Kernel Level Anti-Cheat

not even that, he pulled the "I was one of the writers"

Like mf moses

“Do not quote the deep magic to me, witch!” 😂

​@@jeremygardner5987and Aslan

Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed.
Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it.
Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.

Lmaooo

This man is amazing. He speaks about this with such confidence, expertise and knowledge. Hats off to a true professional.

Maybe this is his "outside of the box thinking" explanation. I mean, he is certainly not inside the box 😅

You think you are so great😂 keep going little buddy

😂😂😂😂😂😂😂

It's all this man needs to get his point across

That’s a kernel

Abstract art:

The weirdest part is it makes sense.

@@flankman9385Exactly. How could anyone miss that?

@@eldermartins130 Thor has 2 million body’s he’s in game deleted that many ppl 😭

@@Your.daIly.Clips. what? is that proper english? i dont understand it.

@@uIz_slc use context clues and your brain grammar police 😭😭

​@@uIz_slcthe joke is that he has committed virtual genocide. He's like video game Hitler, when you think about it. j/k 🤣

@@sbrazenor2 ah ok, thank you.

Was thinking Azlan haha

Was this a Narnia quote?

the old magic

It's oft the thought, not the grammar, that counts

Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed.
Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it.
Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.

Bonus point for remembering it is cite instead of recite or quote.

Makes me feel like rewatching Narnia

More appropriately to this situation would be "Do not cite the Cheat Detection to me, Witch. For I was there to write it."

he was there because he wrote them...

YEA

Nah, they just want that sweet free information they can sell later to big data companies.

Both

wich is a backdoor​@@Raikos100

If a backdoor was going to be engineered into games, it wouldn't be anticheat systems. It would be some other driver or low level code that flies under the radar. Any other driver should do.

@@JordanPNW a bug is a feature if well documented....

It's almost a perfect circle, representing that this bit will end up looping endlessly as a short. Also representative of a clock cycle, or a function loop. Anyways, it's poetic is what I'm saying.

It really helped me follow his *line* of reasoning.

: O i just realised that

The square (your machine) he drew at the start was all that's needed to get his point across

Fr

He is wrong though, he clearly does not know how evolved cheating has become. There is a reason vanguard is doing the best job out of everything at stopping cheats.

@@brennancondon3357he explicitly said that he doesn’t like it and that it isn’t a necessary evil; not that it wasn’t effective, but that he thinks the security vulnerabilities for the end user are massively unfavorable even when weighed against how much better it might work than traditional detection

Same

10 minuter in and you have 170 likes. Pretty cool

Its 10 pm over here

Oh I’m hella early

The algorithm is meeting demand as needed. 'Tis truly a genius invention from our lovely overlords thank you, Woah Wicky or whoever the fucks running this shit.

Literally the reason why I had to turn my lap top into a burner, just for that shit. Bum ass professors refused to compromise.

Based prof.

Smart prof...

Based

I don’t get why that’d matter

So it proves that you don't need kernel level for a spyware

@@frangarcia1699 if it can read other processes memory it is kernel level basically. Maybe root-level is better term, but yeah - you need access to the kernel one way or the other to see all that.

@@misium Not true, all anti-cheat software do what was described. Anti-cheat by its very basic nature is invasive to all of that stuff. For example, Valve's VAC reads all of your system's active memory hashes and compares them to their database of known cheat software. VAC's access is: 1. All system memory 2. Game files 3. Running processes and 4. Network activity.
VAC is considered one of the least invasive anti-cheats out there. What kernel level access is for is driver level anti cheat. The way to bypass something like VAC forever is by placing the cheat lower on the access totem pole than VAC, which is ring level 3, also known as the application layer, and it is the lowest access layer of them all. Anything below that application layer is effectively invisible to VAC, so if your cheats are ring level 0 (kernel access) then its literally impossible for AC to detect it without other means beyond strictly reading data. This is why a lot of AC's that are built similarly to VAC utilize many more methods beyond simply reading data. They analyze inputs and score counts as well as perform sanity checks that compare game values to detect tampering.
For a moment, you might think that justifies kernel access, but the truth is that even kernel level can be bypassed. I can get through vanguard with a raspberry pi or an arduino. It costs like $200 to bypass vanguard forever. It just creates a massive security risk to raise the price of cheating to a couple hundo. It definitely works as intended, but anyone who is motivated at the highest level of competitive play is unaffected.
Don't get me wrong, AC being ring level 0 is a serious problem. Kernel access allows a program to brick your computer and giving any program that sort of power is very dangerous. We reserve ring level 0 for drivers and OS for a reason because level 0 gives a program access to run machine instructions totally uninhibited. Of course privacy is a concern, but even the most basic of AC software can see what tabs you have open on your browser. Privacy is not a concern at all in that domain, at that point you don't want any anti cheat at all if that's what you're worried about.
Any virus designed to bypass a flaw in the security of these programs can put countless PC's at risk of ransomware attacks. The more popular a program (e.g. Vanguard), the more of an incentive it is for malware developers to get to work.

Kernel is designed to steal all of your private info on your computer.
They then sell all that info to a 3rd party.
Which creates a profile for you to send ads your way.
Yes it steals all sensitive information stored on your computer including passwords, IDs, Logins, etc.

@@drivas166 They literally don't need to read any private information to send you targeted ads. Your everday activity visible to your ISP is enough.
If you think someone is going to just send you ads after stealing your passwords, IDs, and bank accounts, you're hilariously out of touch with reality.

What is the movie? Used to watch the animated show as a kid.

@@RegiusEques There was a direct to tv/home-video movie to kick off the show, called Buzz Lightyear of Star Command: the Adventure Begins.

​​@@RegiusEquesToy Story

@@RegiusEques I think the movie was called “Buzz Lightyear of Star Command: The Adventure Begins”

@@spacepterodactyl it’s an actual masterpiece, with some of the best lines
Case In point-
You’re telling me my plan.
I already know my plan.
I made up the plan.
It’s my plan.
What I don’t know,
is how close you are
to accomplishing my plan!

but why need kernel level anti cheat if we can have ai powered anti cheat.
yes i am joking

Kernel level anti cheat has been used by companies like valve since before 2002, not exactly new, especially for the internet

@@Fatboy2526 First, citation needed. Second, "new MARKETING pitch".
The first electric car was made in the 1800s, but that isn't relevant when talking about modern use for the tech.

