Kernel level anti-cheats: Difference between revisions

(7 intermediate revisions by 5 users not shown)

Line 1:

'''Kernel-level anti-cheat''' (KLAC) is a subset of anti-cheat dedicated towards running above the user level. These types of anti-cheat, such as [[Easy Anti-Cheat|Easy Anticheat]] (EAC), have grown in popularity among large developers for their online multiplayer games.<ref>{{Cite web |last=Alder |first=Dan |date=Mar 6, 2024 |title=Every game with kernel–level anti–cheat software |url=https://levvvel.com/games-with-kernel-level-anti-cheat-software/ |access-date=Aug 5, 2025 |website=levvvel}}</ref> Alongside this rise in popularity is increasing concern from both consumers regarding their privacy with the use of this software,<ref>{{Cite news |last=Conway |first=Adam |date=Aug 13, 2024 |title=Kernel-level anti-cheats are the next tech disaster waiting to happen |url=https://www.xda-developers.com/kernel-level-anti-cheat-tech-disaster/ |access-date=Aug 5, 2025 |work=XDA}}</ref> and from security professionals who recognize the significant risks of kernel-level software being breached.<ref>{{Cite news |last=Bullas |first=Adam |date=Oct 23, 2024 |title=Kernel-Level Anti-Cheat: Security Risks, Linux Struggles, and the Steam Deck |url=https://adambullas.com/kernel-level-anti-cheat/ |access-date=Aug 5, 2025 |work=AdamBullas.com}}</ref>

'''Kernel-level anti-cheat''' (KLAC) is a subset of anti-cheat dedicated towards running above the user level. These types of anti-cheat, such as [[Easy Anti-Cheat|Easy Anticheat]] (EAC), have grown in popularity among large developers for their online multiplayer games.<ref>{{Cite web |last=Alder |first=Dan |date=Mar 6, 2024 |title=Every game with kernel–level anti–cheat software |url=https://levvvel.com/games-with-kernel-level-anti-cheat-software/ |access-date=Aug 5, 2025 |website=levvvel}}</ref> Alongside this rise in popularity is increasing concern from both consumers regarding their privacy with the use of this software,<ref>{{Cite news |last=Conway |first=Adam |date=Aug 13, 2024 |title=Kernel-level anti-cheats are the next tech disaster waiting to happen |url=https://www.xda-developers.com/kernel-level-anti-cheat-tech-disaster/ |access-date=Aug 5, 2025 |work=XDA |archive-url=http://web.archive.org/web/20260218164522/https://www.xda-developers.com/kernel-level-anti-cheat-tech-disaster/ |archive-date=18 Feb 2026}}</ref> and from security professionals who recognize the significant risks of kernel-level software being breached.<ref>{{Cite news |last=Bullas |first=Adam |date=Oct 23, 2024 |title=Kernel-Level Anti-Cheat: Security Risks, Linux Struggles, and the Steam Deck |url=https://adambullas.com/kernel-level-anti-cheat/ |access-date=Aug 5, 2025 |work=AdamBullas.com |archive-url=http://web.archive.org/web/20260118135338/https://adambullas.com/kernel-level-anti-cheat/ |archive-date=18 Jan 2026}}</ref>

==How it works==

Line 8:

==Consumer impact summary==

===Privacy concerns===

Kernel-level anti-cheat has access to every process that runs on a computer, from a simple video running in the background, to processes that may be more private for the user. As this software is designed to run on startup,<ref>{{Cite web |last=Rigney |first=Ryan K. |date=23 Feb 2024 |title=The Gamers Do Not Understand Anti-Cheat |url=https://www.pushtotalk.gg/p/the-gamers-do-not-understand-anti-cheat |access-date=2025-06-10 |website=Push To Talk}}</ref> this means even if the intended game the software was installed for is not currently running, it retains the capability to track the user's behaviors. This can range from gathering data that could be sold to advertisers to, if the software itself is hijacked by a malicious actor, the harvesting of sensitive personal information.

Kernel-level anti-cheat has access to every process that runs on a computer, from a simple video running in the background, to processes that may be more private for the user. As this software is designed to run on startup,<ref>{{Cite web |last=Rigney |first=Ryan K. |date=23 Feb 2024 |title=The Gamers Do Not Understand Anti-Cheat |url=https://www.pushtotalk.gg/p/the-gamers-do-not-understand-anti-cheat |access-date=2025-06-10 |website=Push To Talk |archive-url=http://web.archive.org/web/20251215134002/https://www.pushtotalk.gg/p/the-gamers-do-not-understand-anti-cheat |archive-date=15 Dec 2025}}</ref> this means even if the intended game the software was installed for is not currently running, it retains the [[Spyware|capability to track]] the user's behaviors. This can range from gathering data that could be sold to advertisers to, if the software itself is hijacked by a malicious actor, the harvesting of sensitive personal information.

===Security concerns===

Line 15:

If a malicious actor was to discover a security issue in a kernel level anti-cheat significant enough to allow them to hijack the software, they would be able to directly execute code at its level of access, allowing them to bypass security measures put in place by the {{Wplink|operating system}} and {{Wplink|Antivirus software|anti-virus software}}.

