If you haven't yet, follow us on X (Twitter) or Mastodon to know when we post new articles, and join our Reddit or Subscribe to us on YouTube to check out our content and interact with our awesome community. Thank you for supporting us!
There are thousands and thousands of games that work on the Steam Deck, which makes it one of the devices with the biggest library of games that you can play. It makes it one of the most appealing devices to use for gaming, but there are still some games you can't play at all, thanks to the way their anti-cheat works. The tools, which are used for games like Call of Duty, Valorant, and Battlefield are aimed at curbing cheaters by running the software at the kernel level, a core part of the operating system with unrestricted access to your system. It is effective, but this is only compatible with the Windows operating system, making it impossible to play on the Steam Deck/SteamOS, which runs using Linux. But we may see a change soon!
Recently, there was a huge outage for computers that had Windows running on them, which ended up shutting down businesses temporarily and causing major delays at airports. It was a gigantic mess, and it ended up being a company called CrowdStrike's fault. They use a special driver that sits in the kernel to detect viruses and threats across the system, but a bug in its software caused a buggy update, which ended up taking down Windows machines entirely. This was a massive screw-up, and it sounds like Microsoft wants to take action.
According to a report from The Verge's Tom Warren in an article posted on July 26th, it sounds like Microsoft wants to move away from giving kernel access out so willingly. Tom reports about a blog post from John Cable, the vice president of program management for Windows servicing and delivery, where he seems to drop some hints that sounds like they want to find ways around drivers and tools using kernel-level access.
In the post, Cable mentions VBS Enclaves featuring a way to provide an isolated environment that doesn't require kernel drivers, while also mentioning Microsoft Azure Attestation's security advancements. And from the way it sounds, they are looking into moving away from Kernel-level access for tools like these so that nothing as bad as the CrowdStrike outage happens again.
If this happens though, we could see kernel level anti cheats disappear, and I would love that. Being able to play some of these games on Linux would be massive, and taking them on the go with the Steam Deck would be incredible. There are a lot of legal hurdles to cross for this to happen, so everything is still up in the air, but one can dream! It does make it slightly more knowing Microsoft may want it as well, so we will see.
If you enjoyed this article, check out the rest of the content on SteamDeckHQ! We have a wide variety of game reviews and news that will help your gaming experience. Whether you're looking for news, tips and tutorials, game settings and reviews, or just want to stay up-to-date on the latest trends, we've got you covered!
RECENT NEWS
Categories
Recent Tips & GUIDES
recent reviews
It sounds like some of these people have never played an FPS game and that's fine and all but they are currently overrun with cheaters. I don't give a shit what they have to do the cheating epidemic is exactly that an epidemic. In many games it's so bad that there is little point in even playing to begin with as literally every match has them. The guy who's so upset he actually had to add some exceptions perhaps game cheats do not Merit this for you but for many of us they do. I would have no problem keeping a second install on a dual or triple boot with nothing but the games and anti cheat installed if necessary and neither would any of the people I know that actually play some of these games that are in fact inundated with cheaters. On a side note VBS security utterly destroys performance especially game performance. Check out some benchmarks.
Yeah wow. So great. Now multiplayer games will only be fun with people you know in person, and single-player games will cost $100 a pop, or be trash, because fun MP won't exist, and thus won't pay for experience any longer.
Good fun.
I dont think they should go through with this because not only has this only happened once (yes, still caused a cluster fuck for businesses) as far as I know but, kernal level anti-cheat is the only good anti-cheat we have and if that goes away, there will be so many cheaters again.
Does someone here play cs!? :))
The lol community is thriving BCS of theirs anticheat! Every nab player will play another nab player bouth using ther skills on that level. Good anticheat mean new player base and Ur information is not secure at all anyway. No anticheat means the game will be destroyed by cheaters soo no new players will come and play that game, think about splitgame or apex or pubg. Wee need good anticheat in combos with good antivirus and well be safe. But just think about every kid that will try to install cheats to play he's game like others downloading malware from the internet. Personally I wish for good kernel anticheat instead of games dyeing or russian stealing data from kids who download cheats just to play a game and have a chance against other cheaters.HVH is shit, gamer are made to be fun with 0 external assistance to increase ur skill level.
Hope this goes through
Thank God. Hopefully this goes through. Kernel-level access for anti cheats causes so many interoperability issues with NGAVs since most lock down the kernel, which in my experience forced me to add exceptions for every single one into SentinelOne. Also, it isn’t good practice. Normal applications shouldn’t have access to something as sensitive as the operating system kernel. Let alone video games. Cheating in games is a problem, but expanding your customers’ attack surface just for this reason is poor practice.
