It would be nice if the article at least tried to explain how this new anti-cheat works instead of basically rephrasing the title twice. They specialize in tech, ffs
this post was submitted on 02 May 2026
199 points (97.6% liked)
Linux
13504 readers
391 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
Common misconception, they actually specialise in chradars.
i cannot possibly justify kernel level anticheat. cheating in games is just not that serious, sorry. there are much smarter ways to tackle that and i certainly don't have evidence for this by any means but i've always assumed that kernel level anticheat is just spyware being justified by saying it's to stop cheating in multiplayer games. insane to me that people are willing to play games w it.
I think it's only an issue as soon as there's money involved like in processional e-sports.
Otherwise just report and move on.
The solution is simple: gaming on a separate device from your regular PC, which does not have any of your personal data to spy on. We could call it a gaming console!
What do you mean by "cheating in games is just not that serious"? If you mean viewing life in general, it's not much of an issue: for sure. If you mean for specific games it's not much of an issue, disagree. There really are games that are being completely ruined by cheaters, and that's what they're trying to combat.
And if you ask my solution, why have games boot into their own OS where they can do anticheat in that kernel, instead of the kernel i use for other things too. Something that would achieve that conveniently would be awesome, it's not as if pc's still take ages to boot.
I think they were viewing it from a risk justification perspective. Giving anything kernel level access is high risk, and game publishers have not even remotely earned that level of trust.
Systems that abuse everyone and claim to be for our protection. The more things change the more they stay the same.
In school we had a talk from a guest speaker who professionally developed malware. He said kernel-level anticheat was indistinguishable from malware. He said the same thing about (3rd-party) antivirus.
Most people aren't aware of it
Most people don't know how a computer does anything, let alone the kernel.
Wait, what’s the smarter effective way that they are ignoring? Why hasn’t Valve pushed this solution in the name of Linux support improving?
I have interest in the problem of hacking in social games. And I’m not sure if I’m aware of the smarter solution you alluded to.
Server-side anti-cheats, like Polar for Minecraft.
I see. So games using something like Photon are out of luck? Dedicated authoritative servers are mandatory?
It seems like authoritative dedicated servers are out of fashion these days. Especially in the indie scene. But maybe that should change to support more fair multiplayer spaces with less grief from hackers.
GTAO is the most profitable game in the history of games, and it does not use dedicated authoritative servers. Even though they could afford it.
And if you are correct, Valve can’t push this solution. They can’t implement it for developers. Valve is shit out of luck with that approach.
Using GTA online as an example of anything secure isn't great, given it was losing to cheat engine early on. Surely if they put any effort into anticheat at all, cheat engine would fail
I was using it as an example of a huge failure. They added anti-cheat recently. After a decade. And I’m pretty sure it’s one of the kernel level ones…
They may have even avoided adding it because they didn’t want to piss off users with kernel level. And they didn’t want to spend the money on dedicated servers. But who knows why they let it be a hackers playground for a decade.
So they didn’t do what is claimed to be the right path. And my point was developers don’t want to spend the money on the right path.
Where did I suggest they were an example of good security?!
As far as I know GTA Online does not work on Linux anymore, so it probably is.
The alternative is to create a solution that checks to ensure players aren't doing something that they aren't supposed to do. Sometimes this is easy, like ensuring they don't move too far in a single server tick, or their velocity doesn't get higher or change faster than it should be. Sometimes this is more difficult, like not transmitting the location of enemy players unless they're actually visible to that player. No matter what, it's custom.
Other AC solutions are mostly plug-and-play. They still require some effort, but not nearly the same amount. It's much more appealing to a studio to spend time on developing the actual game, and pay for an AC solution, than to hire people to just handle AC.
There's one more example, that's even more expensive, of using AI detection, which I think Valve still does a lot of. They've been adding this for much longer than the current AI movement has been happening. It takes a lot of data and tagging that data for cheating or not. It's not a perfect solution (Valve does other solutions in addition to this), but it can work really well.
Heuristic data analysis
So, dedicated authoritative servers like another comment said?
No, Heuristic Analysis is deciding what data is likely, what data is unlikely, and what data is impossible, and then deciding, on that scale, the where the data the player is generating resides.
In short: Humans have natural variations in everything they do, even the top 0.0001% of players. So let's say you want to tackle aimbots in an FPS.
The first thought would be track the number of headshots, and then if a player gets 100% headshots they're labeled a cheater -- but that isn't accurate because of players like the streamer Shroud. So let's be smarter. Let's analyze the median player based on data from every player -- not their headshots, not where they shoot, but how they move the cursor to the opponent to shoot.
An aimbot will do a simple mathematical formula to decide how to aim at the target; i.e. if we imagine a 2d grid (centered at 0,0; squared limits of 100) on the screen and the player's crosshair is at 0,0 and there's an enemy at 50,50; then a bot would do something like (complete pseudocode:)
While CrosshairPosition(y) does not equal EnemyPosition(y):
Move mouse up (i.e. +y) by 1
While CrosshairPosition(x) does not equal EnemyPosition(x):
Move mouse right (i.e. +x) by 1
Fire()
This results in a predictable and perfectly diagonal move towards the enemy. Now actual humans cannot do this. It doesn't matter how fine of motor skills they have, period. It is impossible for a human to even accidentally move like this. So we place this in the 'impossible' end of the spectrum.