This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat ~~'''~~mhyprot2.sys''<~~nowiki~~/>' was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |access-date=Aug 4, 2025 |website=Trend}}</ref>

This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat <code>mhyprot2.sys</code> was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |access-date=Aug 4, 2025 |website=Trend |archive-url=http://web.archive.org/web/20260208191733/https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |archive-date=8 Feb 2026}}</ref>

Another perfect example is [[Hotta Studios]]' [[Tower of Fantasy]] game. Users have reported that the kernel-level anticheat 'ksophon_x64.sys' has caused [[wikipedia:Blue_screen_of_death|BSOD]] along with the DPC_WATCHDOG_VIOLATION. This incident occurs when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in System32/drivers.

Another perfect example is Hotta Studios' Tower of Fantasy game. Users have reported that the kernel-level anticheat <code>ksophon_x64.sys</code> has caused [[wikipedia:Blue_screen_of_death|BSOD]] along with the <code>DPC_WATCHDOG_VIOLATION</code>. This incident occurs when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in <code>System32/drivers</code>.

=== Support issues ===

===Support issues===

Due to the nature of [[wikipedia:Linux|GNU/Linux]]-based operating systems, many KLACs end up becoming incompatible.<ref name=":0">{{Cite web |last=Sam4k |date=Aug 15, 2021 |title=What's The Deal With Anti-Cheat On Linux? |url=https://sam4k.com/whats-the-deal-with-anti-cheat-on-linux/ |access-date=Aug 5, 2025 |website=Sam4k.com}}</ref> Some have been aiming to fix this via compatibility layers under [[wikipedia:Proton_(software)|Proton]] or [[wikipedia:Wine_(software)|WINE]], but due to how popular KLACs communicate with the system to verify integrity on the kernel level, it fails to work with Linux.<ref name=":0" /> As such, games that cannot have their anticheat function fully will entirely refuse to launch,<ref>{{Cite news |last=Tulach |first=Samuel |date=Sep 10, 2024 |title=The issue of anti-cheat on Linux |url=https://tulach.cc/the-issue-of-anti-cheat-on-linux/ |access-date=Aug 5, 2025 |work=Tulach}}</ref> even if it can be used for offline purposes.

Due to the nature of [[wikipedia:Linux|GNU/Linux]]-based operating systems, many KLACs end up becoming incompatible.<ref name=":0">{{Cite web |last=Sam4k |date=Aug 15, 2021 |title=What's The Deal With Anti-Cheat On Linux? |url=https://sam4k.com/whats-the-deal-with-anti-cheat-on-linux/ |access-date=Aug 5, 2025 |website=Sam4k.com |archive-url=http://web.archive.org/web/20251110195706/https://sam4k.com/whats-the-deal-with-anti-cheat-on-linux/ |archive-date=10 Nov 2025}}</ref> Some have been aiming to fix this via compatibility layers under [[wikipedia:Proton_(software)|Proton]] or [[wikipedia:Wine_(software)|WINE]], but due to how popular KLACs communicate with the system to verify integrity on the kernel level, it fails to work with Linux.<ref name=":0" /> As such, games that cannot have their anticheat function fully will entirely refuse to launch,<ref>{{Cite news |last=Tulach |first=Samuel |date=Sep 10, 2024 |title=The issue of anti-cheat on Linux |url=https://tulach.cc/the-issue-of-anti-cheat-on-linux/ |access-date=Aug 5, 2025 |work=Tulach |archive-url=http://web.archive.org/web/20251229235125/https://tulach.cc/the-issue-of-anti-cheat-on-linux/ |archive-date=29 Dec 2025}}</ref> even if it can be used for offline purposes.

In some instances, KLAC can be so aggressive towards Linux, that it refuses to launch even in a [[wikipedia:Virtual_machine|virtual machine]], like with [[Rockstar Games|Rockstar Games']] ''[[Grand Theft Auto V]]''<ref name=":1">{{Cite web |last=Airweizen |date=Sep 28, 2024 |title=30 day ban people - did you have running this software? |url=https://steamcommunity.com/app/271590/discussions/0/4839770900414998113/ |access-date=Aug 5, 2025 |website=Steam Forums}}</ref><ref name=":2">{{Cite web |last=GamerDude909 |date=Feb 12, 2025 |title=Can You Play GTA Online on Linux? |url=https://nerdburglars.net/question/can-you-play-gta-online-on-linux/ |access-date=Aug 5, 2025 |website=Nerd Burglars}}</ref> running [[BattlEye Anticheat]], which has been known to explicitly block Linux users,<ref>{{Cite web |last=KZ_D |date=May 16, 2022 |title=Anyone out there still playing Battleye protected games in VM in 2022? |url=https://www.reddit.com/r/VFIO/comments/uqwljl/anyone_out_there_still_playing_battleye_protected/ |access-date=Aug 5, 2025 |website=[[Reddit]]}}</ref><ref>{{Cite web |last=GamerNinja99 |date=Mar 2, 2025 |title=Any Fixes for GTA Online's BattlEye on Linux? |url=https://nerdburglars.net/question/any-fixes-for-gta-onlines-battleye-on-linux/ |access-date=Aug 5, 2025 |website=Nerd Burglars}}</ref><ref>{{Cite web |last=AnIcedTeaPlease |date=Jan 21, 2021 |title=What's the progress of Battleye (and other anti-cheat software) on Linux as of 2021? |url=https://www.reddit.com/r/linux_gaming/comments/l29yfk/whats_the_progress_of_battleye_and_other/ |access-date=Aug 5, 2025 |website=[[Reddit]]}}</ref> or [[Epic Games, Inc.|Epic Games]]' [[Fortnite]].<ref>{{Cite web |last=WashingtonMatt |date=Jan 7, 2023 |title=Blocked by BattlEye for [Virtual Machine] |url=https://forums.unraid.net/topic/133384-blocked-by-battleye-for-virtual-machine/ |access-date=Aug 5, 2025 |website=Unraid}}</ref><!--More examples: https://steamcommunity.com/app/513710/discussions/0/3770112515483525897/ (SCUM)