4K HD anti cheat

The crazy part is most games that use it simply don't need it.
Any FPS has no excuse, the server knowing the position of every character along with their facing could easily spot things like tracing heads through walls which could simply send an alert to check the replay.
Want to cry about human review costing too much money? AI has progressed significantly, AI review should through enough training sets be able to reach a high degree of accuracy.
All of this is fully possible, and these are just basic solutions.

Exactly. I want to play Helldivers 2 but I'm really concerned by the anticheat, and the sus company that's behind the anticheat who have had security problems before. Ain't no way I'm risking it, I'd rather play something non intrusive.

Yeah. Have an out of date corsair driver? Sorry, Vanguard just greenscreened your pc instead of letting it boot because if it boots, valorant will ban you! Your pc being totally unuseable is better than us getting a false positive sent to our database teeeheee!😅

@@MinaeVainEnjoy missing out on a good game simply because you’re paranoid the anti cheat will go through your p*rn folders.

Also there have been several Kernel level anti-cheats that pose tangible risk to your PC's security, look at Genshin Impact's as an example.

@@fairlywren3664 exactly

knowledge of the stone? not that i care but it seems like everyone gets this quote wrong oddly enough

@@rooknado I went for theatrics, not accuracy.

Too bad he got no clue what he's talking about. Good job, you banned a hacker. Except the hacks they use are a downloaded program they can swap to a new account, and nothing is fixed.
Thats works sorta okay for a shit game like WoW, that he worked on, where you need to buy the game and a subscription to do anything. But cheaper games? Free to play games especially? This does not work, they'll make a new account and continue doing it.
Where as kernel anticheat avoidance typically requires hacked motherboards, which get banned and the hack cannot be transfered to a new one. Making it very expensive, and not super worth replicating lots of times.

@@SleepyStreak Not exactly, considering there's still a hacking problem in Valorant even with their invasive anti-cheat

@@Wild_Dice "Hacking problem" Everyone, including CSGO players, admit valorant has far less cheaters. If you're looking for a 100% rate, you're looking in the wrong universe.

@@SimonWoodburyForget One of the things that I love aboiut product safety lawsuits... they are strict liability. If someone gets hurt from using your product in a way that is intended or reasonably foreseeable, you could be held liable. Imagine if this same courtesy was extended to computers. If a company makes a piece of software that in anyway messes with the system we would have a case. And I mean ANYTHING, from having a trend of causing kernel panics (Blue Screen of Death in common Windows parlance), up to actually killing your hardware (like New World).
Also, class action settlements for matters like this need to be far more than just the cost of new hardware, or a refund for a CD album that loaded a rootkit onto your system...

@@SimonWoodburyForgetthose games are not for you then lol

@@ZeldagigafanMatthewHow do you discern between any other piece of code killing hardware and the hardware/software from the manufacturer killing itself? I mean we're not talking about DOS times, where every software by default had unregulated access to the hardware. In those days you could do things like drive the monitors frequency out of range and damage the display, or position a hard drives read/write-head in a way that was not recoverable. Today the driver is the only piece of software that has the final say what to do with the hardware. And at the same time the only piece of software with access to any kind of sensor data. So any software other than the driver can't be responsible, it might just serve as an unusual case that uncovers existing flaws.

People will just cheat again anyways, banning them doesnt do a lot.

​@@WirrWichtKernel-level access ignores "the driver has final say". That's why it's such a big deal that Kernel-level anti-cheats are mandatory parts of some games. The OS no longer has sole authority over the hardware.

I came here to say that and ask his opinion

Does it even have anti cheat

To be fair how do you even cheat in eft there is no goals or point of playing it’s not like ur grinding to be grand champion in escape from tarkov

I really want Thor to make a video on it now

@@5-iwnl-596with that logic. Why does anybody cheat in any game?

You know what. I think somewhere in his unconscious he meant exactly that

which one are you talking about? vanguard is in the app center for me

@@agrefile2 their are a bunch. EAC, is a classic example. They say it removes itself once them game is finished but... Not all the time.genshin impact says it uninstalls it's anti cheat once the game quits then reinstalls it once the game starts up again but, their have been several examples of it not uninstalling itself. Their was a game I saw... An ARPG called "the night was" I think. It did that as well. "Some ordinary gamers" Goes over a bunch of them.

@tomb3782 I think the reason eac doesn't uninstall is because tons of games use it, for example fortnite, apex legends, battlefield, DBD, halo and tons more. The genshin one apparently doesn't uninstall on every game exit but doesn't send any information to the servers on game exit and stops running in the bg after 30hrs of the game being closed or when the game is uninstalled which i guess means it doesn't uninstall the anticheat when you uninstall the game, very weird

@@agrefile2 doesn't change the fact that I do not like it.

​@@agrefile2If it only stops running after 30 hours of not playing, that's my computer running unnecessary kernel level drivers for most of the time my computer is on.

That’s all yapology terms. I like Thor and respect him but a lot of times he exaggerates or adds flair where it isn’t needed

​@@MrFloat777gonna say sounded like talking out the side of your mouth when you don't know but want to impress.

it's word salad, anticheat detections are typically signature based anyways.

​@@no-ld3hzWhat? No it isn't? Tell me you don't know what you're talking about 😅

None of that makes any sense. Why would he read in assembly 😂

So wait that means the devs have access to PC and info if they even think you're hacking?

Easier to steal your data and harder to pirate

​@@goldensquirtle3325and it can be malicious if it's fucked. Like genshin had that issue.

