12/28/2025 at 8:33:39 AM
Nice to see anti-cheats working and protecting Linux players from hacks, by preventing them from actually playing the game.by butz
12/28/2025 at 2:58:39 PM
These changes are occurring in a server backend database. They’re not client side cheats.The people receiving the credits aren’t even the ones initiating the changes.
Also many anti-cheat packages do have Linux versions. The primary reason you’re not getting ports for Linux is because companies don’t want to do the port and support all versions of Linux clients they would encounter in the very tiny number of additional installs.
by Aurornis
12/28/2025 at 4:54:43 PM
Proton is a single build target, and it's just the Windows build target.by netbioserror
12/28/2025 at 6:34:16 PM
Valve maintains a 'Steam Runtime', which is similar to a docker container, to ensure it's easy to develop games that run on many distributions.by tpxl
12/28/2025 at 6:23:34 PM
Exactly, this argument wasn’t a good one 10 years ago and it definitely isn’t one now.by reactordev
12/28/2025 at 7:20:09 PM
The problem is kernel level cheats, can't defend against those from pure userland.by mschuster91
12/28/2025 at 7:29:13 PM
Soon: The problem is DMA level cheats, can't defend against those from the kernel.by seba_dos1
12/28/2025 at 8:03:32 PM
Oh those are already here, Its why Battlefield needs Secureboot turned on so it can use the IOMMU to protect the game kindaby jetbalsa
12/28/2025 at 1:38:34 PM
Games using Easy AntiCheat can opt in to Linux support. Arc Raiders runs on Linux (but not in VMs) whereas Fortnite does not, because Epic has chosen not to support Linux. Ironic given Tim Sweeney's supposed anti-monopoly stance.by cedws
12/28/2025 at 3:03:17 PM
Sweeney isn’t anti-monopoly, he’s pro-Sweeney. He sees an opportunity to let others do the work and investment to build platforms, then selectively swoop in to compete once the risk and investment pay off.It’s not a bad business model if he can get the courts on his side: let others spend billions and take risks, then cherry pick the successful platforms and compete with their distribution using a cost basis that doesn’t have those up-front costs and risks.
by brookst
12/28/2025 at 3:25:59 PM
> He sees an opportunity to let others do the work and investment to build platforms, then selectively swoop in to compete once the risk and investment pay off.Sure. Just as long as you agree Google and Apple let others do the work and investment to develop new games, apps and media, then swoop in and demand a cut if the risk and investment pay off.
by michaelt
12/28/2025 at 7:58:06 PM
They don't automatically take a cut, they only take a cut when you want to sell to their captive audience, on their hardware, using their distribution system.Wait until you hear about how the entire entertainment industry has always worked!
by EA-3167
12/28/2025 at 10:27:02 PM
Their hardware, huh?You're right, customers don't really own an iphone, even if they've paid $1000 for it.
by michaelt
12/29/2025 at 2:04:02 AM
Surely in context, and reading the most charitable interpretation, you understood that the hardware I was referring to isn’t the end user’s device.by EA-3167
12/28/2025 at 6:52:35 PM
He sees an opportunity to let others do the work and investment to build platforms^H^H^H^H^H^H^H^H^H apps, then selectively swoop in to compete once the risk and investment pay off.If that's not a flawless description of a walled-garden app store, I can't imagine what would be.
by CamperBob2
12/28/2025 at 6:24:32 PM
Tim Sweeney is anti other-people’s-monopoly. He’s happy to support his own.by reactordev
12/28/2025 at 6:02:14 PM
> because Epic has chosen not to support LinuxBecause Epic doesn’t want payhack configs to be advertised in whatever leaderboards Fortnite has, like CS2 had for a while.
by not_a9
12/28/2025 at 7:17:43 PM
Fortnite is easy to run in a hypervisor and also cheaters are using hardware DMA to cheat these days anyway. The proposition that Linux enables more cheating relative to Windows is unproven.by cedws
12/28/2025 at 2:23:57 PM
> Ironic given Tim Sweeney's supposed anti-monopoly stance.This doesn't really make sense. If you are implying he is FOR monopoly, he would want the game on every possible platform right? He loses money by not having more players playing his game.
by bhargav
12/28/2025 at 2:48:54 PM
That's why it's ironic. Maybe you're missing the context of the iOS App Store case, which is why he is supposedly anti monopoly.by Zambyte
12/28/2025 at 2:34:16 PM
The person you replied to obviously referred to the Windows monopoly.by Hendrikto
12/28/2025 at 1:40:20 PM
This hack has nothing to do with client cheats.by Thaxll
12/28/2025 at 1:03:58 PM
"kernel anti-cheat" is actually a re-branding of "anti-(non steamdeck)-linux" software, probably to please msft (since sole beneficiary). We all know they are inefficient and weaponized by hackers.You know on linux there is a feature for a process to snoop into another process, that for the same user (non root), can be use for anti-tampering: with a proper "security" team, as all live-service games should have, you can give hell to hackers without a kernel module...
by sylware
12/28/2025 at 6:05:47 PM
> We all know they are inefficient and weaponized by hackers.Name an exploit in EAC/BattlEye/Vanguard/FaceIT/whatever other big name anticheat middleware (though Vanguard and FaceIT don’t sell their services I think) that has actually been used for anything.
Genshin Impact’s driver got used as a vulnerable driver that one time, yeah. EAC had an exploit to inject your own code into processes, but that quickly got patched (https://blog.back.engineering/10/08/2021/).
by not_a9
12/28/2025 at 8:26:53 PM
ESEA's anticheat was used to mine Bitcoin on the players' computers. They are/were a major competitor of FaceIt. They supposedly had to pay a $1 million settlement over it.So not an exploit, but even worse.
by Aerroon
12/29/2025 at 10:40:44 AM
Well, I read HN. I did stop counting.Unless you beleive in the conspiracy of AI generated news on HN.
You are the same type of guys who is going to try to sell 'computer security' as a deliverable, thing which does not exist.
Please, stop that.
by sylware
12/28/2025 at 1:34:49 PM
How trivial is it to pretend to be a steam deck?by firtoz
12/28/2025 at 1:38:56 PM
In what context? To show up at work and convince everyone you’re a steam deck?Thats probably pretty difficult.
by jdubs1984
12/28/2025 at 1:52:25 PM
Easy enough with the right costume and plenty of confidence.by westmeal
12/28/2025 at 1:52:31 PM
Man, even "Area 51 has aliens" is a better and more backed up conspiracy theory than this. Kernel AC isn't to please MS, nor is it to shit on Linux/Steam Deck. They don't matter. They're inexistent. They're a blip of very vocal users that keep believing that Proton is going to save them from EA making shit games.KACs exist because they want to have higher privileges to not be injected into, closed or otherwise touched by any other process. That's also why a bunch of them have started to ask for Secure Boot, so that they can guarantee at least some chain of trust that ensures you've probably not tampered with your machine.
Your Linux example 1/ turns anti cheats into not only something that analyzes what runs on your machine, but actively tries to attack it, which is the textbook definition of malware, but also a gigantic liability should you happen to say, write into word.exe because you fucked up and thought it was a cheat. 2/ turns it into an infinite game of chasing each others with you injecting into cheats, cheats injecting into you, back and forth. In addition, you're running on an actively hostile machine with a hostile user that _wants_ to fuck over your anti cheat.
Please do some proper research on the subject.
by well_ackshually
12/28/2025 at 3:47:01 PM
A user level anti-tampering software (and more with such linux feature) is not a kernel module which is weaponized by hackers.by sylware
12/28/2025 at 1:45:00 PM
Kernel anti cheat in the client are the strongest form of protection by far, your comment makes no sense, anything userspace is easily spoofed. You can create a driver ( module ) that intercept calls and that is completely invisible to userspace processes.The default security measures on Linux are pretty bad compared to windows, it's not even close. People like to bash windows but they have a way better security model.
by Thaxll
12/28/2025 at 1:56:27 PM
1 - kernel module from anti-cheats are weaponized by hackers.2 - if I recall properly, that linux feature is a direct mapping of the target user process allowing extreme dynamicity in time, performant, and much more powerfull mechanisms than basic 'calls'. Namely hell for hackers if a live service game has a proper "security" team, all that without a kernel module.
by sylware
12/28/2025 at 3:40:13 PM
What are you even talking about?The parent is right.
I'm quite literally the first person to bash Windows for being a shitty operating system, but the requirement for signed modules puts a massive barrier to entry for cheaters, where Linux can load just about anything.
If every system call can lie to you, there's a few things you can do, but it's not many.
I know this because I've actually done a lot of due diligence on anti-cheat.
One mechanism I attempted to employ was to replay initalisation vectors and determinism of inputs; this means I could replay your session out of band and witness the same outcomes. If there was variation then there's a fault. Except as soon as you introduce floating point numbers there's no more determinism... Oh well.