If a player does too many unlikely or impossible actions, flag them for review, and ban them that way. Or, just ban the ones doing objectively mathematically impossible things.
Heuristic Data Analysis requires actual humans actually thinking about what is and isn't possible in a game, understanding how cheats AND the game actually work, and then defining the spectrum, and then implementing and constantly tweaking it to minimize false positives while maximizing those that tweak their bots to get around the analysis.
Because of this it's expensive, relatively speaking, than paying a (statistically Israeli) anti cheat company to install spyware on their behalf.
Ah I see. That all makes sense, but yeah, these are products and they do a cost benefit analysis, and deem this stuff to expensive. And I think sometimes they deem it too brittle.
There’s also the problem of ban evasion not being solved either. So even with good ban actions, people just return. I’ve seen this first hand in a platform I hang out in.
It’s always an ongoing problem, and some people are really dismissive of how difficult it really is when you consider all the angles.
I appreciate the discussion and input.
Are you aware of any platforms or games who do it “right”? And if not, is it just because of the time commitment, like you already stated?
World of Warcraft (yes it still has a bot problem, turns out it's even more complicated of an analysis with hundreds of thousands of people playing the game wrong) unironically is the biggest game to do this and report on it. They track player movement, skill usage, cursor position on screen and likely a thousand more data points to determine if a real player could possibly do the things being done and auto flag and auto ban based on that.
I believe VAC also has heuristic capability for FPSs if you enable it as a developer, as CS2 (at least, I think CS Source had a similar system) can detect unrealistic movements, perfectly timed clicks and all manner of movement scripts based solely on timing and not memory editing or other executable interference.
But yes most games really don't want to have an active cybersecurity team dedicated solely to studying game mechanics and deciding what is or isn't realistic, and while heuristic analysis of memory (i.e. catching injected cheats) is also a thing, that also requires a security team capable of that; and as someone who once tried to get into the cybersecurity field all of that is expensive. You're not getting a single person, much less a team, for less than 6 figures a year, and the amount of work generated that cannot be automated necessitates a fairly large team. CS2 gets around this a bit by having trusted players review iffy VAC detections which then feed into VACnet (which was released fairly recently) to have AI auto-review the heuristic detections based on known good reviews; but still the sheer volume of detections in a heuristic system (even well tuned ones) requires constant moderation.
Its expensive to monitor and store data. Of course you could check and monitor account activity server side whenecer there is a report but youd have to store it all and manually review it.
Stopkilling games should take advantage of the momentum and propose the parliament passes a law mandating compatibility with open source OSs for games to be sold in the EU. Windows would virtually implode after a law like that.
You know i remember when RL cost money to purchase the game.
It was was easier anticheat, cause if you cheated you got banned and had to pay money to get a new account.
Cheats only recently became a problem that can be solved in other ways.
bring back private servers as the norm again.
I'm showing my age but the days of private Quake 3, UT, BF, etc servers were great. sure cheating still existed but there were SO many servers with mods that actually maintained said servers you could easily swap servers or find ones to favourite where cheating just didn't happen because the ban hammer was swift and immediate. I loved playing on 24/7 2fort servers for like TFC or Q3A and you could play for hours on end without encountering a single cheater.
I remember playing on CS 1.6 servers where mods thought I was cheating...not fun getting constantly banned by salty mods cuz they're scrubs
The game certainly took a hit when it went f2p.
Yeah because games that cost money doesn’t have cheats
The point | | | Your head
I'm not the guy you replied to, but what's the point being made? It really does sound like they're trying to say pay to play prevents cheaters.
Its good that Rocket League allowed Linux support with Easy Anti Cheat. I just hope they won't do a 180 on it like Apex Legends did with the same anticheat software on Linux a few years ago. EA's reasoning was something along the lines of, its too easy bypass on Linux or something. (idk how that ends up being your legit player's fault and not the fault of the anticheat software that you paid for not doing what it advertised)
AFAIK, it’s not kernel level on Linux/SteamDeck. It’s only a subset of the protection.
Edit: what’s up with the downvote? Am I wrong? Is EAC on Linux the full toolset?
no, you are right;
of course it isn't kernel level on linux
Numbers is the only way to speak to the bean counters making the decisions. They don't care otherwise. Need more Linux users.
With the game removed from the store and the fact they sold out to Epic I doubt Rocket League will be getting many more Linux players.
You can use Heroic to manage Epic Store games. It's not that hard to use on Linux. I rarely do it, but it's easy. I don't see why anything would prevent Linux users from playing it.
People who bought the game on steam can still play from there but also EG works on Linux (source: I play from Linux)
They added EAC? I left the game when trading got removed, so I haven’t been keeping up. Does this mean the end of BakkesMod?
Yep and there’s already people who’ve bypassed EAC so the bots will be back but bakkesmod won’t be
was there a bot problem? when I played, it was notably one of the few games where botting and cheating werent a real problem, since it was so hard back then. are these using AI?
Yes every 3rd ranked game in 1600+ was against AI
I use the Steam version of Rocket League and I thought it was broken after they introduced this anti-cheat update, but I just had to disable ReShade (dxgi.dll in the binary directory) for it to work, and I've had no problems since. And MangoHUD works just fine which is curious as it's also an injected overlay(?).