@@goldensquirtle3325 the devs have access to all of your pc info ALL THE TIME if they want it. The kernel is the very base level of your system, nothing happens that doesn’t use the kernel. So having access to it means they can see every letter typed every network connected to and every last process that is run

I think someone dosent know what anti consumer means

Not wanting to defend them, but as of right now, sad truth is that at least temporarily it is a necessary evil. Cheaters use hardware designed to cheat that is kernel level so using kernel is the easiest way to combat it. Which is sad, Kernel anticheat are scary as hell.

@@miZuZYNWhy? I feel like all the anti kernel anti cheat people just heard it’s bad from someone else, in your own words, what makes it so scary?
Before you bring up data harvesting by the way, realize that literally everything you use harvests data anyways, and that your porn preferences really aren’t actually relevant to a corporation trying to advertise to you slightly better.

​@@miZuZYN that argument kinda falls apart when you understand dma, ahk and arduino based cheats are working with no problem and none of them need any access to the kernel

@@KricketGD ok but to pretend like games like valorant dont have way less cheaters because of there anti is just stupid yes there may be work arounds but the truth is its is way harder to do them with kernel level anti cheats then without, csgo vs valorant is a good example to look at since they are very similar communities 1 has a lot of cheaters and one doesnt. And no i dont think its good to have these anti cheats but i will also be honest in saying i have and will continue to have vanguard installed on my pc until there is a better way to keep cheaters out of valo

If you're a shit programmer there isn't a better way.

Tell us you have no clue what you are even talking about. Administrator access level is nowhere near Kernel Level access. Depending on OS and ideology, there are several layers above Administrator level access before you get to Kernel access rights...

​@Ornithopter470 except when apps are in a container like with flatpak as root user in the container might not mean that much

You don't even need a bug. Kernel anti cheat drivers are usually also signed by Microsoft. There was malware floating around that used Genshin Impact's signed kernel level driver.

​​@@Ornithopter470 there's actually a lot of REALLY low level stuff that the kernel can do that root can't directly do, it's just that most of that stuff is not something a user would want to do directly anyway. Also a non-sandboxed root is able to just ask the kernel to do a lot of it anyway. 'Protection rings' is the term you want if you want to find out more. All users, including root, are actually in Ring 3.

Uhhhhhhh Kernel is far beyond administrator

Is more profitable for secret government contracts*

please for the love of god, normies i beg of you to stop brazenly just spreading blatant misinformation on a topic you clearly have not studied.
SPYWARE DOES NOT NEED KERNEL ACCESS, please stop prepetuating this god awful myth, literally every function you would need for spying on a system, from recording the screen, to monitoring the mouse pointer position, to intercepting every keystroke that happens on the system, windows provides an easy API call that requires no kernel access whatsoever, spyware does not need a driver, make whatever opinion about ring0 anticheat but do not say it is bad on the basis that ring0 allows any more room for spying that usermode didn't, because usermode already allows virtually full spying abilities.

​@@michaelsorensen7567oh god this isn't youtube if it doesn't have baseless unsubstantiated wild conspiracy theories.

@@ChristopherGray00 you mean like how the feds can see all your social medias just by asking without a warrant? That's not a theory. Or like what the NSA is doing? That's not a theory

@@ChristopherGray00 i'm a game hacker myself who has personally reversed most anti-cheat drivers you can name. they really aren't hard to get around. most of their detection vectors (EAC/BE) are actually already documented.
these anti-cheats exist to stop pasters, not anyone who puts the time in to try and get around these things.
really the only major way to stop cheaters from cheating is to have someone watching them.

you think windows defender and Microsoft would question t kernel-level anti-cheat sure if it's from A company we know we can trust it

please don't go on actively spreading misinformation if you clearly do not work or study in this field, virus and malware protection is already on the kernel level, it can already detect malware whether it is in kernelspace or userspace.
another moot point (at least for the most part) is that it merely being in the kernel gives the anticheat full access to your system, news flash, full blown REAL WORLD SPYWARE operates almost exclusively in usermode, you do NOT need kernel level access to record the screen, monitor the mouse pointer, log every keypress, record every window title, and even inject or to open a readprocessmemory handle to another program and go through the entire contents of its memory unless it is specifically a driver itself that blocks off that functionality.

@@ChristopherGray00 Please don't call things misinformation when you clearly do not work or study in this field, and have no idea what you are talking about.
I do work in this field, I have written kernel-level code both professionally and as a hobby for Linux, BSD, MacOS, and Windows, and am extremely familiar with how the protection models in modern OSes work. Anything running in Ring 0 has full access to the hardware and the entire memory space, and can completely circumvent or override any other code in the system (including other kernel code). That is why most well-designed, modern OSes try to run as little code as possible in kernel mode, because any bugs or exploits that do exist in such code _cannot_ be defended against in any way and _will_ have complete, unfettered access to the entire system, period.
But you are correct that in general, the sorts of things these anti-cheat libraries do also largely don't need to be in kernel space to do what they want to do anyway, which just makes the whole thing even that much more stupid, really...

@@foogod4237 literally none of what you said has anything to do with spying capabilities or any of what i said about antivirus itself already being on the kernel level, your original point of contention was that kernel code can "do anything it likes", which is extremely misleading, you know that you're bringing people into the idea that kernel level code can spy but usermode programs cannot, which is just factually false.

@@foogod4237 and no, the statement that "they don't need to be in kernel space to do what they want to do anyway" is absolutely not true, it completely ignores things like DMA cheats in which any remotely sophisticated cheater can simply block off other programs from accessing information about connected PCI-E devices and how they are interacting with the system.
If you have full access to all of the memory in ram, byte for byte, and read into the game's memory as a DMA device (that also has a driver blocking off usermode inquiries), this is literally undetectable by any usermode process outright, there is zero way to tell beyond doing heuristics analysis on the server, which when we're talking about things like ESP wallhack/radar, is extremely easy to hide.

That's so real of you

Thats the best comment I've ever read on this channel💀

I just love how wholesome this is❤

I would love to have my hair braided while I just talk about networking tech. That would be amazing.

After my uncle's wedding I was heading home from the after-party, and a drunk woman sees me with my very long hair (about as long as Thor's at the time, maybe a little shorter) and she starts complimenting it and asks if she can touch it. Now, my hearing is terrible, and when I said, "sure thing" I didn't realise that she had, in fact, asked if she could braid it.
So she takes out my hair ties and goes to work while her boyfriend looks at me, amused. A few minutes later she says she's done. I thank her and go home, and looking in the mirror she actually did a fairly good job, despite being pretty damn hammered.
Sorry, this comment just reminded me of that story. The woman was a little rough, due to being drunk, but aside from a couple harsh tugs it felt quite nice to have my hair braided. My hair is much longer now, probably longer than Thor's, and I wouldn't mind it being braided again one day. Just maybe not by someone 10 pints down.

I hope to god you pointed out "It doesn't matter if the PUBLISHER as a whole doesn't care about their customers, all it takes is one individual EMPLOYEE at said publisher to go rouge for a seemingly safe thing to turn into a MASSIVE problem."
If you can't figure out why basically handing over your computer and giving unrestricted access to a bunch of people you don't know is a BAD idea, you're beyond help.
Some people are just too blinded by a fucking game to think straight. Says alot about the kind of lives they lead....

That dude has never heard of RCE

People are also saying a lot of "oh XYZ also runs from kernel what about that"
Riot is 100% owned by Tencent, who can be considered directly controlled by the CCP. Why does this program from a company owned by the CCP want kernel access?
They might not have any concern about me, who is a random white woman in the US, but Valo and League are very popular in China and East Asia and can see what those people have loaded on their PC and what they're doing at any time

I could not imagine a Linux user being that naive.
I mean I could, but it's really funny.

​@@CircusFoxxoYeah, I don't want American corporations spying on me either, lol.

THIS.

Trusting Amazon to install security cameras in your home.
Oh wait, people already do that...

Actually, it’s more like paying the mob to install security cameras for you. Maybe it’s legit, maybe it’s not. The answer can change as quickly as an Executive changes sports cars

@@ClokworkGremlin people already trust kernel anti cheat too, doesn't make it any less foolish.

What online games you play then, its pretty hard to avoid now days

Tell that to the kernel level cheats bypassing kernel anticheats. There is a way of being less intrusive but what we're doing now is our best realistic option. at least until VACnet AI manages to solve this.

@@mycelia_ow How about you build your game in a way that cheating is just not as rewarding? If MMOs of 15 years ago can build their games in a way that all they need to monitor for is autoclickers/autonavigator you're doing it right, if not, burn it all down, tear up the foundation and start over.

@@mycelia_ow You can bypass kernel level anticheats easily if you actually want to, they are not a foolproof solution.
DMA devices are one such way to slip past kernel level anticheat completely undetected, the only way to enforce higher than that would be to have a person in your house manually inspecting your PC hardware.
It's better to use proper systems to deal with cheaters rather than trying to brute force it while creating critical security vulnerabilities, because ultimately if someone really wants to cheat they always will be able to, you just have to deal with it when they do so.

@@treeaboo effective kernel level anticheat lets you basically hardware ban someone, so the cost of cheating skyrockets. It also isn't "easy" to bypass it (e.g. vast majority of cheaters have very little experience and just download the first result for cheats on Google - the difficulty of having to use some more obscure attack vector like DMA will dissuade 99% of cheaters). There are also anti-DMA techniques commonly used for competitive games, like I know riot games is world-class in anticheat and anti-DMA. You make it sound like it can be easily replaced by "proper systems" and I'd really like to know what these proper systems are.

@@treeaboo The fact that they can be bypassed doesn't mean they aren't serving a purpose or shouldn't be used.
It lessens accessibility to cheats, so the only real market is paid private cheats which limits how many people do it. It's not much but it helps. It's still a barrier.
While we can't get any deeper, we can do a lot more than we are now using data observed by a client. DMA cheats are exactly why we need to be this deep in your system.
Valve has the right idea testing with AI, I'd imagine an AI accelerate kernel anticheats would be far more effective than what we have now, it just wont be flawless still. It's not talked about enough, it's our only option going forward.

Why? They'd just fire him so management can keep their pay bonus.

Easy stop playing Bungie games. That company has been a husk of its former self since 2011.

Right?? Poor guy was hacking TW shogun 2 and got banned from destiny2

One somewhat reasonable explanation for why they do use it could be because most people aren’t hacking the game itself they’re using a third party program. ( but I know jack about this so don’t believe me)

Thats still technically hacking the game since it ​messes with the game system @@outbreakperfected5704

im necroing your post but Warden was and still is notoriously one of the worst anti cheat detections around kernal level anti cheat is bad for other reasons but as long as its fulfilling its primary objective generally its worth the trade it also depends on the game. if im playing stardew valley or terraria or a single player game obviously it makes no sense but if im playing the HIGHEST level of competition on a game i want to REALLY make sure im playing a fair game sure it will never be 100% but we aren't shooting for 100% we are just shooting for a high number and sending a prayer to Thor that its enough.
its a little disingenuous to say all kernal level anti cheat is bad because technically speaking the anti cheat itself is great its just you are leaving a metaphorical computer nuke on your pc for a fair game.

@MerkSig gonna have to hard disagree on the generally a good tradeoff, sure in competitions you need sanctioning and invasive rule-checking, I'll 100% agree there. However, to the average player, in my eyes this thing looks to be on the level of just running every random .exe you find as admin because that way they can't fail due to permissions. It's a glaring security hole and the companies making them presently just don't care that much about that part, lest it affects their reputation of course. I think if we both educated people on how dangerous these things actually are, as well as held these companies strictly liable for whatever exploits are found to be in their little kernel concoctions, I and a lot of people would be a lot less stuck up about KLACs. Personally I don't want to see them anywhere near me, but I feel like as long as a person is allowed to actually understand what exactly they are getting into before getting into it, then that's fine in my eyes and they can make bad decisions if they so desire since they're at least aware of what they're letting into their PC.

Not really, he is comparing stupid WoW bots with very obvious patterns to things such as aimlock, triggers, radar hack. It cant be detected by the same systems.

​@@BuddzBunnyHDdoesn't mean they can't be detected...