In some instances, KLAC can be so aggressive towards Linux, that it refuses to launch even in a [[wikipedia:Virtual_machine|virtual machine]], like with [[Rockstar Games|Rockstar Games']] ''Grand Theft Auto V''<ref name=":1">{{Cite web |last=Airweizen |date=Sep 28, 2024 |title=30 day ban people - did you have running this software? |url=https://steamcommunity.com/app/271590/discussions/0/4839770900414998113/ |access-date=Aug 5, 2025 |website=Steam Forums |archive-url=http://web.archive.org/web/20251004104023/https://steamcommunity.com/app/271590/discussions/0/4839770900414998113/ |archive-date=4 Oct 2025}}</ref><ref name=":2">{{Cite web |last=GamerDude909 |date=Feb 12, 2025 |title=Can You Play GTA Online on Linux? |url=https://nerdburglars.net/question/can-you-play-gta-online-on-linux/ |access-date=Aug 5, 2025 |website=Nerd Burglars |archive-url=http://web.archive.org/web/20250720052714/https://nerdburglars.net/question/can-you-play-gta-online-on-linux/ |archive-date=20 Jul 2025}}</ref> running [[BattlEye Anticheat]], which has been known to explicitly block Linux users,<ref>{{Cite web |last=KZ_D |date=May 16, 2022 |title=Anyone out there still playing Battleye protected games in VM in 2022? |url=https://www.reddit.com/r/VFIO/comments/uqwljl/anyone_out_there_still_playing_battleye_protected/ |access-date=Aug 5, 2025 |website=[[Reddit]] |archive-url=http://web.archive.org/web/20220516135921/https://old.reddit.com/r/VFIO/comments/uqwljl/anyone_out_there_still_playing_battleye_protected/ |archive-date=16 May 2022}}</ref><ref>{{Cite web |last=GamerNinja99 |date=Mar 2, 2025 |title=Any Fixes for GTA Online's BattlEye on Linux? |url=https://nerdburglars.net/question/any-fixes-for-gta-onlines-battleye-on-linux/ |access-date=Aug 5, 2025 |website=Nerd Burglars |archive-url=http://web.archive.org/web/20251004104039/https://nerdburglars.net/question/any-fixes-for-gta-onlines-battleye-on-linux/ |archive-date=4 Oct 2025}}</ref><ref>{{Cite web |last=AnIcedTeaPlease |date=Jan 21, 2021 |title=What's the progress of Battleye (and other anti-cheat software) on Linux as of 2021? |url=https://www.reddit.com/r/linux_gaming/comments/l29yfk/whats_the_progress_of_battleye_and_other/ |access-date=Aug 5, 2025 |website=[[Reddit]] |archive-url=http://web.archive.org/web/20210127221848/https://old.reddit.com/r/linux_gaming/comments/l29yfk/whats_the_progress_of_battleye_and_other/ |archive-date=27 Jan 2021}}</ref> or [[Epic Games, Inc.|Epic Games]]' Fortnite.<ref>{{Cite web |last=WashingtonMatt |date=Jan 7, 2023 |title=Blocked by BattlEye for [Virtual Machine] |url=https://forums.unraid.net/topic/133384-blocked-by-battleye-for-virtual-machine/ |access-date=Aug 5, 2025 |website=Unraid |archive-url=http://web.archive.org/web/20251004104108/https://forums.unraid.net/topic/133384-blocked-by-battleye-for-virtual-machine/ |archive-date=4 Oct 2025}}</ref><!--More examples: https://steamcommunity.com/app/513710/discussions/0/3770112515483525897/ (SCUM)

https://learn.microsoft.com/en-us/answers/questions/2327605/cant-launch-game-error-says-this-game-will-not-run (Mass Effect 3)-->

For the game [[Diabotical]], the developers explicitly ban users running Linux from playing the online-only game,<ref>{{Cite web |date=Mar 6, 2020 |title=Diabotical developer blocks Linux users from playing and says "Just run Windows like the rest of the population." |url=https://www.reddit.com/r/linux_gaming/comments/fert89/diabotical_developer_blocks_linux_users_from/ |archive-url=https://web.archive.org/web/20200313084233/https://www.reddit.com/r/linux_gaming/comments/fert89/diabotical_developer_blocks_linux_users_from/ |archive-date=Mar 13, 2020 |access-date=Aug 5, 2025 |website=[[Reddit]]}}</ref> citing their Linux anticheat being too weak.<ref>{{Cite web |title=Clip from Diabotical developer stream |url=https://streamable.com/7vmt1 |archive-url=https://web.archive.org/web/20230209160054/https://streamable.com/7vmt1 |archive-date=Feb 9, 2023 |access-date=Aug 5, 2025 |website=Streamable}}</ref>

