Jump to content

Kernel Level Anti-Cheats

From Consumer Rights Wiki
Revision as of 01:03, 6 August 2025 by JamesTDG (talk | contribs) (Attempting to save edit)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Kernel-level anti-cheat (KLAC) is a subset of anti-cheat dedicated towards running above the user level. These types of anti-cheat, such as Easy Anticheat (EAC), have grown in popularity among large developers for their online multiplayer games.[1] Alongside this rise in popularity is increasing concern from both consumers regarding their privacy with the use of this software,[2] and from security professionals who recognize the significant risks of kernel-level software being breached.[3]

How it works[edit | edit source]

Kernel level anti-cheats run at the kernel level; the deepest and most authoritative level of the computer. In layman's terms, this essentially means the software is capable of tracking every process occurring on a computer, and additionally exhibit control if necessary. Alternatives to kernel level anticheat include user level anticheat which runs as a standard process on the player's machine, and server side anticheat which leaves the user's machine untouched and solely operates on the game's servers.

The arms race between hacking and anticheat software has seen hackers better able to circumvent user level anticheat in recent years, pushing more anticheat developers to demand kernel access from players and more developers to require use of a kernel anticheat to access their games.

Consumer impact summary[edit | edit source]

Privacy concerns[edit | edit source]

Kernel-level anti-cheat has access to every process that runs on a computer, from a simple video running in the background, to processes that may be more private for the user. As this software is designed to run on startup,[4] this means even if the intended game the software was installed for is not currently running, it retains the capability to track the user's behaviors. This can range from gathering data that could be sold to advertisers to, if the software itself is hijacked by a malicious actor, the harvesting of sensitive personal information.

Security concerns[edit | edit source]

As kernel-level software holds the highest authorization on the hardware of a user,[5] this is favorable towards malicious actors.

If a malicious actor was to discover a security issue in a kernel level anti-cheat significant enough to allow them to hijack the software, they would be able to directly execute code at its level of access, allowing them to bypass security measures put in place by the operating system and anti-virus software.

This is not a purely hypothetical scenario; it has already taken place in an incident with the popular gacha co-op adventure Genshin Impact, where the game's anti-cheat 'mhyprot2.sys' was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing ransomware.[6]

Another perfect example is Hotta Studios' Tower of Fantasy game. Users have reported that the kernel-level anticheat 'ksophon_x64.sys' has caused BSOD along with the DPC_WATCHDOG_VIOLATION. This incident occurs when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in System32/drivers.

Support issues[edit | edit source]

Due to the nature of GNU/Linux-based operating systems, many KLACs end up becoming incompatible.[7] Some have been aiming to fix this via compatibility layers under Proton or WINE, but due to how popular KLACs communicate with the system to verify integrity on the kernel level, it fails to work with Linux.[7] As such, games that cannot have their anticheat function fully will entirely refuse to launch,[8] even if it can be used for offline purposes.

In some instances, KLAC can be so aggressive towards Linux, that it refuses to launch even in a virtual machine, like with Rockstar Games' Grand Theft Auto V[9][10] running BattlEye Anticheat, which has been known to explicitly block Linux users,[11][12][13] or Epic Games' Fortnite.[14]

For the game Diabotical, the developers explicitly ban users running Linux from playing the online-only game,[15] citing their Linux anticheat being too weak.[16]

Further reading[edit | edit source]

References[edit | edit source]

  1. Alder, Dan (Mar 6, 2024). "Every game with kernel–level anti–cheat software". levvvel. Retrieved Aug 5, 2025.
  2. Conway, Adam (Aug 13, 2024). "Kernel-level anti-cheats are the next tech disaster waiting to happen". XDA. Retrieved Aug 5, 2025.
  3. Bullas, Adam (Oct 23, 2024). "Kernel-Level Anti-Cheat: Security Risks, Linux Struggles, and the Steam Deck". AdamBullas.com. Retrieved Aug 5, 2025.
  4. Rigney, Ryan K. (23 Feb 2024). "The Gamers Do Not Understand Anti-Cheat". Push To Talk. Retrieved 2025-06-10.
  5. Litchfield, Ted (27 Feb 2024). "According to experts on kernel level anticheat, two things are abundantly clear: 1) It's not perfect and 2) It's not going anywhere". PC Gamer. Archived from the original on 2025-04-06. Retrieved 2025-06-10.
  6. Soliven, Ryan; Kimura, Hitomi (2022-08-24). "Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus". Trend. Retrieved Aug 4, 2025.
  7. 7.0 7.1 Sam4k (Aug 15, 2021). "What's The Deal With Anti-Cheat On Linux?". Sam4k.com. Retrieved Aug 5, 2025.{{cite web}}: CS1 maint: numeric names: authors list (link)
  8. Tulach, Samuel (Sep 10, 2024). "The issue of anti-cheat on Linux". Tulach. Retrieved Aug 5, 2025.
  9. 9.0 9.1 Airweizen (Sep 28, 2024). "30 day ban people - did you have running this software?". Steam Forums. Retrieved Aug 5, 2025.
  10. 10.0 10.1 GamerDude909 (Feb 12, 2025). "Can You Play GTA Online on Linux?". Nerd Burglars. Retrieved Aug 5, 2025.{{cite web}}: CS1 maint: numeric names: authors list (link)
  11. KZ_D (May 16, 2022). "Anyone out there still playing Battleye protected games in VM in 2022?". Reddit. Retrieved Aug 5, 2025.
  12. GamerNinja99 (Mar 2, 2025). "Any Fixes for GTA Online's BattlEye on Linux?". Nerd Burglars. Retrieved Aug 5, 2025.{{cite web}}: CS1 maint: numeric names: authors list (link)
  13. AnIcedTeaPlease (Jan 21, 2021). "What's the progress of Battleye (and other anti-cheat software) on Linux as of 2021?". Reddit. Retrieved Aug 5, 2025.
  14. WashingtonMatt (Jan 7, 2023). "Blocked by BattlEye for [Virtual Machine]". Unraid. Retrieved Aug 5, 2025.
  15. "Diabotical developer blocks Linux users from playing and says "Just run Windows like the rest of the population."". Reddit. Mar 6, 2020. Archived from the original on Mar 13, 2020. Retrieved Aug 5, 2025.
  16. "Clip from Diabotical developer stream". Streamable. Archived from the original on Feb 9, 2023. Retrieved Aug 5, 2025.
Retrieved from "https://consumerrights.wiki/index.php?title=Kernel_Level_Anti-Cheats&oldid=18111"