routes for 12+ hours every day would be a bit suspicious. Never even got a whisper.
the worst part, people are okay with it.
not only that: people are ok with installing kernel-level cheats to bypass non-kernel anti-cheats (because of course they can totally trust the nice hacker who created it, right?)
@@RegnumMortispeople will install kernel level anticheats from companies owned and operated in countries like Saudi Arabia and China which is even more fucked.
A LOT of people, especially content creators, PC's have this. One day there will be a big exploit and all their PCs get compromised.
Helldivers isn't a bad game, it's only the rootkit that's the issue.
@@jebbyy32*cough* Valorant *cough*
Not only are they okay with it, gamers now actively demand it from developers thinking Kernel level ACs will eradicate cheating forever. People suffer a minor inconvenience in their video game and are immediately comfortable signing away all their privacy to companies. Like the chatter in this clip calling it a "necessary evil" LMAO. If Netflix.exe, a cheat that has a readme file of like, 4 installation steps can bypass a Kernel AC, I don't think that trade is working out, Bros.
This aged like fine wine.
How so?
@@danielchettiar5670he might be referencing the bs anti cheat that Helldivers has
@@DonkeyOnAUnicycleBut again, he's not running Helldivers 2 on a machine containing anything else. He built a machine dedicated just to helldivers 2 to burn it after the Democracy wins.
@@DonkeyOnAUnicycle Ahh okay
@@RobluexHow did he do it? Is he using a virtual machine or did he build another computer to play this game? I'm in the same boat, I want to play it but no kernel anti cheat will touch my computer.
Most accurate depiction of a kernel I've ever seen
I hear kernel and I just think “corn” and corn doesn’t belong in my computer
The amount of people who have said 'its not that bad' shows how little they know and its infuriating because they just don't want to listen
If Thor actually thought it was that bad he wouldn't still be playing helldivers.
@@Robert-kk5wy There are ways to mitigate kernel level anti cheats from having access to your stored information.
I mean, I don't personally think it is that bad. Perhaps a bit overkill in some scenarios, but the concept isn't something I'm against.
It's like using a sledgehammer to open a wallnut. If you're not careful, you might break the table in the process. But you can be sure that you're gonna crack the nut. You could go and get a nutcracker instead, but those don't always work, especially for any kind of nut. But a sledgehammer? It'll crack any of them. Just make sure you're swinging it on something safe.
@RenAki5 If I understand the analogy right, its different when someone else is swing the sledgehammer. Do you have 100% trust that their intentions are good. Are you able to completely trust the code that acts as a sledgehammer? The point being you're essentially giving a stranger keys to your digital house and hoping they don't do anything sketchy when snooping around.
@@Leedledled1 I mean, I'd trust the guy installing security cameras and home defense alarms to not be up to no good. And just the same, I trust anyone in Cyber Security to know what they should and shouldn't be doing.
Any program, not just kernel level ones, can cause a lot of problems/damage to a computer. Do you trust them to not have updates or software in them that could be harmful? Any video game could just as easily add crypto mining software that runs on the side of it, and destroy your GPU.
And uh, the obvious issue of literally shooting your own company in the foot by actually causing harm to your entire userbase. I'd much sooner trust the massive video game development company with kernel level access, as they're going to be regulated and have much more honest communication about it, than some random cheat software online, with 0 regulation, and no idea who or what the creator's intentions are, that also goes kernel level to dodge lower level anticheats.
100% this. DMA devices are the biggest threat which kernal level doesn't detect. Anything else can be done via normal detection or stats grabbing. Headshot %, KDR, movement xyz coords, gold increases, ANYTHING can be trapped in a database and be a route to detection not to mention normal process injection detection/code injection type stuff.
That only works if the cheater is rage cheating, if they know what they are doing you cant catch them like that. Kernel level acs can detect dma unless you have your own completely private hardware.
I *highly* doubt you can catch a cheater in LoL just by analysing their gameplay statistics. Even if you catch dodge-scripters by cleverly differentiating their movement, how would you catch people who cheat by removing the fog of war? That's just information to them, like wall-hacks but less noticeable.