How many worldwide outages did Crowdstrike prevent by having kernel level access?
Rules are only followed by rule followers. Making a new system rule against granting kernel level access will just make it easier for bad actors who will inevitably find ways to give themselves kernel level access.
If anything, the good guys need more access. Also, cheating in games is already more out of control than it ever has been because the people selling cheats online make more money than the game developers. I stopped playing online games 3 months ago because it just isn't fun anymore with all the cheaters.
This isn’t completely true. The only vendors who should have access to the kernel are security vendors. And this is usually kept to a minimum- in that security vendors use as minimal code as possible for kernel components. SentinelOne’s CEO touched on this:
“Kernel-based protection is nothing new. But [the problem is] the pervasiveness of code that has been put in the kernel [by CrowdStrike], which is totally against best practices. As someone that has been doing this for now 10 years, it's very clear that you want to minimize the amount of code you put into the kernel. This is the most sensitive part of the operating system. And that’s also what the operating system vendor will tell you — to the point that typically, when you put code into the kernel, you need to have it tested and reviewed by the operating system vendor. “
There is no reason for normal, consumer programs to have kernel access. Game cheats do not merit opening a new attack surface. Especially when we have seen game developers like those behind Valorant suffer breaches. While I can understand a security vendor having it, it is usually kept to a minimum. But a game developer like Riot Games isn’t in the field of cybersecurity and doesn’t secure the system as a whole. Punching a hole in the kernel to protect a game and not the kernel itself is nonsensical and outright dangerous.
Also to note - Mac doesn’t have kernel access even for companies like SentinelOne, and the platform still performs just as well at stopping threats as the Windows agent.
See this post, goes into great detail on why kernel access is a terrible idea:
https://gist.github.com/stdNullPtr/2998eacb71ae925515360410af6f0a32
This sounds like it would be a good thing but this just means that game developers would have to get "creative" to implement an effective solution, where there is already a good one. This would mean denuvo-like garbage permeating the OS or the EXE, and you don't want that instead of a little .sys file in the win32 folder.
This is going to backfire hard and I don't really want to see it. Kernel AC was actually one of the appealing things about Windows to developers. Cheap to run & works very well, for consumers & companies.
Not just Anti cheats, but kernel level cheats as well!!! This would be a dream come true
I'm afraid that replacing kernel level anti-cheats with VBS Enclave or Azure Attestation won't help Steam Deck much, as both probably won't work on Proton/Wine.
Since Proton/Wine are not Windows OS, they won't pass Azure Attestation (just like custom ROMs fail to pass Google's attestation) and VBS Enclave requires hardware and OS virtualization suuport, it would probably be difficult to implement (just see that Proton/Wine still do not support Game Services package that newest Forza Motorsport requires to work because that package has similarly deep OS links like VBS Enclave would).
Supposing they find a way to keep the cheats out as well this could be great! Actually kernel level anti-cheat is massive overkill for anything but where prize money is involved.
I'm not entirely sure this is even possible. Drivers by definition have to interact with the kernel for your hardware to function. You'd think if say sandboxing drivers was possible they would have done it long ago and eliminated rootkits and such.
Tbh I'm not really for this. Being able to play games on my steam deck is convenient but not dealing with cheaters is better. It depends on the game and what the experience is on the deck as well. I quit playing CS style games a long time ago but I would never want to play valorant on a steam deck or equivalent and while it could be cool for Cod or BF anti cheats are too easy to get around for hackers. God I wish tarkov had a kernel level anti cheat at this point.
Tarkov does have a kernel level anti cheat its called battleye.
There are still cheaters in every game with kernel anti cheat.
Kernel anti cheat makes it harder to start cheating, but they still can and once they get what they need it's trivial.
But, removing kernel anti cheat, also removes kernel level cheats, so theoretically there's no way for the cheats to hide that requires kernel anti cheat in the first place.
Interesting! As invasive as they are as spyware, I do think they would have to be effective in some sense, no? How else would they go about detecting these hacks that are widely available to the public to use. It's purpose is to act as a drag net and only the private hacks actually get through by obfuscation. Personally, most games with these online anticheats kind of suck in the first place imo so I'd rather them preserve their player base
It sucks that these anti cheat companies need to have full access to the kernel level to detect stuff in memory and such. If only there was a better way of going about it. Is there a counterargument here? Thanks for the article!