Kernel Level Anti-Cheats: Difference between revisions
Mandle Rex (talk | contribs) →How it works: fixed grammar |
Intensive revisions |
||
| Line 1: | Line 1: | ||
{{Stub}}Kernel | {{Stub}}Kernel-level anti-cheat is a subset of anti-cheat dedicated towards running above the user level. These types of anti-cheat, such as [[Easy Anti-Cheat|Easy Anticheat]] (EAC), have grown in popularity among large developers for their online multiplayer games.{{Citation needed}} <!-- A comprehensive list of KL-AC to flip through: | ||
https://levvvel.com/games-with-kernel-level-anti-cheat-software/ -->Alongside this rise in popularity is additionally an increasing concern from both consumers regarding their privacy with the use of this software,{{Citation needed}} and from security professionals who recognize the significant risks of kernel-level software being breached.{{Citation needed}} | |||
==How it works== | ==How it works== | ||
Kernel level anti-cheats run at the kernel level | Kernel level anti-cheats run at the kernel level; the deepest and most authoritative level of the computer. In layman's terms, this essentially means the software is capable of tracking every process occurring on a computer, and additionally exhibit control if necessary. This is contrary to previous anti-cheats, which only had permissions so high as the user-level, which some cheating software exhibited forms of circumvention. | ||
==Why it is a problem== | ==Why it is a problem== | ||
===Privacy Concerns=== | ===Privacy Concerns=== | ||
Kernel-level anti-cheat has access to every process that runs on a computer, from a simple video running in the background, to processes that may be more private for the user. As this software is designed to run on startup,{{Citation needed}} this means even if the intended game the software was installed for is not currently running, it retains the capability to track the user's behaviors. This can range from gathering data that could be sold to advertisers, or if the software itself is hijacked by a malicious actor, the harvesting of sensitive personal information. | |||
===Security Concerns=== | ===Security Concerns=== | ||
Kernel-level software holds the highest authorization on the hardware of a user,{{Citation needed}} this is favorable towards malicious actors, since they have the capability to eventually breach the software with the purpose of distributing malware to users connected to the same server or network. An example of this scenario was with the MMO RPG [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat '''mhyprot2.sys''<nowiki/>' was hijacked by malicious actors with the intent of distributing ransomware onto users' devices.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html}}</ref> | |||
==Examples== | ==Examples== | ||
*[[Electronic Arts|EA]] has recently [[EA moves to in-house kernel-level anti-cheat on PC after purchase| | *[[Electronic Arts|EA]] has a history of using anti-cheats such as [[Easy anti-cheat|EAC]], and recently switched to [[EA moves to in-house kernel-level anti-cheat on PC after purchase|an in-house developed kernel-level anti-cheat]]. | ||
* | *[[Rockstar Games|Rockstar]]'s ''Grand Theft Auto V'' [[GTA 5 moves to kernel-level anti-cheat on PC after purchase|moved to Kernel Level Anti-Cheats.]] | ||
*[[Genshin Impact]] has | *[[Hoyoverse]]'s [[Genshin Impact|''Genshin Impact'']] has used a kernel-level anti-cheat since launch. | ||
Revision as of 10:03, 10 June 2025
❗Article Status Notice: This Article is a stub
This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Issues may include:
- This article needs to be expanded to provide meaningful information
- This article requires additional verifiable evidence to demonstrate systemic impact
- More documentation is needed to establish how this reflects broader consumer protection concerns
- The connection between individual incidents and company-wide practices needs to be better established
- The article is simply too short, and lacks sufficient content
How you can help:
- Add documented examples with verifiable sources
- Provide evidence of similar incidents affecting other consumers
- Include relevant company policies or communications that demonstrate systemic practices
- Link to credible reporting that covers these issues
- Flesh out the article with relevant information
This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, visit the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.
Kernel-level anti-cheat is a subset of anti-cheat dedicated towards running above the user level. These types of anti-cheat, such as Easy Anticheat (EAC), have grown in popularity among large developers for their online multiplayer games.[citation needed] Alongside this rise in popularity is additionally an increasing concern from both consumers regarding their privacy with the use of this software,[citation needed] and from security professionals who recognize the significant risks of kernel-level software being breached.[citation needed]
How it works
Kernel level anti-cheats run at the kernel level; the deepest and most authoritative level of the computer. In layman's terms, this essentially means the software is capable of tracking every process occurring on a computer, and additionally exhibit control if necessary. This is contrary to previous anti-cheats, which only had permissions so high as the user-level, which some cheating software exhibited forms of circumvention.
Why it is a problem
Privacy Concerns
Kernel-level anti-cheat has access to every process that runs on a computer, from a simple video running in the background, to processes that may be more private for the user. As this software is designed to run on startup,[citation needed] this means even if the intended game the software was installed for is not currently running, it retains the capability to track the user's behaviors. This can range from gathering data that could be sold to advertisers, or if the software itself is hijacked by a malicious actor, the harvesting of sensitive personal information.
Security Concerns
Kernel-level software holds the highest authorization on the hardware of a user,[citation needed] this is favorable towards malicious actors, since they have the capability to eventually breach the software with the purpose of distributing malware to users connected to the same server or network. An example of this scenario was with the MMO RPG Genshin Impact, where the game's anti-cheat 'mhyprot2.sys' was hijacked by malicious actors with the intent of distributing ransomware onto users' devices.[1]
Examples
- EA has a history of using anti-cheats such as EAC, and recently switched to an in-house developed kernel-level anti-cheat.
- Rockstar's Grand Theft Auto V moved to Kernel Level Anti-Cheats.
- Hoyoverse's Genshin Impact has used a kernel-level anti-cheat since launch.
References
- ↑ Soliven, Ryan; Kimura, Hitomi (2022-08-24). "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus".