i was right (again).

Low Level

11 Aug 202510:14

Summary

TLDRThe video discusses the growing issue of kernel-level anti-cheat systems in gaming, focusing on Riot Games' Vanguard and its conflicts with other games like Battlefield 6. These anti-cheat programs operate at a high privilege level, raising security and privacy concerns, as they have access to a player's entire system. The video explores how these anti-cheat systems can interfere with one another, creating compatibility issues, and potentially exposing users to risks like malware. The host also highlights the challenges posed by this new era of gaming security and the possible future implications for consumers and system safety.

Takeaways

😀 Kernel-level anti-cheat programs like Riot Vanguard and EA's anti-cheat are causing conflicts between games, preventing installation when they detect each other.
😀 Riot Vanguard is a kernel-level anti-cheat that runs continuously from system boot-up, even when the game isn't active, raising privacy and security concerns.
😀 These anti-cheat programs have privileged access to the system, meaning they can access other software running on the computer, posing potential privacy risks.
😀 Cheating in games is typically done by programs that interact with game memory to give players unfair advantages, like revealing hidden enemies.
😀 Kernel-level anti-cheats aim to prevent this by having a higher privilege to monitor and stop such hacks, but they come with their own set of vulnerabilities.
😀 The increasing number of publishers using kernel-level anti-cheats (Riot, EA, Epic) is leading to compatibility issues between different games.
😀 The main concern with kernel-level anti-cheats is that they create an 'arms race' where different publishers fight for control over specific parts of system memory, risking system instability.
😀 If two games with different anti-cheats are installed, the conflicting programs could cause crashes or system failures due to overlapping privileged access.
😀 Microsoft's ongoing efforts to reduce the need for kernel-level anti-cheats are aimed at minimizing security risks and protecting user privacy.
😀 There are concerns that moving code into the kernel for gaming purposes will expose users to greater security risks, similar to incidents like the 2024 Crowdstrike event that affected global systems.

Q & A

What is the main issue discussed in the video?
-The video discusses the growing problem of conflicts between kernel-level anti-cheat systems in video games, which can lead to issues like game incompatibility, privacy concerns, and security vulnerabilities.
What is a kernel-level anti-cheat system?
-A kernel-level anti-cheat system operates with high privileges on a computer, monitoring and controlling the system at the kernel level to prevent cheating programs from interfering with the game. This makes it capable of detecting cheats that run at the same privilege level as the game itself.
Why does *Battlefield 6* not work if *Valorant* is installed?
-The issue arises because *Valorant* uses Riot Games' Vanguard, a kernel-level anti-cheat system, which conflicts with other anti-cheat systems, like the one used by *Battlefield 6*. The two systems attempt to interact with the system's kernel in incompatible ways, leading to installation and runtime issues.
What are some concerns about the privacy implications of kernel-level anti-cheat systems?
-One of the concerns is that these anti-cheat systems have privileged access to a user’s computer, raising the possibility of unauthorized data collection, such as private user activity, which could be sent back to the publisher’s servers without the user's consent.
How do kernel-level anti-cheat systems work to prevent cheating?
-Kernel-level anti-cheat systems operate at a very privileged level of the computer’s operating system, allowing them to inspect and control other processes. They can detect cheat programs by looking for known signatures or suspicious behaviors, such as reading or modifying the memory of legitimate game processes.
What technical vulnerability is associated with kernel-level anti-cheat systems?
-A key vulnerability is that these anti-cheat systems, running with high privileges, can be exploited by malicious software, such as ransomware, to bypass security measures like antivirus programs. For example, ransomware can use vulnerabilities in these systems to disable antivirus protections and carry out attacks.
What is Riot’s Vanguard anti-cheat system and why is it particularly invasive?
-Vanguard is Riot Games' kernel-level anti-cheat system, which operates as a boot-time driver, meaning it runs as soon as the computer starts and continues running until it is shut down. It hooks into the operating system’s system calls and even alters control registers, making it one of the most invasive anti-cheat systems on the market.
What could happen if two kernel-level anti-cheat systems interact incorrectly?
-If two kernel-level anti-cheat systems try to interact with the same part of the system's kernel at the same time, they could cause crashes or other malfunctions in the operating system. This is why certain games with conflicting anti-cheat systems, like *Battlefield 6* and *Valorant*, cannot be installed together.
Why are there concerns about running multiple kernel-level anti-cheat systems on the same computer?
-The primary concern is that these anti-cheat systems can conflict with each other, potentially causing system instability. Additionally, the use of such systems creates a broader security and privacy risk, as they have deep access to the system and can expose users to malicious attacks or unauthorized data collection.
What solution does Microsoft propose to address kernel-level security concerns?
-Microsoft is working on testing changes to move certain security functions, like anti-virus and anti-cheat systems, out of the kernel. This would reduce the privileged access that these systems have, potentially improving both security and privacy for users.