The other was to watch for "impossible" things, but then you need to run full complex physics simulations for every client. If your game requires you to effectively buy an i7-11700k for every user then you'd have to sell your game for a lot more money, and limit how long they can play - nobody wants this.
The third option was to score our best players and anyone who performs better than that gets their behaviour tracked. The problem is, coming up with a scoring system that's server side is much harder than you think.
GameDevs don't actually like paying a shit load of money for anti-cheat (that also breaks their debugging systems and causes bugs: a wonderful combination)... so if you've got a better way: join the industry and fix it. You'll be a moderately wealthy person.
by dijit
12/28/2025 at 7:26:48 PM
> GameDevs don't actually like paying a shit load of money for anti-cheat (that also breaks their debugging systems and causes bugs: a wonderful combination)... so if you've got a better way: join the industry and fix it. You'll be a moderately wealthy person.I got a better way... just look at the past. Back in ye goode olde UT2004 times, there was no random matchmaking / ranking bullshit that removed the social element, game licenses cost money, people ran their own servers, and if you pissed off server mods enough, no matter if you were a cheater, a suspected cheater, or just an asshole, your serial got banned - sometimes, across a fleet of servers that shared ban lists. Cheating had costs associated.
But of course, that means you can't lure in whales with free to play games and loot them via microtransactions any more...
by mschuster91
12/28/2025 at 10:06:15 PM
This ignores that community servers basically invented client anticheats. Almost all the current 3rd party anticheats started for community servers. Even Quake 3 Arena was updated with Punkbuster at some point.You still see this with modern day servers. Modded GTA V, FiveM, had additional anticheat even before the unmodded game added anticheat. Part of the appeal of CS2 servers, Face-IT and ESEA, is the additional anticheats.
by ThatPlayer
12/28/2025 at 8:26:35 PM
I played Warcraft 3 competitively in the "goode olde" times. Ladder was full to bursting with maphackers. It was still the way most people played, even though it also fully supported custom lobbies/rooms, which were used plenty for DotA, but almost never for random 1v1 matches. It sucked.You don't have a better way. You have a nostalgic memory of how games should be played which doesn't match what people in a modern audience expect. It's like saying the solution to cell phones tracking you is to use a landline, because that's how we used to do things.
by mjr00
12/28/2025 at 7:29:19 PM
Thats a cynical take.The truth is that UT2004 sold 234,451 units over its life according to Wikipedia.
The Division sold over 10,000,000 copies in the first weekend.
The requirements change drastically when you have a larger audience.
by dijit
12/28/2025 at 7:51:53 PM
> Thats a cynical take.Primarily driven by my utter disgust for modern monetization mechanics, corporate greed and gambling. Cheaters, IMHO, are an inevitable side effect of combining gamification with gambling, with no barriers to entry, and with removing social barriers of entry.
> The requirements change drastically when you have a larger audience.
The market has exploded in the 12 years between UT2004 and The Division.
by mschuster91
12/28/2025 at 7:57:17 PM
> The market has exploded in the 12 years between UT2004 and The Division.Yes, and you can’t assert that it didn’t happen at least in part due to efforts to make games more accessible.
You couldn’t release a game like UT2004 today with the same UX and expect competitive sales. Even if you did, the experience would scale very poorly.
by dijit
12/28/2025 at 8:08:36 PM
If companies have the ability to control the binaries that run on your PC, and prevent you from running the ones you want, you're cooked.by esseph
12/28/2025 at 3:58:20 PM
What are you talking about?1 - kernel anti-cheats ARE weaponized by hackers. This is not a matter of discussion unless you are into the AI generated HN news conspiracy.
2 - this linux feature should provide (if I recall properly) a very complex and flexible (not limited to "calls"), and performant, set of interactions between a set of anti-cheat processes and the set of game processes. All that as being non-root priviledge (I think you must be have the same effective user id). The actual and real parameter is the level of competence and creativity of the "anti-cheat" team which is a requirement of any "live-service games" with frequent updates.