@@BuddzBunnyHD if you think kernal level anitcheat is a good thing, I'm just done responding to you. It is always a massive risk for the trade off of "possibly" catching cheaters. Game devs these days are just lazy and would rather pay for battleeye or EAC and then just default to blaming them. Kernal level anitcheat is not necessary if you care about your game.

​@@rhyszigich8701 play any competitive fps with a kernel anti cheat, now play any without. Goes from hackers being unicorns to seeing one every two game. Il not saying they are absolutely necessary but as a competitive player i honestly dont even want to invest any amount of time in a game where cheating is so easy. And as of now non-kernel anticheat juste don't cut it for me

@@rhyszigich8701 I am no fan of the kernel level stuff, but the only game I know of that is popular that uses it is Valorant, and as far as I'm aware, they have a much smaller cheating problem than any other FPS that I know of. Just because I don't like something, doesn't mean it's not effective. Do I play Valorant? Nah, I haven't played the new Helldivers either because of their kernel level shit either, but there does seem to be an efficacy to their use all the same.

I mean, they are right. Can't blame them XD

I mean, you kinda are because most of the features that people are afraid of (like seeing your web traffic and going through your files), are all stuff that they can do from a regular install.
Also, if you played any game with Easy Anti Cheat (Fall Guys, Apex, Dead By Daylight, Fortnite) that's kernel level also. The only thing different with Vanguard (Valorant's anti cheat) it's that it is vocal when it runs (icon in the notification bar) and that you can shut it off. **edit:** People saying it's ONLY running when the game runs are mistaken. EAC has a subprocess running from boot that it uses to have said Kernel level.
The reasons for not running kernel level are existant. It's just not stuff that people think about really.
Also, I feel like Thor is out of his wheel house a bit here. Doing anti cheat for an MMO vs an FPS is WILDLY different.
Also, Thor (or his mods) are actively deleting comments bringing debunking arguments on people misconceptions. So yeah... Take that info as you please. It could be something about double posting, but either way, it doesn't look good.

You're not insane. You are correct. It only takes a single bad actor with a backdoor using that anticheat(this happened in genshin) to compromise data at a level of identity theft.

@@Karlyr_ I’m just worried about a rogue employee or bad actor exploiting a zero day or something of the sort. I know the programs can go through my files and whatnot, but if they try to go rogue I can actually stop them.

@@slamkam07you are aware that what happened with genshin was the result of a mistake on WINDOWS's part right ? It had nothing to do with the kernel anti cheat but the result of a driver that was poorly written by Microsoft's part and then abused by a malicious third party.
Unfortunately, Genshin was using it and distributed it with their software. So their name got dragged along but it wasn't their fault directly.

CIS student, as opposed to TRANS student?

​@@Zayd-bg1ptTechnology Research and Associated Networking Systems? 😝

​@@Zayd-bg1ptgarbage joke with baked-in hatred.

​@@Zayd-bg1pt I understand that this is probably a joke, but CIS in this context stands for Computer Information Systems

​@@Zayd-bg1pt 💀

This type of worry is on par with people terrified about FB and TikTok. I’m not sure why everyone is so afraid of this type of sjit

​@@MrFloat777 i love how you go to a comment pretty much saying the exact thing that a huge figure in cybersecurity is saying and do the equivalent of just saying no without any further explanation
it absolutely is something to be worried about

@@MrFloat777 You're completely explained both in the video and in this comment what is so wrong with it.. Man those websites and applications absolutely love you for just handing every little letter of your information and security to them.

@@Miss_GiggleFarts Ok but at the same time he says this is my area yet video games have anti cheat and still millions of cheaters.

​@@MrFloat777The issue is that they are trusted and have high level of access.
There were some malware that exploited some issues in one of them to gain privileged access.
More than that, you didn't actually need to have it installed: it was nice enough to install it for yourself since the anticheat installer was a signed and trusted executable

It’s not about banning every hacker. It’s about making it as difficult/expensive as possible to hack. The more advanced the hack the more it costs, both software and hardware.

In other words detectives should stop catching murderers because a few of them get away with it?
Kernel AC has the highest cheater ban rate than any other AC method. The entire point of AC is to reduce # of cheaters.

@@Johnsmithhjoe All it does is stop people who don't have the know how. Like piracy, those with the means make it available to everyone anyway.

​@@JohnsmithhjoeNo, but detectives should not be allowed to flaunt due process and the law simply because, _maybe_ , they might be able to catch more criminals.
Sure, tyrants are somewhat better deterrents against murderers. But at what cost?

He has a platform, whilst he is knowledgable, he yaps a lot of crap about anticheats.

It does have vulnerabilities but they are so rarely exploited that nobody cares.

No no no. They do have vulnerabilities. They are written by people.

@@Ghosty72401 If a cheater doesn't cheat yet, they are indistinguishable from the average player.
Anti-cheat theoretically catches them before they cheat, but cheat developers can always get ahead of the system.
A system that watches every player and decides if they are cheating in real time is what we want, but that isn't possible currently.

I wouldn't be surprised if the NSA doesn't already have a nice stack of zero-day exploits they use on a variety of anticheats.

@@anthonysimpson1079 Whilst that is true (I'd know as a software engineer) most vulnerabilities are often a mix of the wildest shit no one's ever gonna come up with, but still it's a vulnerability