For the game Diabotical, the developers explicitly ban users running Linux from playing the online-only game,<ref>{{Cite web |date=Mar 6, 2020 |title=Diabotical developer blocks Linux users from playing and says "Just run Windows like the rest of the population." |url=https://www.reddit.com/r/linux_gaming/comments/fert89/diabotical_developer_blocks_linux_users_from/ |archive-url=https://web.archive.org/web/20200313084233/https://www.reddit.com/r/linux_gaming/comments/fert89/diabotical_developer_blocks_linux_users_from/ |archive-date=Mar 13, 2020 |access-date=Aug 5, 2025 |website=[[Reddit]]}}</ref> citing their Linux anticheat being too weak.<ref>{{Cite web |title=Clip from Diabotical developer stream |url=https://streamable.com/7vmt1 |archive-url=https://web.archive.org/web/20230209160054/https://streamable.com/7vmt1 |archive-date=Feb 9, 2023 |access-date=Aug 5, 2025 |website=Streamable}}</ref>

==Further reading==

* [[Electronic Arts|EA]] has a history of using anti-cheats such as ~~[[Easy anti-cheat|~~EAC]], and recently switched to [[EA moves to in-house kernel-level anti-cheat on PC after purchase|an in-house developed kernel-level anti-cheat]].

*[[Electronic Arts|EA]] has a history of using anti-cheats such as EAC, and recently switched to [[EA moves to in-house kernel-level anti-cheat on PC after purchase|an in-house developed kernel-level anti-cheat]].

* [[Rockstar Games|Rockstar]]'s ''Grand Theft Auto V'' [[GTA 5 moves to kernel-level anti-cheat on PC after purchase|moved to Kernel Level Anti-Cheats]], and in the process, additionally blocked Linux users from being able to play its online components.<ref name=":1" /><ref name=":2" />

*[[Rockstar Games|Rockstar]]'s ''Grand Theft Auto V'' [[GTA 5 moves to kernel-level anti-cheat on PC after purchase|moved to Kernel Level Anti-Cheats]], and in the process, additionally blocked Linux users from being able to play its online components.<ref name=":1" /><ref name=":2" />

* [[Hoyoverse]]'s [[Genshin Impact|''Genshin Impact'']] has used a kernel-level anti-cheat since launch.

*Hoyoverse's [[Genshin Impact|''Genshin Impact'']] has used a kernel-level anti-cheat since launch.

* [[Riot Games]]' [[Valorant]] uses an in house kernel-level anticheat called [https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard Vanguard]

*Riot Games' [[Valorant]] uses an in house kernel-level anticheat called [https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard Vanguard]

* [[Kuro Games]]' [[Wuthering Waves]] uses a kernel-level anticheat called [[Anti-Cheat Expert|ACE]] (Anti-Cheat Expert) since launch.

*Amazing Seasun Games' Mecha Break uses a kernel-level anticheat called [[Anti-Cheat Expert|ACE]] (Anti-Cheat Expert) since launch.

* [[Hotta Studios]]' [[Tower of Fantasy]]'s history of kernel-level anticheat caused BSOD and would stay even after uninstalling the game.

*Kuro Games' Wuthering Waves uses a kernel-level anticheat called [[Anti-Cheat Expert|ACE]] (Anti-Cheat Expert) since launch.

* [[Ubisoft]] uses [[BattlEye Anticheat|BattlEye]] kernel-level anticheat for [https://r6fix.ubi.com/projects/RAINBOW6-SIEGE-LIVE/issues/LIVE-59642 Rainbow Six: Siege] which prevents Linux gamers from launching it even after paying for it.

*Hotta Studios' Tower of Fantasy's history of kernel-level anticheat caused BSOD and would stay even after uninstalling the game.

* Arrowhead Game Studios' Helldivers 2 uses a kernel-level anticheat called [https://www.reddit.com/r/Helldivers/comments/19dp2qw/helldivers_2_nprotect_gameguard_anticheat/ nProtect GameGuard].

*[[Ubisoft]] uses [[BattlEye Anticheat|BattlEye]] kernel-level anticheat for [https://r6fix.ubi.com/projects/RAINBOW6-SIEGE-LIVE/issues/LIVE-59642 Rainbow Six: Siege] which prevents Linux gamers from launching it even after paying for it.

*Arrowhead Game Studios' Helldivers 2 uses a kernel-level anticheat called [https://www.reddit.com/r/Helldivers/comments/19dp2qw/helldivers_2_nprotect_gameguard_anticheat/ nProtect GameGuard].