Trust me it's sometimes it's even hard catching a cheater while watching overwatch on cs specially if they know what people are looking out for. Stack team of 4/5 have one guy walling and the advantage is enough to climb the ranks. Mmos are different a lot of it is server side, unfortunately fps games a lot of the time it's client based that's where kernel AC potentially is required but from what I've been seeing that AI cheats running between monitor and PC it's going to be pointless soon potentially future AC will be requiring a hardware device 😅
@@capbarkerfirstly, not coding your game so shit that it gives global state information to all players.
@@capbarker By not sending the state and position of players when they're not visible. FYI League already does this, but it does have a small buffer zone where player data is sent. So you don't have someone blink into your vision out of nowhere.
My thoughts exactly. It's a game. It doesn't need to invade my privacy to make it harder for some people who are going to cheat. Cheaters will cheat using direct memory access hardware. It is ridiculous for game companies to request such access and i refused installing games that require me to install drivers for drm and anticheat and will continue to do so. Companies need to do better and keep the state at server-side
How do you address someone using an aim bot?
@gothpunkboy89 "Good Evening, Aim Bot User, may the morning find you well."
Kernel-level anticheat is an artifact of the past, as counter-measure of the nature of online games in Asia back then. MMO had played a big real money trading, means hacked accounts = loss of money. Development was also very slow and rigid back then so game/engine updates may come once annually or two, hence game update may differ to content update.
plus, win98/xp also has lots of security holes so memory alter/tampering (zero binary modification) cheat was a thing back then. dev/publisher will do anything to secure their game from intrusion.
@@gothpunkboy89 Either accept that it happens in fps games or stop playing them. Tbh I play less and less online games nowadays. There are cheaters everywhere every game.
Just stop playing if you are overwhelmed.
@@ANDR0iD Or they can implement programs to catch and allow the banning of people who cheat.
That's exactly why they do it tho. Companies trying to lessen costs and cut out engineers they see as cost inefficient by using invasive services instead.
So basically, like many other modern AAA game development techniques, Kernel anti cheat is the way it is purely out of laziness to create better systems. Instead of putting a door in the wall to get to the other side, they simply blow up the whole building to get that result.
No, with our current technology kernel ac is the best weapon we have against cheaters. As soon as you leave the kernel cheaters can just shut down your anti cheat. Ai could work to catch aimbots but you still need kernel against wallhacks.
Did you not watch the short?@@ssarkos5148
@@ssarkos5148 you can bypass kernel. It just gives you a false sense of security. And you can definatly use Ai to detect wall hacks. Because you play differently if you where everyone is and that is detectable. And you can probably add fake players only people with wall hacks can see. Like how you can add fake blocks to mess with X-ray in minecraft.
But why do something like that when you have Kernel-level anti-cheat? Because that's obviously the only good way.
@@ssarkos5148 kernal level against wallhacks? are you really that dumb? There's at least 2 defenses you can do in the game itself. force a pure texture state (something that many Valve games do). You can also just not render anything if it is fully obscured by objects or terrain in the player's field of view.
@@ssarkos5148Should we listen to you or the guy who worked on Blizzard?
Genuinely curious if you have heard of Escape from Tarkov and its cheating problem, would love to hear your take on it!
They just honestly either don't know how to deal with it, or don't want to deal with it in a timely manner due to hacking getting them more revenue
Like, most of their current hacking problems can be solved with a netcode fix, yet they have refused to anything about netcode for yeeeears
@@raremc1620 was going to reply exactly what you said. Their netcode and the server not being the source of truth is eft's problem
Switching to server side authority would be a start
I think the necessity of ANY anti-cheating measure is just to maintain a good player experience for the majority of players. You don't need to eradicate cheating entirely; you just need to address wide-scale, accessible cheating that has a perceptible negative effect on the player base. The upper echelon of cheaters/hackers are a minority and they're not worth pursuing at the expense of everyone else's privacy or security. The more money is involved the harder it is to apply that though because it becomes more of an assessment on ROI-if installing spyware on the whole player base's machines results in a net gain, management will be foaming at the mouth for it.
