Kernel Level Anti-Cheats

❗Article Status Notice: This Article is a stub

Notice: This Article Requires Additional Expansion

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Issues may include:

This article needs to be expanded to provide meaningful information
This article requires additional verifiable evidence to demonstrate systemic impact
More documentation is needed to establish how this reflects broader consumer protection concerns
The connection between individual incidents and company-wide practices needs to be better established
The article is simply too short, and lacks sufficient content

How you can help:

Add documented examples with verifiable sources
Provide evidence of similar incidents affecting other consumers
Include relevant company policies or communications that demonstrate systemic practices
Link to credible reporting that covers these issues
Flesh out the article with relevant information

This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, visit the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.

Kernel-level anti-cheat is a subset of anti-cheat dedicated towards running above the user level. These types of anti-cheat, such as Easy Anticheat (EAC), have grown in popularity among large developers for their online multiplayer games.^{[citation needed]} Alongside this rise in popularity is additionally an increasing concern from both consumers regarding their privacy with the use of this software,^{[citation needed]} and from security professionals who recognize the significant risks of kernel-level software being breached.^{[citation needed]}

How it works

Kernel level anti-cheats run at the kernel level; the deepest and most authoritative level of the computer. In layman's terms, this essentially means the software is capable of tracking every process occurring on a computer, and additionally exhibit control if necessary. This is contrary to previous anti-cheats, which only had permissions so high as the user-level, which some cheating software exhibited forms of circumvention.

Why it is a problem

Privacy Concerns

Kernel-level anti-cheat has access to every process that runs on a computer, from a simple video running in the background, to processes that may be more private for the user. As this software is designed to run on startup,^{[citation needed]} this means even if the intended game the software was installed for is not currently running, it retains the capability to track the user's behaviors. This can range from gathering data that could be sold to advertisers, or if the software itself is hijacked by a malicious actor, the harvesting of sensitive personal information.

Security Concerns

Kernel-level software holds the highest authorization on the hardware of a user,^{[citation needed]} this is favorable towards malicious actors, since they have the capability to eventually breach the software with the purpose of distributing malware to users connected to the same server or network. An example of this scenario was with the MMO RPG Genshin Impact, where the game's anti-cheat 'mhyprot2.sys' was hijacked by malicious actors with the intent of distributing ransomware onto users' devices.^[1]

Examples

EA has a history of using anti-cheats such as EAC, and recently switched to an in-house developed kernel-level anti-cheat.
Rockstar's Grand Theft Auto V moved to Kernel Level Anti-Cheats.
Hoyoverse's Genshin Impact has used a kernel-level anti-cheat since launch.

References

↑ Soliven, Ryan; Kimura, Hitomi (2022-08-24). "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus".

[1] Soliven, Ryan; Kimura, Hitomi (2022-08-24). "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus".

[1]