==Further Reading==

*[[List of kernel-level anti cheats]]

*[[Kernel level driver]]

==References==

[[Category:Common terms]]

@@ Line 1: / Line 1: @@
-'''Kernel-level anti-cheat''' (KLAC) is a subset of anti-cheat dedicated towards running above the user level. These types of anti-cheat, such as [[Easy Anti-Cheat|Easy Anticheat]] (EAC), have grown in popularity among large developers for their online multiplayer games.<ref>{{Cite web |last=Alder |first=Dan |date=Mar 6, 2024 |title=Every game with kernel–level anti–cheat software |url=https://levvvel.com/games-with-kernel-level-anti-cheat-software/ |access-date=Aug 5, 2025 |website=levvvel}}</ref> Alongside this rise in popularity is increasing concern from both consumers regarding their privacy with the use of this software,<ref>{{Cite news |last=Conway |first=Adam |date=Aug 13, 2024 |title=Kernel-level anti-cheats are the next tech disaster waiting to happen |url=https://www.xda-developers.com/kernel-level-anti-cheat-tech-disaster/ |access-date=Aug 5, 2025 |work=XDA}}</ref> and from security professionals who recognize the significant risks of kernel-level software being breached.<ref>{{Cite news |last=Bullas |first=Adam |date=Oct 23, 2024 |title=Kernel-Level Anti-Cheat: Security Risks, Linux Struggles, and the Steam Deck |url=https://adambullas.com/kernel-level-anti-cheat/ |access-date=Aug 5, 2025 |work=AdamBullas.com}}</ref>
+'''Kernel-level anti-cheat''' (KLAC) is a subset of anti-cheat dedicated towards running above the user level. These types of anti-cheat, such as [[Easy Anti-Cheat|Easy Anticheat]] (EAC), have grown in popularity among large developers for their online multiplayer games.<ref>{{Cite web |last=Alder |first=Dan |date=Mar 6, 2024 |title=Every game with kernel–level anti–cheat software |url=https://levvvel.com/games-with-kernel-level-anti-cheat-software/ |access-date=Aug 5, 2025 |website=levvvel}}</ref> Alongside this rise in popularity is increasing concern from both consumers regarding their privacy with the use of this software,<ref>{{Cite news |last=Conway |first=Adam |date=Aug 13, 2024 |title=Kernel-level anti-cheats are the next tech disaster waiting to happen |url=https://www.xda-developers.com/kernel-level-anti-cheat-tech-disaster/ |access-date=Aug 5, 2025 |work=XDA |archive-url=http://web.archive.org/web/20260218164522/https://www.xda-developers.com/kernel-level-anti-cheat-tech-disaster/ |archive-date=18 Feb 2026}}</ref> and from security professionals who recognize the significant risks of kernel-level software being breached.<ref>{{Cite news |last=Bullas |first=Adam |date=Oct 23, 2024 |title=Kernel-Level Anti-Cheat: Security Risks, Linux Struggles, and the Steam Deck |url=https://adambullas.com/kernel-level-anti-cheat/ |access-date=Aug 5, 2025 |work=AdamBullas.com |archive-url=http://web.archive.org/web/20260118135338/https://adambullas.com/kernel-level-anti-cheat/ |archive-date=18 Jan 2026}}</ref>
 ==How it works==
@@ Line 8: / Line 8: @@
 ==Consumer impact summary==
 ===Privacy concerns===
-Kernel-level anti-cheat has access to every process that runs on a computer, from a simple video running in the background, to processes that may be more private for the user. As this software is designed to run on startup,<ref>{{Cite web |last=Rigney |first=Ryan K. |date=23 Feb 2024 |title=The Gamers Do Not Understand Anti-Cheat |url=https://www.pushtotalk.gg/p/the-gamers-do-not-understand-anti-cheat |access-date=2025-06-10 |website=Push To Talk}}</ref> this means even if the intended game the software was installed for is not currently running, it retains the capability to track the user's behaviors. This can range from gathering data that could be sold to advertisers to, if the software itself is hijacked by a malicious actor, the harvesting of sensitive personal information.
+Kernel-level anti-cheat has access to every process that runs on a computer, from a simple video running in the background, to processes that may be more private for the user. As this software is designed to run on startup,<ref>{{Cite web |last=Rigney |first=Ryan K. |date=23 Feb 2024 |title=The Gamers Do Not Understand Anti-Cheat |url=https://www.pushtotalk.gg/p/the-gamers-do-not-understand-anti-cheat |access-date=2025-06-10 |website=Push To Talk |archive-url=http://web.archive.org/web/20251215134002/https://www.pushtotalk.gg/p/the-gamers-do-not-understand-anti-cheat |archive-date=15 Dec 2025}}</ref> this means even if the intended game the software was installed for is not currently running, it retains the [[Spyware|capability to track]] the user's behaviors. This can range from gathering data that could be sold to advertisers to, if the software itself is hijacked by a malicious actor, the harvesting of sensitive personal information.