I think thats a major component and a great thing to highlight. There's an additional problem with cheating though that can cause major issues. If you have a competitive leaderboard, and being a top player can mean real money for the team you're on, even just a player or 2 doing these cheats could cause major issues for a game studio and the people watching these matches. Similar issue to PIDs in professional sports
They ignored him as he spoke the truth.
you forgot the most important part: The kernel level program is only a corrupted C&C server away from infecting your system. You already have kernel level access on that machine then
Any antivirus that scans kernel level anti cheats will flag them as a rootkit.
Because they are a rootkit.
And bad actors like to abuse the part where anti viruses whitelist anti cheats.
im feeling like a kernel-level anticheat with all these bots im reporting
It would already be a bad idea fundamentally just due to how much of a massive unnecessary overreach it is, but its made incomprehensibly worse by the fact that it very often doesn't even work. Helldivers 2 has kernal level anticheat and for weeks prior to the mech stratagem being released, cheaters were already using them by hacking them out of the otherwise unused/unaccessable code.
Its like using a thermonuclear bomb to blow up a single building full of terrorists, and then it lands and doesnt go off, and now you have an unexploded nuke sitting in the wild and have to just trust that nobody takes it and uses it on innocent people.
Thanks for telling the world the truth. Too bad the executives at big companies don't care, so we need to vote with our wallets and stop buying games with kernel level anti-cheat.
How do I find out if a game uses kernel?
@@MrDuLukesprobably google it. I'm sure there must be a compilation of all anti cheat softwares and which games use it
@@MrDuLukesMost games use kernel level anti-cheats, but most of them aren't what people have problems with.
Like, take Easy Anti-Cheat or BattlEye, both run as kernel anti-cheats. But EAC and BE only open and run while the game is open, unlike Vanguard which is open all the time from computer start.
Personally, I dont care about EAC and BE because they only start and run when you play a game. Of course they still have kernel level anti-cheat, but at that point it doesnt bother me much.
As for how to find out.. Well, if it has an anti-cheat, it's mentioned somewhere, and you can just google it. But it most likely will nearly always be kernel level.
@@raremc1620afaik that is only half true and vanguard is only openly showing when its running as a way of being open about it compared to EA
This guy just showed up in my feed and decided to solve reality.
As someone who has wrote cheats, kernel level anti-cheat makes cheating a lot harder. Yeah you can detect cheats without it, but you also detect way less sophisticated cheats.
Too bad. You don't get to rootkit my entire OS just because it makes your job easier. You're creating a massive security risk that's outright malware.
@@superslash7254 he's not creating anti-cheat, he is creating the cheat software. And he is saying that he has an easy time if there is no kernel level anti-cheat.
It makes it harder, but not impossible. If it's worth protecting the competitive environment at the cost of bricking some computers, it's worth cheating at the cost of writing harder to detect cheats.
@@LibertyMonkits all fun and games till your company finds itself balls deep in a class action lawsuit for damaging /frying clients computers.
km anti-cheats doesn't make cheating harder lol. only beginner game hackers struggle with it. reversing the anti-cheat i'd say is the only "struggle" as the driver is typically virtualized to stop reversers. however, the detection methods for things like EAC/BE are already well documented on forums, so you've already got everything you need already lol, as long as you have a decent knowledge of windows internals you can bypass them with not a lot of effort.
It’s one thing to have an anticheat in an MMO it’s a completely different beast in competitive FPS games where people play online tournaments for tens of thousands (sometimes more) of dollars
Ah yes, WoW - famously devoid of bots
he is most likely talking about Honorbuddy which was a very popular bot that came about shortly after WoW Glider. Blizzard shut both of them down. All of Honorbuddies other bots got shot down too for other games
It's from a time when Blizzard actually cared about banning bots
@@AlmarWinfieldmy guy, glider is still active what are you even saying. Just google botting WOW and look it up yourself.
@@venturnoThey still very much care about banning bots. And why wouldn't they, considering bots cause them to lose money?