3 - for FPS games where aiming skill is critical, anti-cheat are close to useless due to "external" AI based aim assist hardware.
by sylware
12/28/2025 at 6:44:15 PM
1. They're not, not sure where you've seen that, not in western games at least.by Thaxll
12/28/2025 at 8:12:15 PM
> "The researchers investigated the techniques used in online game cheating, as well as those deployed by ‘anti-cheat’ technologies. Most modern anti-cheat engines run in the Windows kernel, alongside applications such as anti-virus, at the highest levels of privilege. Software can only run in the Windows kernel if it has been approved and signed by Microsoft. This makes it more powerful than software run normally by the user. An example of kernel level software is the Crowdstrike system that recently failed, bringing down large parts of the internet."> "While the anti-cheats are allowed in the kernel by Microsoft, the study also revealed that cheat software commonly uses weaknesses in Windows protections to ‘inject’ itself into the kernel and gain higher privileges. Many techniques mirror what is commonly seen in the domains of malware and anti-virus, with a difference in motivation."
> "This kernel injection technique has previously been observed in advanced ransomware attacks to disable anti-malware protections before the main attack."
by esseph
12/28/2025 at 11:20:32 PM
None of that talk about exploiting anti cheats, nowhere. Not a single concrete example.The goal of cheats is to make money not to hack PCs.
by Thaxll
12/29/2025 at 1:24:32 AM
https://www.threatshub.org/blog/ransomware-actor-abuses-gens...> Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
by esseph
12/29/2025 at 11:04:21 AM
In the current state of things, YOU have to provide the proof a kernel anti-cheat is not weaponized by hackers (yet...). It is now common knowledge, kernel level anti-cheats are leveraged by hackers.And we all know this is fully hypocrit. "Computer security" does not exist, but for sure, adding a "gaming" _kernel module_ won't improve anything there... (irony).
by sylware
12/28/2025 at 5:06:15 PM
I’ve seen so many cases of cheaters online where even the most braindead of checks would neuter most cheats:Are they moving faster than conceivably possible by a real player? Even the most basic (x2-x1)/t > twice the theoretical will catch people teleporting or speed hacking.
Is their KDR or any other performance metric outside 5 standard deviations from the mean?
Here’s one: is everyone they encounter reporting them for cheating along with one of the above? Do people leave their matches constantly?
Defining and detecting objectively impossible things is not impossible.
by transcriptase
12/28/2025 at 6:01:21 PM
Yeah, we do those things.1) they’re not foolproof
2) there is a delay in aggregating the data
this has annoying effects when the game has a trial period/goes on sale/has lots of cheap CD keys floating around.
3) if you weren’t delayed then the cheaters get better at adjusting to how you catch them.
We actually do a lot of statistical analysis, but it works in tandem with endpoint anti-cheat, and would hardly work at all alone.
by dijit
12/28/2025 at 6:53:44 PM
I know when I spent a lot of time dealing with fraud in a different market, the most effective tool was to catch and shadowban the accounts rather than banning them.If we banned them, they just created a new account and kept doing the same things.
When we detected them and the isolated them from all other good standing accounts, only allowing them to interact with other shadowbanned users, it virtually solved the problem. Normal users went about their day and the cheaters/fraudsters wasted a lot of time never getting through to anyone.
In gaming it seems like creating a cheaters purgatory where they are stuck competing against other cheaters forever would probably end up being its own special league after a while. Like when people suggested steroids in pro-baseball should be legal.
by brightball
12/29/2025 at 10:55:47 AM
And to manage this purgatory and detect the accounts which will end up there, a live-service game needs an active, permanent and competent team of honnest people, period. If a game studio is not ready to do just that for its live-service game, it has to stop developping that game and move to another type of game.Give this team server side data, user level 'traps' and 'pitfalls' with frequent updates (they do that for dota2 and probably cs2, they don't need a kernel module), and you should end up with a rather sane gaming experience.
by sylware
12/28/2025 at 6:56:41 PM
Yeah, we actually discussed doing something like that.That's what GTA5 did (though, they marked you with a dunce cap)...
.. even though it's a good idea (and we nearly implemented it actually), there's probably a reason that GTA5 is still plagued with cheaters.
by dijit
12/28/2025 at 6:40:49 PM
Scoring ect ... is kind of useless because it's not a proof, basically it means nothing tangible to be able to ban with 100% confidence. That's why ML is not good for detecting cheaters.It gives a score that is hard to use.
by Thaxll
12/28/2025 at 8:30:14 PM
>Are they moving faster than conceivably possible by a real player? Even the most basic (x2-x1)/t > twice the theoretical will catch people teleporting or speed hacking.This is how I imagine Amazon ended up banning a large amount of players for speedhacking. The players were lagging. I'm guessing their anti-lag features ended up moving them faster than the anti-cheat expected.
But I agree that a combination approach would probably work.
by Aerroon