 ===Security concerns===
@@ Line 15: / Line 15: @@
 If a malicious actor was to discover a security issue in a kernel level anti-cheat significant enough to allow them to hijack the software, they would be able to directly execute code at its level of access, allowing them to bypass security measures put in place by the {{Wplink|operating system}} and {{Wplink|Antivirus software|anti-virus software}}.
-This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat '''mhyprot2.sys''<nowiki/>' was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |access-date=Aug 4, 2025 |website=Trend}}</ref>
+This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat <code>mhyprot2.sys</code> was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |access-date=Aug 4, 2025 |website=Trend |archive-url=http://web.archive.org/web/20260208191733/https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html |archive-date=8 Feb 2026}}</ref>
-Another perfect example is [[Hotta Studios]]' [[Tower of Fantasy]] game. Users have reported that the kernel-level anticheat 'ksophon_x64.sys' has caused [[wikipedia:Blue_screen_of_death|BSOD]] along with the DPC_WATCHDOG_VIOLATION. This incident occurs when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in System32/drivers.
+Another perfect example is Hotta Studios' Tower of Fantasy game. Users have reported that the kernel-level anticheat <code>ksophon_x64.sys</code> has caused [[wikipedia:Blue_screen_of_death|BSOD]] along with the <code>DPC_WATCHDOG_VIOLATION</code>. This incident occurs when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in <code>System32/drivers</code>.
-=== Support issues ===
+===Support issues===
-Due to the nature of [[wikipedia:Linux|GNU/Linux]]-based operating systems, many KLACs end up becoming incompatible.<ref name=":0">{{Cite web |last=Sam4k |date=Aug 15, 2021 |title=What's The Deal With Anti-Cheat On Linux? |url=https://sam4k.com/whats-the-deal-with-anti-cheat-on-linux/ |access-date=Aug 5, 2025 |website=Sam4k.com}}</ref> Some have been aiming to fix this via compatibility layers under [[wikipedia:Proton_(software)|Proton]] or [[wikipedia:Wine_(software)|WINE]], but due to how popular KLACs communicate with the system to verify integrity on the kernel level, it fails to work with Linux.<ref name=":0" /> As such, games that cannot have their anticheat function fully will entirely refuse to launch,<ref>{{Cite news |last=Tulach |first=Samuel |date=Sep 10, 2024 |title=The issue of anti-cheat on Linux |url=https://tulach.cc/the-issue-of-anti-cheat-on-linux/ |access-date=Aug 5, 2025 |work=Tulach}}</ref> even if it can be used for offline purposes.
+Due to the nature of [[wikipedia:Linux|GNU/Linux]]-based operating systems, many KLACs end up becoming incompatible.<ref name=":0">{{Cite web |last=Sam4k |date=Aug 15, 2021 |title=What's The Deal With Anti-Cheat On Linux? |url=https://sam4k.com/whats-the-deal-with-anti-cheat-on-linux/ |access-date=Aug 5, 2025 |website=Sam4k.com |archive-url=http://web.archive.org/web/20251110195706/https://sam4k.com/whats-the-deal-with-anti-cheat-on-linux/ |archive-date=10 Nov 2025}}</ref> Some have been aiming to fix this via compatibility layers under [[wikipedia:Proton_(software)|Proton]] or [[wikipedia:Wine_(software)|WINE]], but due to how popular KLACs communicate with the system to verify integrity on the kernel level, it fails to work with Linux.<ref name=":0" /> As such, games that cannot have their anticheat function fully will entirely refuse to launch,<ref>{{Cite news |last=Tulach |first=Samuel |date=Sep 10, 2024 |title=The issue of anti-cheat on Linux |url=https://tulach.cc/the-issue-of-anti-cheat-on-linux/ |access-date=Aug 5, 2025 |work=Tulach |archive-url=http://web.archive.org/web/20251229235125/https://tulach.cc/the-issue-of-anti-cheat-on-linux/ |archive-date=29 Dec 2025}}</ref> even if it can be used for offline purposes.
-In some instances, KLAC can be so aggressive towards Linux, that it refuses to launch even in a [[wikipedia:Virtual_machine|virtual machine]], like with [[Rockstar Games|Rockstar Games']] ''[[Grand Theft Auto V]]''<ref name=":1">{{Cite web |last=Airweizen |date=Sep 28, 2024 |title=30 day ban people - did you have running this software? |url=https://steamcommunity.com/app/271590/discussions/0/4839770900414998113/ |access-date=Aug 5, 2025 |website=Steam Forums}}</ref><ref name=":2">{{Cite web |last=GamerDude909 |date=Feb 12, 2025 |title=Can You Play GTA Online on Linux? |url=https://nerdburglars.net/question/can-you-play-gta-online-on-linux/ |access-date=Aug 5, 2025 |website=Nerd Burglars}}</ref> running [[BattlEye Anticheat]], which has