@@venturno Played since january 05, there's never been a time it wasn't full of bots and other blatant rulebreakers that never get punished
Minecraft does that pretty good. Anti-Xray for example has a long history of back and forth. First they introduced false block informations send by the server. Then people got creative and build seecrackers to simulate ore generation in order to get around that. And guess what ? Developers figured, if you use a random seed generator for each chunk and just merge them into one landscape, ore simulation won’t work anymore.
Thank you for the visual representation 🥺
"it's a necessary evil!" -said the federal agent.
It is fair for non-competitive games.
But for highly competitive ones (LoL, DotA, CS, Starcraft etc.) You do not have a month to sit there and reverse engineer a cheat.
As ppl using them are ruining competitive right now
If you don't have a month to reverse engineer a cheat, you also don't have a robust enough process to be safely monkeying around in the kernel (of all the thousands of different builds of machines your game runs on) to try and catch the cheat.
Not to mention just having kernel access isn't a magic bullet to suddenly catch everything easily.
i don't know a single person complaining about cheating in lol. from casual players to pro players. there's been constant complaints about every aspect of soloQ in the game, and cheaters has never been one of them.
@@smugler1 well, that is not fully true. There are scripts - for Zerath for example, but they are not cheats in its formal meaning
@@mustdy7177 Get out of here. Scripters are pretty much only present on the very very top of the rank ladder and even there the ratio is probably one scripter for your entire lifetime. On the other hand, the first months after Valorant was released there was pretty much 2 cheaters for every match. Heck, on the same week they started distributing keys you already had literally DOZENS of cheats on the market. Kernel level or not, didn't make any difference except for the fact that it was a resource hog and a privacy and security hole. League has been up for 24 years and they still haven't managed to build a stable, efficient, bug-free game client and you somehow expect them to write kernel level code decently? Are you ok? Have you actually used either lol or valorant for any extended period of time?
a scripting Xerath every 100 games is ruining
competition? sure
im ngl, listening to thor speak sounds exactly like the cliche hackers in 2010's movies
Kernel LVL anti-cheat is just a disaster waiting to happen, case and point, genshin impact had something happen to theirs a year ago
What happened to theirs? I used to actively play Genshin a year ago, and was plugged in to related news, but I never heard anything about this.
@@meeszijlstra5426it was a windows related issue, if you were playing on mobile im pretty sure it wouldn’t have affected you
It wasnt even genshins fault but windows oml please next time educate yourself and then dont spread misinformation
had nothing to do with kernal level anti-cheat lmfao
god you're stupid
Dude casually mentions Warden one of the most invasive anti-sheets that is not kernel level.
I don't think he's on as much of a precipice as he seems to think he is
So a rootkit vs a non rootkit? seems like a pretty big difference to me.
Do you know what the difference between an invasive rootkit and an invasive non-rootkit is? It's the difference between a papercut and a beheading.
helldivers 2 rn:
Does it have kernel level anti cheat?
@@lachesis1033 yes, specifically “nProtect Gameguard”
@@lachesis1033And a massive cheating problem, apparently.
@@lachesis1033 yes, one of the reasons it got negative review bombed at launch
Its even funnier because so many of the people bitching about helldivers will go play cod or someother game that has kernal level anti cheat.
it also sounds like a massive breach of safety, i bet it could get a lot of slaps in a lawsuit if things bad happen
This man is THE fuckin guy. I cannot get over how cool he is, my god.
Thor is the coolest man on the site bar none
Been saying this for so many years. And now look at Apex Legends. Get wrecked EA, stop installing rootkits on peoples computers
This short sure is something given what's happening with Apex
He talked about it on his most recent stream with a top Apex player
“Do not site the deep magic to me witch, I was there when it was written”
he definitely needed to open up paint for that
the explanation would not work without that rectangle as a visual cue
And now we’re seeing more cheaters than ever before
That is because there are more players than ever before and game studios have gotten lax, relying on kernel level anti cheat that fucks over their loyal players to deal with the problem in a functional manner.
I would absolutely love to hear your thoughts on what some other good detection methods would be for games like valorant/other competitive fps that use kernel level anti-cheat.
