this post was submitted on 02 May 2026
199 points (97.6% liked)
Linux
13504 readers
403 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
i cannot possibly justify kernel level anticheat. cheating in games is just not that serious, sorry. there are much smarter ways to tackle that and i certainly don't have evidence for this by any means but i've always assumed that kernel level anticheat is just spyware being justified by saying it's to stop cheating in multiplayer games. insane to me that people are willing to play games w it.
I think it's only an issue as soon as there's money involved like in processional e-sports.
Otherwise just report and move on.
The solution is simple: gaming on a separate device from your regular PC, which does not have any of your personal data to spy on. We could call it a gaming console!
What do you mean by "cheating in games is just not that serious"? If you mean viewing life in general, it's not much of an issue: for sure. If you mean for specific games it's not much of an issue, disagree. There really are games that are being completely ruined by cheaters, and that's what they're trying to combat.
And if you ask my solution, why have games boot into their own OS where they can do anticheat in that kernel, instead of the kernel i use for other things too. Something that would achieve that conveniently would be awesome, it's not as if pc's still take ages to boot.
I think they were viewing it from a risk justification perspective. Giving anything kernel level access is high risk, and game publishers have not even remotely earned that level of trust.
Systems that abuse everyone and claim to be for our protection. The more things change the more they stay the same.
In school we had a talk from a guest speaker who professionally developed malware. He said kernel-level anticheat was indistinguishable from malware. He said the same thing about (3rd-party) antivirus.
Most people aren't aware of it
Most people don't know how a computer does anything, let alone the kernel.
Wait, what’s the smarter effective way that they are ignoring? Why hasn’t Valve pushed this solution in the name of Linux support improving?
I have interest in the problem of hacking in social games. And I’m not sure if I’m aware of the smarter solution you alluded to.
Server-side anti-cheats, like Polar for Minecraft.
I see. So games using something like Photon are out of luck? Dedicated authoritative servers are mandatory?
It seems like authoritative dedicated servers are out of fashion these days. Especially in the indie scene. But maybe that should change to support more fair multiplayer spaces with less grief from hackers.
GTAO is the most profitable game in the history of games, and it does not use dedicated authoritative servers. Even though they could afford it.
And if you are correct, Valve can’t push this solution. They can’t implement it for developers. Valve is shit out of luck with that approach.
Using GTA online as an example of anything secure isn't great, given it was losing to cheat engine early on. Surely if they put any effort into anticheat at all, cheat engine would fail
I was using it as an example of a huge failure. They added anti-cheat recently. After a decade. And I’m pretty sure it’s one of the kernel level ones…
They may have even avoided adding it because they didn’t want to piss off users with kernel level. And they didn’t want to spend the money on dedicated servers. But who knows why they let it be a hackers playground for a decade.
So they didn’t do what is claimed to be the right path. And my point was developers don’t want to spend the money on the right path.
Where did I suggest they were an example of good security?!
As far as I know GTA Online does not work on Linux anymore, so it probably is.
The alternative is to create a solution that checks to ensure players aren't doing something that they aren't supposed to do. Sometimes this is easy, like ensuring they don't move too far in a single server tick, or their velocity doesn't get higher or change faster than it should be. Sometimes this is more difficult, like not transmitting the location of enemy players unless they're actually visible to that player. No matter what, it's custom.
Other AC solutions are mostly plug-and-play. They still require some effort, but not nearly the same amount. It's much more appealing to a studio to spend time on developing the actual game, and pay for an AC solution, than to hire people to just handle AC.
There's one more example, that's even more expensive, of using AI detection, which I think Valve still does a lot of. They've been adding this for much longer than the current AI movement has been happening. It takes a lot of data and tagging that data for cheating or not. It's not a perfect solution (Valve does other solutions in addition to this), but it can work really well.
Heuristic data analysis
So, dedicated authoritative servers like another comment said?
No, Heuristic Analysis is deciding what data is likely, what data is unlikely, and what data is impossible, and then deciding, on that scale, the where the data the player is generating resides.
In short: Humans have natural variations in everything they do, even the top 0.0001% of players. So let's say you want to tackle aimbots in an FPS.
The first thought would be track the number of headshots, and then if a player gets 100% headshots they're labeled a cheater -- but that isn't accurate because of players like the streamer Shroud. So let's be smarter. Let's analyze the median player based on data from every player -- not their headshots, not where they shoot, but how they move the cursor to the opponent to shoot.
An aimbot will do a simple mathematical formula to decide how to aim at the target; i.e. if we imagine a 2d grid (centered at 0,0; squared limits of 100) on the screen and the player's crosshair is at 0,0 and there's an enemy at 50,50; then a bot would do something like (complete pseudocode:)
This results in a predictable and perfectly diagonal move towards the enemy. Now actual humans cannot do this. It doesn't matter how fine of motor skills they have, period. It is impossible for a human to even accidentally move like this. So we place this in the 'impossible' end of the spectrum.
If a player does too many unlikely or impossible actions, flag them for review, and ban them that way. Or, just ban the ones doing objectively mathematically impossible things.
Heuristic Data Analysis requires actual humans actually thinking about what is and isn't possible in a game, understanding how cheats AND the game actually work, and then defining the spectrum, and then implementing and constantly tweaking it to minimize false positives while maximizing those that tweak their bots to get around the analysis.
Because of this it's expensive, relatively speaking, than paying a (statistically Israeli) anti cheat company to install spyware on their behalf.
Ah I see. That all makes sense, but yeah, these are products and they do a cost benefit analysis, and deem this stuff to expensive. And I think sometimes they deem it too brittle.
There’s also the problem of ban evasion not being solved either. So even with good ban actions, people just return. I’ve seen this first hand in a platform I hang out in.
It’s always an ongoing problem, and some people are really dismissive of how difficult it really is when you consider all the angles.
I appreciate the discussion and input.
Are you aware of any platforms or games who do it “right”? And if not, is it just because of the time commitment, like you already stated?
World of Warcraft (yes it still has a bot problem, turns out it's even more complicated of an analysis with hundreds of thousands of people playing the game wrong) unironically is the biggest game to do this and report on it. They track player movement, skill usage, cursor position on screen and likely a thousand more data points to determine if a real player could possibly do the things being done and auto flag and auto ban based on that.
I believe VAC also has heuristic capability for FPSs if you enable it as a developer, as CS2 (at least, I think CS Source had a similar system) can detect unrealistic movements, perfectly timed clicks and all manner of movement scripts based solely on timing and not memory editing or other executable interference.
But yes most games really don't want to have an active cybersecurity team dedicated solely to studying game mechanics and deciding what is or isn't realistic, and while heuristic analysis of memory (i.e. catching injected cheats) is also a thing, that also requires a security team capable of that; and as someone who once tried to get into the cybersecurity field all of that is expensive. You're not getting a single person, much less a team, for less than 6 figures a year, and the amount of work generated that cannot be automated necessitates a fairly large team. CS2 gets around this a bit by having trusted players review iffy VAC detections which then feed into VACnet (which was released fairly recently) to have AI auto-review the heuristic detections based on known good reviews; but still the sheer volume of detections in a heuristic system (even well tuned ones) requires constant moderation.
Its expensive to monitor and store data. Of course you could check and monitor account activity server side whenecer there is a report but youd have to store it all and manually review it.