Steam is now indicating when a game is using kernel-level anti-cheat software. A good transparency move towards users who don’t like such deeply-encroaching code.
From now on, Steam will indicate the name and type of the anti-cheat packed into each game. This should allow users to make an informed decision before purchasing one. An important clarification, especially on titles that use kernel mode anti-cheats that involve more risks if they fall into the wrong hands. Steam will also contact the developers of older games to update their store pages. Note, however, that Valve doesn’t force developers to disclose regular anti-cheats.
“We’ve heard from more and more developers recently that they’re looking for the right way to share anti-cheat information about their game with players,” says Valve. “At the same time, players have been requesting more transparency around the anti-cheat services used in games, as well as the existence of any additional software that will be installed within the game.”
Disliked by many players due to their security and privacy implications, kernel-level anti-cheats are yet another way for game developers to detect and stop cheaters. Thanks to their low-level privileged access to the system core, they have more authority and control to monitor software interactions and thus detect any malicious code that tries to modify the game’s operations.
While they were fairly effective at the beginning, catching the most sophisticated cheats, the fight against exploits is endless. Nowadays, the latest cheat software circumvents even the most well-known kernel-level anti-cheat software.
With how rampant cheaters are in Valorant and Rainbow Six Siege, it’s easy to question the need for such privileged access to your machine’s root. Given the trade-off, even the placebo and false sense of security having prolific protections like Vanguard and BattlEye in place don’t seem worth it. It only leaves the door open for potential attacks, not to mention privacy.
In a domino effect, some advanced cheats also demand kernel access to circumvent deeper guards, allowing cheat developers to integrate backdoors in their code. Others use modified Windows 11 installers to remove the TPM 2.0/Secure Boot protection. Not to mention the ones using DMA PCIe adapters to read RAM data and transmit it to a different PC for processing by cheat software. The next evolution will probably involve AI, giving it control of the mouse and keyboard by using motorised devices or spoofed microcontrollers.
When it comes to kernel-level anti-cheat, the part that annoys most people is how it initiates on system boot, regardless of whether you launch the game or not. So, if the anti-cheat developer decides to go rogue for some reason, they have full access to do whatever they please. Just to be clear, we are not talking about some hypothetical doomsday scenario here. There was at least one precedent where the Esports Entertainment Association (ESEA) was caught illegally implementing a Bitcoin miner inside its anti-cheat software.
In any case, kernel-based anti-cheats may end up discarded if Microsoft continues with its plans to remove kernel access from other software. This comes as a result of CrowdStrike’s recent debacle, which broke millions of machines and is estimated to have caused around $5 billion in losses. In the meantime, Steam continues claiming users’ appreciation and respect with its stop-gap solution.