Idk I feel Thor generalized too much. Back then when he worked at Blizzard cheats werent that advanced. Right now many anticheats are kernel level because otherwise is extremely difficult to detect some cheats
@@wassup4532 If you were savvy enough, you could theoretically silence kernel-level anticheats entirely at the network level, entirely externally to the machine you're playing on. Hell, there are kernel level cheats out there too. Thor did not overgeneralize. You CANNOT trust anything that is not running YOUR software on YOUR hardware. AKA: Never trust the client. Ever.
Most games companies slap on kernel level anticheat and automated report-based systems because it's easier and cheaper than actually properly validating and sanity checking what players are trying to do on the server side.
But it's lazy, still possible to bypass, and straight up is a security risk. In fact, I would LOVE it if tomorrow regulatory bodies started regulating kernel-level code legislatively. It's not needed for much.
All kernel-level anticheats do is escalate the battle between cheat makers and game developers in a way that leaves consumers open to more threat actors than before.
@@wassup4532 Yeah.. idk about Thors take here. If anti cheats don't need kernel level access to function well, why is it that Valorant is like the only game that remains *somewhat* cheat free (and if there are cheats they are shut down near instantly)? Kinda funny how all these other games he worked on have infinite cheats.
@@kiro3779 What are you yabbing about? The game is def not “somewhat cheat free”, no game can or will be. Have you ever heard of DMA?💀
@@luckra808 Compare Valorant (1 cheater every 100 matches or something) with CS2 (1 cheater every 2 games). Obv just subjective experience but the difference is very noticable for anyone that is somewhat experienced with both games. I would give Valve Kernel level in a heartbeat if it meant I could play the game without cheaters again
To clarify for anyone who's confused: he's talking about Blizzard's Warden anticheat, which worked by fingerprinting running programs on the user's machine and matching them against a known list of cheat tools, the same basic principle that antivirus tooling uses. He favors this over the kernel-level behavior-oriented approach, which instead purports to flag any unapproved interaction with the running game. Honestly, valid, if you take the stance that no approach is ever going to be perfect and the most important thing is raising the bar for an average person to get a cheat set up without direct tech support
Thank you for this important message to Rito, aka "small indie company"™
What?
@@user-ye2vn4dh8h this is about Riot Games introducing Vanguard, a kernel level anti cheat, after their top league is ddosed through a bug in their other anti cheat.👌
It sucks watching more and more games go the route of Kernal and having to decide between safety and just enjoying a couple hours of games Id genuinely enjoy.
I almost miss my ignorance before I learned about cyber security, but then I remember how in trouble I would of been if something happened before I knew as much as I do now.
i wonder what his opinion on detecting external cheat tools that are gaining popularity now.
before long it's a case of split the monitor output to a machine vision module, and some USB devices that pretend to be a keyboard and mouse or a gamepad, under control of the entirely separate hardware. No software there to detect.
@@davidskidmore3442It's already at that point. There's documented cases of that exact setup being used. And it's via cheaters self-reporting and showing off their hardware to do it.
Some are impossible to detect. I remember hearing about an MSI monitor on The Wan Show. It had some sort of AI tool monitoring what was shown on screen. It had a light strip at the bottom and the AI could be set to monitor some portion of the screen (like health) and give and indicate it's status so you don't need to focus on it as hard. It could also monitor the mini map and anytime an opponent came out of of the FoW, it would mark it with a circle and an arrow.
Now only LoL was mentioned so I don't know about other games. I also don't know if it does anything else or what kind of options it has for adjustments to the overlay (if it has any). But it would definitely be an advantage... and through hacking or hardware mods it could be the most powerful and completely undetectable piece of cheat hardware _ever_.
@@davidskidmore3442 I wouldn't worry myself too much about that for a few reasons. 1. good detection relies on watching inputs as well, not just the software running. 2. do you know how expensive a setup like that would be? You need a system powerful enough, and software well built enough to analyze the data in as close to real time as possible and make decisions on what to do.
What counter do you suggest? activating HDCP in a way that leaves the result a low resolution mess that no one would want to use anyways?
Its absurd I 100 percent agree with you I HATE knowing that if I want to play certain games that they will force you to have a kernel level anti cheat. The funny thing too as a player most of the games that have that feel to have more cheaters too.