- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Steam store pages received a new Anti-cheat field. Disclosure is mandatory for kernel-level anti-cheat solutions. And recommended for other anti-cheat solutions (like server-side or non-kernel-level client-side).
The field discloses the anti-cheat product, whether it is a kernel-level installation, and whether it uninstalls with the product or requires manual removal to remove.
No
I’m assuming the user meant all kernel level anti-cheat is malware
I’m sure they did and it’s not. Malware isn’t defined by its privileges but what it does.
Correct… and anything that intercepts all system calls and forces closed applications that it deems “not safe” even if I the user specifically run it is malware. You bet your ass they feed back information to the mothership too.
And btw, if you’re accepting the “Spyware” moniker from the other comment chain. Spyware is a form/category of malware.
Definition from Malwarebytes:
Hostile - it’s not meant to help you at all. If you’re doing something deemed “unsafe” in their eyes. They will take action up to and including stealing your money that you paid for the game. intrusive - embeds itself in the kernel Intentionally nasty - Well it’s not accidentally nasty.
invade - attached to games with little to no input on what you’re installing. disable computer systems - specifically the software you paid for Taking partial control over a device’s operations - the whole fucking kernel.
I’d say meeting the VAST majority of the definition and at least one portion of each category is sufficient to call them all malware.
No it’s literally not what malware is. Otherwise anti virus would be. And anti malware haha
It’s literally none of those things mentioned.
You are doing massive mental gymnastics. Intentionally nasty for an anit cheat is just stupid. You 100% know that’s not what that means.
It also doesn’t invade, damage, disable or take control of the system.
Just because you don’t like it doesn’t make it malware.
Taking kernel level actions to stop processes on YOUR machine is absolutely taking control of the system.
Kernel level anti-cheats meet every requirement. Just because you think there’s gymnastics going on doesn’t make it so. It’s actually well established in the security field that they count.
Have kernel-level anti-cheat systems ever stopped processes? Unrelated to the anti-cheat and the game itself?
I would imagine they would kick and ban you, not control other processes.
They have kernel access… They can control anything since they’re in the kernel. And yes, I’ve seen it.
If you remember back in the late 2000’s early 2010’s there were a boatload of apps that would hook into games to do things like display overlays for chats (Teamspeak for example, overwolf as another.) some kernel anti-cheats would stop those processes from starting up.
But don’t take my word for it.
https://www.pcgamer.com/according-to-experts-on-kernel-level-anticheat-two-things-are-abundantly-clear-1-its-not-perfect-and-2-its-not-going-anywhere/
Introduces backdoors to be used by malicious actors.
https://www.pcgamer.com/the-controversy-over-riots-vanguard-anti-cheat-software-explained/
Blocks external softwares that it deems “vulnerable”
https://old.reddit.com/r/gaming/comments/xf1cwr/the_insanity_of_eas_anticheat_system_by_a_kernel/
Kernel devs beg users to not allow this shit.
Just look it up. All sorts of articles and experts have spoken on it.
Source
Source for what in specific?
That stopping processes is a kernel action? Go ahead. Open powershell and ask it to close some other system process… The UAP prompt (if you’re on windows, linux will just fail silently most of the time unless you sudo or are root) that shows up is the kernel validating that you even have permissions to do that. The kernel handles ALL task scheduling/management. When you close something you’re asking the kernel to do it. The kernel also handles ALL file management and driver management (drivers being extensions of the kernel). So the fact that it can read other active DLLs and such hooked into other processes (say your graphics drivers) is literally proof.
That industry agrees that it’s malware? Depends on which part of industry I suppose. But if it’s able to do all these actions at the kernel level, and attached itself it to other software to install, often doesn’t uninstall when you remove the game it was attached to, AND gets flagged by anti-viruses that don’t have it whitelisted yet… It’s definitionally malware. Go search for “Is <insert anticheat> malware”. Very few people will argue that they’re not.
Hell it’s possible for anti-cheats to write to UEFI if they really wanted to. There’s no legitimate reason for that level of access, 0, none.
I’m a programmer I understand what they are. I understand why they suck.
Stopping processes is actually a user space action. You can do it without admin rights btw. Even if it popped the admin screen that’s still not a kernel level action.
Asking the kernel to do something is basically all operations and not the same as kernel level access.
Yeah that it’s considered malware. I did Google it and there’s nothing saying that.
Anti-cheat software is very clearly and explicitly spyware. That’s the entire purpose of it. It spies on how you use your software in the hope that if you cheat you’ll be seen by the spyware watching you.
This spyware is generally not something people want on their computer - as evidenced by people complaining about it. So effectively whats happening is that people are being spied on against their wishes. Spyware is a common category of malware.
So I think it’s pretty easy to see why people might describe anti-cheat software as malware.
Nah words have meaning. I get you don’t like it but that doesn’t make it spyware or malware.
Spyware isn’t about watching your system or memory it’s about stealing personal information.
These anti cheats specifically comply with privacy laws or they wouldn’t be allowed. You won’t find any breaking any laws.
Anti virus and anti malware applications do the same. Doesn’t make them spyware.
[edit] I’d posted something to go into more detail. But I’ve decided that branch of conversation is not really the way forward.
I’ll just say that the software is not installed by choice, and it does things that people don’t want it to do… so it could be described as malware. But if you want it on your computer, then I guess for you it is not malware. In any case, it doesn’t look like we’re going to agree about this regardless.
It is literally installed by choice. It’s part of the game installation. It’s up to users to know what they are installing. Many games likely install lots of things that aren’t immediately obvious.
It doesn’t infiltrate the system.
antimalware is literally worthless as has been for at least a decade. not even once did I get a spyware (or other) alert for the software of any commercial data harvester company. they are literally bought out and even the blind can see this
Yeah for sure. Used to be absolutely critical back when things like java in websites was a thing haha
Spyware steal your data, look the same to me
How do they steal your data? They also said malware