Kernel Level Anti-Cheats

❗Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

Kernel Level Anti-Cheats are anti-cheat software that boot and run at the kernel level instead of the typical user level. These methods of anti-cheats have recently become more popular among big online service games. They are controversial because of privacy and security concerns.

How it works

Kernel level anti-cheats run at the kernel level, the deepest and most authoritative level of the computer. They are software that have access to everything the computer is doing. This is in contrast to traditional, user level anti-cheats, which only had access to user-level permissions and therefore could not detect certain cheat engines which were cleverly hidden.

Why it is a problem

Privacy Concerns

As kernel level anti-cheats have access to everything that's going on in a computer, any party that hijacks said anti-cheat can snoop on the private daily lives of users.

Security Concerns

Since Kernel Level anti-cheats operate at the kernel level, when they are eventually hijacked and exploited they create a massive security issue directly at the kernel level. This has happened with Genshin Impact, where hackers hijacked the anti-cheat used, to deliver ransomware to users' systems.^[1]

Examples

EA has recently moved to Kernel Level Anti-Cheats.
GTA V has recently moved to Kernel Level Anti-Cheats.
Genshin Impact has moved to Kernel Level Anti-Cheats.

References

↑ Soliven, Ryan; Kimura, Hitomi (2022-08-24). "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus".

[1] Soliven, Ryan; Kimura, Hitomi (2022-08-24). "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus".

[1]