ex cs cheat developer here, kernel anticheat is absolutely a nessecary vector for detection of cheats, here are some examples of situations where a kernel level anticheat is able to detect a cheat, and a usermode anticheat has no ability to detect reasonably :
1. DMA (direct memory access) cheats, these are physical hardware cheats in which a device is plugged into a PCI-E slot, and has unadulterated, complete access to every single byte of memory on the entire system, in other words, you do not even need to be interacting with the game on the software level, with this device, you can manipulate or simply monitor the game's memory and send that information to and from a second machine that will tell you everything that the game stores within RAM, such as player positions, utilities, grenades (for warning/velocity etc)
a usermode anticheat cannot detect this with any proper DMA setup that blocks off any usermode program from enquiring as to what is on the PCI-E bus and specifically what the device is and how it functions, with a kernel driver, it can absolutely inspect the PCI-E bus to see what is on it, and monitor what it is doing to determine possible cheating activity.
2. virtual machine detection, this is important because if the player is utilizing virtualization, the host can monitor and manipulate the memory of the guest without having any such software running on the guest system, to a usermode anticheat this appears as benign (if you are only reading from guest, literally impossible to detect, if you are writing to the guest suspiciously, there could possibly be some room for detection).
a kernel level anticheat can detect this because there are little windows API calls that windows makes avaliable that would reveal information beyond what the user could have potentially falsified, by default, virtual machine systems will almost always advertise that they are infact a virtual machine to the rest of the system, however this information is very easy to change in order to make what is known as a "stealth VM", this is a system specifically designed to act like it is just a normal host system.
kernel level allows the module to actually investigate and look into drivers (without having to manipulate them) and determine whether or not the system is actually a virtual machine, and if so, kick (not ban) the user from the gameserver.
we see this done with battleye, easyanticheat, and faceit's anticheat modules, and they are pretty successful at it, however usermode anticheats have limited ability in this regard.

Current anti cheats for fps games are not working, what do you propose

Kernel level is not working either lol. In context Thor was talking about apex being hacked, and Apex has kernel level

@@jaydengraham8303 anti cheat solutions will never work to stop people like us game hackers. i personally do it for the challenge, people like to gas up vanguard and yet its not that complicated to bypass. however the act of cheating itself is pretty boring imo. its fun for the first like game or 2, as you feel good about making something that works and is considered "difficult", but you dont stay, you go and take the next challenge thats available.
sorry about the tangent there, point is. only thing that can stop cheaters is LAN only gaming, where someone over your shoulder can see you. even then, the exploit there is the actual person.
slip em a 20 and you'd be fine lol.

@@jaydengraham8303 there is fundamentally no true solution for cheating

They won’t.

​@@hexerin sucks for them

Holding out until it gets replaced or my spare PC gets finished

@@hexerinThey should, there's so many people refusing to buy it because it has nPGG.

@@FutureCommentatorYeah, not really. Its selling like hotcakes.
Thor isn't incorrect, but not all issues can be solved by what he suggests. There are different things that cause different issues. Helldivers has a resource issue that, unless Arrowhead is investing in MASSIVE amounts of server back ups for flash restores, is easily exploited by cheaters, and thus ruining the game for everyone else.
You don't have to agree with me, while also agreeing with Thor. What he said is valid for THAT scenario which is what he spent his time doing primarily.

I think thats a major component and a great thing to highlight. There's an additional problem with cheating though that can cause major issues. If you have a competitive leaderboard, and being a top player can mean real money for the team you're on, even just a player or 2 doing these cheats could cause major issues for a game studio and the people watching these matches. Similar issue to PIDs in professional sports

They ignored him as he spoke the truth.

In America we call this
“Yap yap yap”
Just kidding lmao this is a dumb joke this guys super entertaining lol

Same as Japanese kanji! I know a ton of hanzi and kanji are the same but I thought I’d just add this on lol

They just honestly either don't know how to deal with it, or don't want to deal with it in a timely manner due to hacking getting them more revenue

Like, most of their current hacking problems can be solved with a netcode fix, yet they have refused to anything about netcode for yeeeears

@@raremc1620 was going to reply exactly what you said. Their netcode and the server not being the source of truth is eft's problem

Switching to server side authority would be a start

Let me guess: Vanguard?

@@phsycresconquest6636nProtect GameGuard is doing this with Helldivers 2 right now.

@@phsycresconquest6636 Helldivers 2

Damn I even got mad at Windows defender for doing it like 4 years ago, now it is just permanently disabled. Never missed it.

@@ANDR0iD tbf for an anti-virus it’s much more understandable as it’s doing that to keep unwanted hidden programmes out. Real time scanning is a pain and should be done away with but disabling anti-virus completely isn’t smart either.

*slowly proceeds to extend middle finger*

I *highly* doubt you can catch a cheater in LoL just by analysing their gameplay statistics. Even if you catch dodge-scripters by cleverly differentiating their movement, how would you catch people who cheat by removing the fog of war? That's just information to them, like wall-hacks but less noticeable.

Trust me it's sometimes it's even hard catching a cheater while watching overwatch on cs specially if they know what people are looking out for. Stack team of 4/5 have one guy walling and the advantage is enough to climb the ranks. Mmos are different a lot of it is server side, unfortunately fps games a lot of the time it's client based that's where kernel AC potentially is required but from what I've been seeing that AI cheats running between monitor and PC it's going to be pointless soon potentially future AC will be requiring a hardware device 😅

​@@capbarkerfirstly, not coding your game so shit that it gives global state information to all players.

@@capbarker By not sending the state and position of players when they're not visible. FYI League already does this, but it does have a small buffer zone where player data is sent. So you don't have someone blink into your vision out of nowhere.

​@@monkeyguy378 in shooters that would be a massive issue

How so?

​@@danielchettiar5670he might be referencing the bs anti cheat that Helldivers has

@@DonkeyOnAUnicycleBut again, he's not running Helldivers 2 on a machine containing anything else. He built a machine dedicated just to helldivers 2 to burn it after the Democracy wins.

@@DonkeyOnAUnicycle Ahh okay

​@@RobluexHow did he do it? Is he using a virtual machine or did he build another computer to play this game? I'm in the same boat, I want to play it but no kernel anti cheat will touch my computer.

not only that: people are ok with installing kernel-level cheats to bypass non-kernel anti-cheats (because of course they can totally trust the nice hacker who created it, right?)

​@@RegnumMortispeople will install kernel level anticheats from companies owned and operated in countries like Saudi Arabia and China which is even more fucked.

A LOT of people, especially content creators, PC's have this. One day there will be a big exploit and all their PCs get compromised.
Helldivers isn't a bad game, it's only the rootkit that's the issue.

@@jebbyy32*cough* Valorant *cough*

Not only are they okay with it, gamers now actively demand it from developers thinking Kernel level ACs will eradicate cheating forever. People suffer a minor inconvenience in their video game and are immediately comfortable signing away all their privacy to companies. Like the chatter in this clip calling it a "necessary evil" LMAO. If Netflix.exe, a cheat that has a readme file of like, 4 installation steps can bypass a Kernel AC, I don't think that trade is working out, Bros.

@ssarkos5148 It never prevented cheating. So how is a solution that works a bit better than other solutions with a way bigger impact on the security of your system "not an option"?
There will always be cheating in online games and the best way of prevention is active monitoring by people not leaving that issue to apps that can be bypassed or corrupted.

@ssarkos5148 Bullshit, it can't even detect the shit that matters. It's a deterrent that puts everyone at risk of a company no one should trust.

​@ssarkos5148 if you truly, truly believe that the cheating is so bad you need to do that, then just stop playing those games
Kernel access is *the* access level, there is *no* going back once you give it up. If you're demanding all your games get kernel access, you're turning every game you own into malware. "But it's a game, how could it be malware." All it takes is one malicious *line* and you could be screwed. One disgruntled employee and every user of the game has to throw out their laptops. Someone hacks the company? Say goodbye to your information. Are you really so desperate for an anticheat, are your games so incredibly rife with cheaters, that you are willing to not only get rid of your own safety and security, but demand that an entire userbase do so as well?

⁠@@gen9695none of that makes sense. One employee cannot do that. A hacker cannot do that. This is not how the software engineering process works at all so fortunately a lot of your fears are not real.

@ssarkos5148 Yes, cheating in multiplayer games is a big problem, but asking every player to give the company who owns the game full access to your entire system just to play is ridiculous, especially when there is no real warning that "hey, this game uses an anti-cheat that's kernel level, which means we have as much access to your computer as we possibly could". You have to already know what kernel level access is, what anti-cheats use it, and know where to look to see if a game's anti-cheat uses it.
It's a similar problem to hiding really invasive clauses in an employment contract. Is it legal, yes, but they take advantage of the average person's ignorance on the subject to put in something that, while it does solve the problem SOME, it also invades the person's privacy in a way they never knew was happening.

How do you address someone using an aim bot?

@gothpunkboy89 "Good Evening, Aim Bot User, may the morning find you well."

Kernel-level anticheat is an artifact of the past, as counter-measure of the nature of online games in Asia back then. MMO had played a big real money trading, means hacked accounts = loss of money. Development was also very slow and rigid back then so game/engine updates may come once annually or two, hence game update may differ to content update.
plus, win98/xp also has lots of security holes so memory alter/tampering (zero binary modification) cheat was a thing back then. dev/publisher will do anything to secure their game from intrusion.

@@gothpunkboy89 Either accept that it happens in fps games or stop playing them. Tbh I play less and less online games nowadays. There are cheaters everywhere every game.
Just stop playing if you are overwhelmed.

@@ANDR0iD Or they can implement programs to catch and allow the banning of people who cheat.

how would you even make a law that delegalizes that, without hurting people that need to use kernel-level software for other reasons?
i'd rather make it mandatory for a piece of software to communicate that to the user, as well as potential risks it can carry

​@@_phloggy_ Not sure I understand your stance here. You would rather give kernel-level access to everyone because someone might need that for some software maybe?

@@_phloggy_ what other reason?

@fronix5060 I think they were just saying that legally forbidding it is a bit overkill and, although the stuff is generally not a good thing to have, that just outright outlawing it is intruding the whole freedom thing quite a lot, along the lines of doing the least regulation that still gets the job done. Just because we can't think of a good use for something like that right now doesn't mean there isn't any, plus such legislation could easily overstep the intended target and make making kernel drivers all but impossible if it's drafted up by the same tech-illiterate geriatric patients that write most other laws
What I'd 100% get behind is that the user both needs to be clearly told that this is what they're getting into (and that they need to understand the implications), and also that we raise the level of liability for companies that make this kind of stuff

Agreed, someone can exploit that anti cheat and use it for their malware, since it signed by microsoft it will pass all antivirus engine

He talked about it on his most recent stream with a top Apex player

before long it's a case of split the monitor output to a machine vision module, and some USB devices that pretend to be a keyboard and mouse or a gamepad, under control of the entirely separate hardware. No software there to detect.

@@davidskidmore3442It's already at that point. There's documented cases of that exact setup being used. And it's via cheaters self-reporting and showing off their hardware to do it.

Some are impossible to detect. I remember hearing about an MSI monitor on The Wan Show. It had some sort of AI tool monitoring what was shown on screen. It had a light strip at the bottom and the AI could be set to monitor some portion of the screen (like health) and give and indicate it's status so you don't need to focus on it as hard. It could also monitor the mini map and anytime an opponent came out of of the FoW, it would mark it with a circle and an arrow.
Now only LoL was mentioned so I don't know about other games. I also don't know if it does anything else or what kind of options it has for adjustments to the overlay (if it has any). But it would definitely be an advantage... and through hacking or hardware mods it could be the most powerful and completely undetectable piece of cheat hardware _ever_.

@@davidskidmore3442 I wouldn't worry myself too much about that for a few reasons. 1. good detection relies on watching inputs as well, not just the software running. 2. do you know how expensive a setup like that would be? You need a system powerful enough, and software well built enough to analyze the data in as close to real time as possible and make decisions on what to do.
What counter do you suggest? activating HDCP in a way that leaves the result a low resolution mess that no one would want to use anyways?

Does it have kernel level anti cheat?

@@lachesis1033 yes, specifically “nProtect Gameguard”

​@@lachesis1033And a massive cheating problem, apparently.

@@lachesis1033 yes, one of the reasons it got negative review bombed at launch

Its even funnier because so many of the people bitching about helldivers will go play cod or someother game that has kernal level anti cheat.