been known to explicitly block Linux users,<ref>{{Cite web |last=KZ_D |date=May 16, 2022 |title=Anyone out there still playing Battleye protected games in VM in 2022? |url=https://www.reddit.com/r/VFIO/comments/uqwljl/anyone_out_there_still_playing_battleye_protected/ |access-date=Aug 5, 2025 |website=[[Reddit]]}}</ref><ref>{{Cite web |last=GamerNinja99 |date=Mar 2, 2025 |title=Any Fixes for GTA Online's BattlEye on Linux? |url=https://nerdburglars.net/question/any-fixes-for-gta-onlines-battleye-on-linux/ |access-date=Aug 5, 2025 |website=Nerd Burglars}}</ref><ref>{{Cite web |last=AnIcedTeaPlease |date=Jan 21, 2021 |title=What's the progress of Battleye (and other anti-cheat software) on Linux as of 2021? |url=https://www.reddit.com/r/linux_gaming/comments/l29yfk/whats_the_progress_of_battleye_and_other/ |access-date=Aug 5, 2025 |website=[[Reddit]]}}</ref> or [[Epic Games, Inc.|Epic Games]]' [[Fortnite]].<ref>{{Cite web |last=WashingtonMatt |date=Jan 7, 2023 |title=Blocked by BattlEye for [Virtual Machine] |url=https://forums.unraid.net/topic/133384-blocked-by-battleye-for-virtual-machine/ |access-date=Aug 5, 2025 |website=Unraid}}</ref><!--More examples: https://steamcommunity.com/app/513710/discussions/0/3770112515483525897/ (SCUM)
+In some instances, KLAC can be so aggressive towards Linux, that it refuses to launch even in a [[wikipedia:Virtual_machine|virtual machine]], like with [[Rockstar Games|Rockstar Games']] ''Grand Theft Auto V''<ref name=":1">{{Cite web |last=Airweizen |date=Sep 28, 2024 |title=30 day ban people - did you have running this software? |url=https://steamcommunity.com/app/271590/discussions/0/4839770900414998113/ |access-date=Aug 5, 2025 |website=Steam Forums |archive-url=http://web.archive.org/web/20251004104023/https://steamcommunity.com/app/271590/discussions/0/4839770900414998113/ |archive-date=4 Oct 2025}}</ref><ref name=":2">{{Cite web |last=GamerDude909 |date=Feb 12, 2025 |title=Can You Play GTA Online on Linux? |url=https://nerdburglars.net/question/can-you-play-gta-online-on-linux/ |access-date=Aug 5, 2025 |website=Nerd Burglars |archive-url=http://web.archive.org/web/20250720052714/https://nerdburglars.net/question/can-you-play-gta-online-on-linux/ |archive-date=20 Jul 2025}}</ref> running [[BattlEye Anticheat]], which has been known to explicitly block Linux users,<ref>{{Cite web |last=KZ_D |date=May 16, 2022 |title=Anyone out there still playing Battleye protected games in VM in 2022? |url=https://www.reddit.com/r/VFIO/comments/uqwljl/anyone_out_there_still_playing_battleye_protected/ |access-date=Aug 5, 2025 |website=[[Reddit]] |archive-url=http://web.archive.org/web/20220516135921/https://old.reddit.com/r/VFIO/comments/uqwljl/anyone_out_there_still_playing_battleye_protected/ |archive-date=16 May 2022}}</ref><ref>{{Cite web |last=GamerNinja99 |date=Mar 2, 2025 |title=Any Fixes for GTA Online's BattlEye on Linux? |url=https://nerdburglars.net/question/any-fixes-for-gta-onlines-battleye-on-linux/ |access-date=Aug 5, 2025 |website=Nerd Burglars |archive-url=http://web.archive.org/web/20251004104039/https://nerdburglars.net/question/any-fixes-for-gta-onlines-battleye-on-linux/ |archive-date=4 Oct 2025}}</ref><ref>{{Cite web |last=AnIcedTeaPlease |date=Jan 21, 2021 |title=What's the progress of Battleye (and other anti-cheat software) on Linux as of 2021? |url=https://www.reddit.com/r/linux_gaming/comments/l29yfk/whats_the_progress_of_battleye_and_other/ |access-date=Aug 5, 2025 |website=[[Reddit]] |archive-url=http://web.archive.org/web/20210127221848/https://old.reddit.com/r/linux_gaming/comments/l29yfk/whats_the_progress_of_battleye_and_other/ |archive-date=27 Jan 2021}}</ref> or [[Epic Games, Inc.|Epic Games]]' Fortnite.<ref>{{Cite web |last=WashingtonMatt |date=Jan 7, 2023 |title=Blocked by BattlEye for [Virtual Machine] |url=https://forums.unraid.net/topic/133384-blocked-by-battleye-for-virtual-machine/ |access-date=Aug 5, 2025 |website=Unraid |archive-url=http://web.archive.org/web/20251004104108/https://forums.unraid.net/topic/133384-blocked-by-battleye-for-virtual-machine/ |archive-date=4 Oct 2025}}</ref><!--More examples: https://steamcommunity.com/app/513710/discussions/0/3770112515483525897/ (SCUM)
 https://learn.microsoft.com/en-us/answers/questions/2327605/cant-launch-game-error-says-this-game-will-not-run (Mass Effect 3)-->