Kernel level anti cheat, aka rootkit that is whitelisted on Windows defender.
Basically get someone to download a modified version and you have a straight up rootkit that gives you kernel access that Windows defender won't even scan

​@@andrewgreeb916a modified version would have a different hash, you would need to hijack it using a vulnerability and inject your code for it to be OK from the POV of defender

If Thor actually thought it was that bad he wouldn't still be playing helldivers.

@@Robert-kk5wy There are ways to mitigate kernel level anti cheats from having access to your stored information.

I mean, I don't personally think it is that bad. Perhaps a bit overkill in some scenarios, but the concept isn't something I'm against.
It's like using a sledgehammer to open a wallnut. If you're not careful, you might break the table in the process. But you can be sure that you're gonna crack the nut. You could go and get a nutcracker instead, but those don't always work, especially for any kind of nut. But a sledgehammer? It'll crack any of them. Just make sure you're swinging it on something safe.

@RenAki5 If I understand the analogy right, its different when someone else is swing the sledgehammer. Do you have 100% trust that their intentions are good. Are you able to completely trust the code that acts as a sledgehammer? The point being you're essentially giving a stranger keys to your digital house and hoping they don't do anything sketchy when snooping around.

@@Leedledled1 I mean, I'd trust the guy installing security cameras and home defense alarms to not be up to no good. And just the same, I trust anyone in Cyber Security to know what they should and shouldn't be doing.
Any program, not just kernel level ones, can cause a lot of problems/damage to a computer. Do you trust them to not have updates or software in them that could be harmful? Any video game could just as easily add crypto mining software that runs on the side of it, and destroy your GPU.
And uh, the obvious issue of literally shooting your own company in the foot by actually causing harm to your entire userbase. I'd much sooner trust the massive video game development company with kernel level access, as they're going to be regulated and have much more honest communication about it, than some random cheat software online, with 0 regulation, and no idea who or what the creator's intentions are, that also goes kernel level to dodge lower level anticheats.

Did you not watch the short?​@ssarkos5148

@ssarkos5148 you can bypass kernel. It just gives you a false sense of security. And you can definatly use Ai to detect wall hacks. Because you play differently if you where everyone is and that is detectable. And you can probably add fake players only people with wall hacks can see. Like how you can add fake blocks to mess with X-ray in minecraft.
But why do something like that when you have Kernel-level anti-cheat? Because that's obviously the only good way.

@ssarkos5148 kernal level against wallhacks? are you really that dumb? There's at least 2 defenses you can do in the game itself. force a pure texture state (something that many Valve games do). You can also just not render anything if it is fully obscured by objects or terrain in the player's field of view.

​@ssarkos5148Should we listen to you or the guy who worked on Blizzard?

@@huckleberryjam4975 what about... educating yourself, compiling opinions, and formulating a more unified perspective instead of opting for the easy approach of parroting one single person you see in a youtube short?

How do I find out if a game uses kernel?

​@@MrDuLukesprobably google it. I'm sure there must be a compilation of all anti cheat softwares and which games use it

​​​​@@MrDuLukesMost games use kernel level anti-cheats, but most of them aren't what people have problems with.
Like, take Easy Anti-Cheat or BattlEye, both run as kernel anti-cheats. But EAC and BE only open and run while the game is open, unlike Vanguard which is open all the time from computer start.
Personally, I dont care about EAC and BE because they only start and run when you play a game. Of course they still have kernel level anti-cheat, but at that point it doesnt bother me much.

As for how to find out.. Well, if it has an anti-cheat, it's mentioned somewhere, and you can just google it. But it most likely will nearly always be kernel level.

@@raremc1620afaik that is only half true and vanguard is only openly showing when its running as a way of being open about it compared to EA

That is because there are more players than ever before and game studios have gotten lax, relying on kernel level anti cheat that fucks over their loyal players to deal with the problem in a functional manner.

he is most likely talking about Honorbuddy which was a very popular bot that came about shortly after WoW Glider. Blizzard shut both of them down. All of Honorbuddies other bots got shot down too for other games

It's from a time when Blizzard actually cared about banning bots

@@AlmarWinfieldmy guy, glider is still active what are you even saying. Just google botting WOW and look it up yourself.

@@venturnoThey still very much care about banning bots. And why wouldn't they, considering bots cause them to lose money?

@@venturno Played since january 05, there's never been a time it wasn't full of bots and other blatant rulebreakers that never get punished

Idk I feel Thor generalized too much. Back then when he worked at Blizzard cheats werent that advanced. Right now many anticheats are kernel level because otherwise is extremely difficult to detect some cheats

@@wassup4532 If you were savvy enough, you could theoretically silence kernel-level anticheats entirely at the network level, entirely externally to the machine you're playing on. Hell, there are kernel level cheats out there too. Thor did not overgeneralize. You CANNOT trust anything that is not running YOUR software on YOUR hardware. AKA: Never trust the client. Ever.
Most games companies slap on kernel level anticheat and automated report-based systems because it's easier and cheaper than actually properly validating and sanity checking what players are trying to do on the server side.
But it's lazy, still possible to bypass, and straight up is a security risk. In fact, I would LOVE it if tomorrow regulatory bodies started regulating kernel-level code legislatively. It's not needed for much.
All kernel-level anticheats do is escalate the battle between cheat makers and game developers in a way that leaves consumers open to more threat actors than before.

@@wassup4532 Yeah.. idk about Thors take here. If anti cheats don't need kernel level access to function well, why is it that Valorant is like the only game that remains *somewhat* cheat free (and if there are cheats they are shut down near instantly)? Kinda funny how all these other games he worked on have infinite cheats.

@@kiro3779 What are you yabbing about? The game is def not “somewhat cheat free”, no game can or will be. Have you ever heard of DMA?💀

@@luckra808 Compare Valorant (1 cheater every 100 matches or something) with CS2 (1 cheater every 2 games). Obv just subjective experience but the difference is very noticable for anyone that is somewhat experienced with both games. I would give Valve Kernel level in a heartbeat if it meant I could play the game without cheaters again

So a rootkit vs a non rootkit? seems like a pretty big difference to me.

Do you know what the difference between an invasive rootkit and an invasive non-rootkit is? It's the difference between a papercut and a beheading.