-For the game [[Diabotical]], the developers explicitly ban users running Linux from playing the online-only game,<ref>{{Cite web |date=Mar 6, 2020 |title=Diabotical developer blocks Linux users from playing and says "Just run Windows like the rest of the population." |url=https://www.reddit.com/r/linux_gaming/comments/fert89/diabotical_developer_blocks_linux_users_from/ |archive-url=https://web.archive.org/web/20200313084233/https://www.reddit.com/r/linux_gaming/comments/fert89/diabotical_developer_blocks_linux_users_from/ |archive-date=Mar 13, 2020 |access-date=Aug 5, 2025 |website=[[Reddit]]}}</ref> citing their Linux anticheat being too weak.<ref>{{Cite web |title=Clip from Diabotical developer stream |url=https://streamable.com/7vmt1 |archive-url=https://web.archive.org/web/20230209160054/https://streamable.com/7vmt1 |archive-date=Feb 9, 2023 |access-date=Aug 5, 2025 |website=Streamable}}</ref>
+For the game Diabotical, the developers explicitly ban users running Linux from playing the online-only game,<ref>{{Cite web |date=Mar 6, 2020 |title=Diabotical developer blocks Linux users from playing and says "Just run Windows like the rest of the population." |url=https://www.reddit.com/r/linux_gaming/comments/fert89/diabotical_developer_blocks_linux_users_from/ |archive-url=https://web.archive.org/web/20200313084233/https://www.reddit.com/r/linux_gaming/comments/fert89/diabotical_developer_blocks_linux_users_from/ |archive-date=Mar 13, 2020 |access-date=Aug 5, 2025 |website=[[Reddit]]}}</ref> citing their Linux anticheat being too weak.<ref>{{Cite web |title=Clip from Diabotical developer stream |url=https://streamable.com/7vmt1 |archive-url=https://web.archive.org/web/20230209160054/https://streamable.com/7vmt1 |archive-date=Feb 9, 2023 |access-date=Aug 5, 2025 |website=Streamable}}</ref>
 ==Further reading==
-* [[Electronic Arts|EA]] has a history of using anti-cheats such as [[Easy anti-cheat|EAC]], and recently switched to [[EA moves to in-house kernel-level anti-cheat on PC after purchase|an in-house developed kernel-level anti-cheat]].
+*[[Electronic Arts|EA]] has a history of using anti-cheats such as EAC, and recently switched to [[EA moves to in-house kernel-level anti-cheat on PC after purchase|an in-house developed kernel-level anti-cheat]].
-* [[Rockstar Games|Rockstar]]'s ''Grand Theft Auto V'' [[GTA 5 moves to kernel-level anti-cheat on PC after purchase|moved to Kernel Level Anti-Cheats]], and in the process, additionally blocked Linux users from being able to play its online components.<ref name=":1" /><ref name=":2" />
+*[[Rockstar Games|Rockstar]]'s ''Grand Theft Auto V'' [[GTA 5 moves to kernel-level anti-cheat on PC after purchase|moved to Kernel Level Anti-Cheats]], and in the process, additionally blocked Linux users from being able to play its online components.<ref name=":1" /><ref name=":2" />
-* [[Hoyoverse]]'s [[Genshin Impact|''Genshin Impact'']] has used a kernel-level anti-cheat since launch.
+*Hoyoverse's [[Genshin Impact|''Genshin Impact'']] has used a kernel-level anti-cheat since launch.
-* [[Riot Games]]' [[Valorant]] uses an in house kernel-level anticheat called [https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard Vanguard]
+*Riot Games' [[Valorant]] uses an in house kernel-level anticheat called [https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard Vanguard]
-* [[Kuro Games]]' [[Wuthering Waves]] uses a kernel-level anticheat called [[Anti-Cheat Expert|ACE]] (Anti-Cheat Expert) since launch.
+*Amazing Seasun Games' Mecha Break uses a kernel-level anticheat called [[Anti-Cheat Expert|ACE]] (Anti-Cheat Expert) since launch.
-* [[Hotta Studios]]' [[Tower of Fantasy]]'s history of kernel-level anticheat caused BSOD and would stay even after uninstalling the game.
+*Kuro Games' Wuthering Waves uses a kernel-level anticheat called [[Anti-Cheat Expert|ACE]] (Anti-Cheat Expert) since launch.
-* [[Ubisoft]] uses [[BattlEye Anticheat|BattlEye]] kernel-level anticheat for [https://r6fix.ubi.com/projects/RAINBOW6-SIEGE-LIVE/issues/LIVE-59642 Rainbow Six: Siege] which prevents Linux gamers from launching it even after paying for it.
+*Hotta Studios' Tower of Fantasy's history of kernel-level anticheat caused BSOD and would stay even after uninstalling the game.
-* Arrowhead Game Studios' Helldivers 2 uses a kernel-level anticheat called [https://www.reddit.com/r/Helldivers/comments/19dp2qw/helldivers_2_nprotect_gameguard_anticheat/ nProtect GameGuard].
+*[[Ubisoft]] uses [[BattlEye Anticheat|BattlEye]] kernel-level anticheat for [https://r6fix.ubi.com/projects/RAINBOW6-SIEGE-LIVE/issues/LIVE-59642 Rainbow Six: Siege] which prevents Linux gamers from launching it even after paying for it.
+*Arrowhead Game Studios' Helldivers 2 uses a kernel-level anticheat called [https://www.reddit.com/r/Helldivers/comments/19dp2qw/helldivers_2_nprotect_gameguard_anticheat/ nProtect GameGuard].
+==Further Reading==
+*[[List of kernel-level anti cheats]]
+*[[Kernel level driver]]
 ==References==
 <references />
 [[Category:Common terms]]